Closed Bug 1710749 Opened 4 years ago Closed 4 years ago

Website filter can be bypassed with reader mode

Categories

(Firefox :: Enterprise Policies, defect, P2)

defect

Tracking

()

VERIFIED FIXED
90 Branch
Tracking Status
firefox-esr78 --- verified
firefox90 --- verified

People

(Reporter: mkaply, Assigned: mkaply)

Details

Attachments

(1 file)

From:

https://github.com/mozilla/policy-templates/issues/767

The Website Filter policy is not always useful if the user can simply add about:reader?url= at the beginning of the URL he/she wants to "unblock".

I already have a case for view-source, just need to add about:reader

Assignee: nobody → mozilla
Status: NEW → ASSIGNED
Pushed by mozilla@kaply.com: https://hg.mozilla.org/integration/autoland/rev/abb16f9ad6a3 If a website is blocked via policy, block about:reader r=emalysz
Status: ASSIGNED → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
Target Milestone: --- → 90 Branch

Comment on attachment 9221815 [details]
Bug 1710749 - If a website is blocked via policy, block about:reader r?emalysz!

ESR Uplift Approval Request

  • If this is not a sec:{high,crit} bug, please state case for ESR consideration: Policy only change, parity with beta
  • User impact if declined: Pages blocked by policy can be viewed in reader mode
  • Fix Landed on Version: 90
  • Risk to taking this patch: Low
  • Why is the change risky/not risky? (and alternatives if risky): Policy only, has test.
  • String or UUID changes made by this patch:
Attachment #9221815 - Flags: approval-mozilla-esr78?

Comment on attachment 9221815 [details]
Bug 1710749 - If a website is blocked via policy, block about:reader r?emalysz!

Approved for 78.12esr.

Attachment #9221815 - Flags: approval-mozilla-esr78? → approval-mozilla-esr78+
Flags: qe-verify+
QA Whiteboard: [qa-triaged]

Reproduced on Firefox Nightly 90.0a1 (2021-05-11) (20210511093339) on Windows 10.
Verified > Fixed on Firefox Beta 90.0 (20210705185941) and Firefox 78.12.0esr (20210610190845) on Windows 10.

Status: RESOLVED → VERIFIED
QA Whiteboard: [qa-triaged]
Flags: qe-verify+
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: