Closed Bug 1760417 Opened 2 years ago Closed 2 years ago

Some abnormal URLs in other applications cause firefox open unexpected new inoperative window

Categories

(Core :: Security: CAPS, defect)

Product:
Core
Component:
Security: CAPS
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
101 Branch
Tracking Flags:
Tracking Status
firefox101 --- fixed

People

(Reporter: yamadat501, Assigned: mconley)

Details

Attachments

(2 files)

bugwindow.png
75.69 KB, image/png
Details
Bug 1760417 - Make ContentPrincipal more reliable for URIs in the form of scheme://.origin.tld. r?nika!,ckerschb!
48 bytes, text/x-phabricator-request
Details | Review

STR:

  1. Copy and paste URL shown below to some applications that treats string starts with http:// as URL.
    https://.twitter.com/M5fv44m/status/1504475608884998154
  2. Open URL form other applications.

Expected Results:
Open URLs as error.

Actual Results:
Unexpectedly, open new window and some of components like menu, bookmark toolbar etc. doesn't work.

I confirmed it at nightly and probably happens at releases by a person reported it to me.

Attached image bugwindow.png

Screenshot of unexpectedly opened window.

Its UI is completely different from the UI in my settings.

I see this through Windows Terminal, pasting the URL in there and opening with Ctrl+Click.

Also if I context menu>Open in New Window that link then the window can't be closed but the close tab button works

In Mac you can reproduce this with open -a /Applications/Firefox.app "https://.twitter.com/M5fv44m/status/1504475608884998154"

I looked at this briefly. The problem is that during startup, when we're computing which content process to load the first tab into via E10SUtils' validatedWebRemoteType, we try to parse the siteOrigin out from the URI, and an exception gets thrown in the STR. That exception, because it's occurring so early within the browser startup sequence, causes a whole series of things to break.

I think I have a solution to make us more resilient here.

Assignee: nobody → mconley
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Component: General → Security: CAPS
Product: Firefox → Core
Attachment #9270128 - Attachment description: Bug 1760417 - Make sure we handle the case of an invalid site origin when computing which process type to prefer in E10SUtils.jsm. r?nika! → Bug 1760417 - Make ContentPrincipal more reliable for URIs in the form of scheme://.origin.tld. r?nika!,ckerschb!
Pushed by mconley@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/4c091571c918
Make ContentPrincipal more reliable for URIs in the form of scheme://.origin.tld. r=nika,ckerschb

https://hg.mozilla.org/mozilla-central/rev/4c091571c918

Status: ASSIGNED → RESOLVED
Closed: 2 years ago
status-firefox101: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 101 Branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: