Closed Bug 1790913 Opened 2 years ago Closed 1 year ago

DOS - The long parameter hangs the Fenix homepage, making Fenix unusable

Categories

(Fenix :: General, defect, P3)

Product:
Fenix
Component:
General
Platform:
All
Android
Type:
defect

Tracking

(firefox104 wontfix, firefox105 wontfix, firefox106 wontfix, firefox107 wontfix, firefox108 fixed)

Status:
RESOLVED FIXED
Milestone:
108 Branch
Tracking Flags:
Tracking Status
firefox104 --- wontfix
firefox105 --- wontfix
firefox106 --- wontfix
firefox107 --- wontfix
firefox108 --- fixed

People

(Reporter: cpeterson, Assigned: skhan)

References

(
URL
)

Details

(Keywords: csectype-dos, dataloss, sec-moderate)

Attachments

(2 files)

0001-Create-extension-for-truncating-urls.patch
4.83 KB, patch
amejia
: review+
Details | Diff | Splinter Review
0001-Truncate-urls-to-prevent-slowing-down-of-UI.patch
9.47 KB, patch
amejia
: review+
Details | Diff | Splinter Review

+++ This bug was initially created as a clone of Bug #1759951 +++

As Irwan reported in bug 1759951 comment 47, this bug is still reproduce with different STR. Since the toolbar hang with the original STR was fixed, I'm opening this new homepage bug for the new STR.

On Firefox 104 and Nightly 106 on a Samsung Galaxy A32 (a mid-range device) running Android 12:

  1. Open this bug in Firefox.
  2. Click the link this bug's URL field.
  3. Firefox loads the "494 ERROR" page in a new tab without freezing. 🙂
  4. Close the "494 ERROR" tab and return the Bugzilla tab.
  5. Close the Bugzilla tab, returning to Firefox's home page.
  6. Then Firefox hangs. 🥶
  7. Force quit Firefox and launch it again.
  8. Firefox hangs again on the home page. 🥶

To recover, I have to clear Firefox's app storage data in Android's Settings.

csadilek debugged this homepage hang and says (in bug 1759951 comment 50):

The original patch here fixed the problem occurring in the toolbar, but I created a new profile based on Chris's STR, and it shows the same problem now being hit on the home fragment. We're hitting Android's android.graphics.text.LineBreaker.nComputeLineBreaks again which blocks for an extended period of time.

Let's truncate long URLs on all home screen sections, and also write an extension function so we don't keep running into this with new functionality.

Thank @chris,
Have opened this issue separately.

So when will the fixes be implemented?

Regards, @irwan

sec-moderate -> P3

Priority: -- → P3

sec-moderate -> S3

Severity: -- → S3
Assignee: nobody → skhan

Hi, any updates?
I see the version has 106.1.0 (Build #2015909131), the bug is still working?

Bug is fixed and should be available in nightly version 108

thanks @sarah, On confirmation.

Hi, I am attaching two patches for review.

Attachment #9300287 - Flags: review?(amejiamarmol)
Attachment #9300289 - Flags: review?(amejiamarmol)
Attachment #9300287 - Flags: review?(amejiamarmol) → review+
Attachment #9300289 - Flags: review?(amejiamarmol) → review+
Component: Security: Android → General

(In reply to Sarah from comment #5)

Bug is fixed and should be available in nightly version 108

In that case, I will resolve this bug as fixed in 108.

I'm leaving this fixed bug private until we verify whether this fix also fixed bug 1759951.

Status: NEW → RESOLVED
Closed: 1 year ago
status-firefox107: affectedfixed
status-firefox108: affectedfixed
status-firefox-esr102: unaffected → ---
Resolution: --- → FIXED
Group: mobile-core-security → core-security-release
Blocks: CVE-2022-36317
See Also: CVE-2022-36317
status-firefox107: fixedwontfix
Target Milestone: --- → 108 Branch

Per bug 1759951 comment 50 the original fix didn't cover the whole problem, so this additional aspect should have also gotten a bounty nomination

Flags: sec-bounty?
Flags: sec-bounty? → sec-bounty+
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: