Closed Bug 1896298 Opened 1 year ago Closed 1 year ago

Proxy Bypass in Firefox on startup

Categories

(Core :: Networking: Proxy, defect, P2)

Product:
Core
Component:
Networking: Proxy
Type:
defect

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: karasukerem, Unassigned)

References

Details

(Keywords: reporter-external, Whiteboard: [reporter-external] [client-bounty-form] [verif?][necko-triaged][necko-priority-queue])

Attachments

(1 file)

Firefox Browser Proxy-Bypass on Startup.pdf
155.95 KB, application/pdf
Details

In Firefox there is a bug that allows users to send/receive requests on startup without those getting routed to the configured proxy.
For details please check the report

Note: Didn't knew it should be reported here so I have sent this report via email as well(from karasukerem@hotmail.com)

Flags: sec-bounty?
Group: firefox-core-security → network-core-security
Component: Security → Networking: Proxy
Product: Firefox → Core
Duplicate of this bug: 1896438
Severity: -- → S2
Priority: -- → P2
Whiteboard: [reporter-external] [client-bounty-form] [verif?] → [reporter-external] [client-bounty-form] [verif?][necko-triaged][necko-priority-queue]

Hi Reporter,

I am not sure how this can happen.
Could you try to record a http log right after restarting Firefox?
Note that we need to see what happens during startup, so please make sure the necessary environment variables are setup before starting Firefox.

Thanks.

Flags: needinfo?(karasukerem)

(In reply to Kershaw Chang [:kershaw] from comment #2)

Hi Reporter,

I am not sure how this can happen.
Could you try to record a http log right after restarting Firefox?
Note that we need to see what happens during startup, so please make sure the necessary environment variables are setup before starting Firefox.

Thanks.

Sure, I will try to update you with those logs aswell

Flags: needinfo?(karasukerem)

Sorry, forgot to mention: please also add proxy:5 to the MOZ_LOG env.
Thanks.

(please clear the needinfo flag once the log is provided)

Flags: needinfo?(karasukerem)

(In reply to Kershaw Chang [:kershaw] from comment #4)

Sorry, forgot to mention: please also add proxy:5 to the MOZ_LOG env.
Thanks.

(please clear the needinfo flag once the log is provided)

Hi, so i just tested the bug with the logs and found out that i have made mistake.

The request is not shown on the proxy since the website loads from cache on startup instead of sending a request.

Sorry for my misinterpretation of the case

2024-05-14 15:39:13.962587 UTC - [Parent 1908: Main Thread]: D/nsHttp nsHttpChannel::ReadFromCache [this=7f3831c1c200] Using cached copy of: http://example.com/
2024-05-14 15:39:14.021381 UTC - [Parent 1908: Main Thread]: D/nsHttp nsHttpChannel::ReadFromCache [this=7f381eb66000] Using cached copy of: http://example.com/favicon.ico
Flags: needinfo?(karasukerem)

Thanks! I assume this can be closed as INVALID.

Status: UNCONFIRMED → RESOLVED
Closed: 1 year ago
Resolution: --- → INVALID
Group: network-core-security
Flags: sec-bounty? → sec-bounty-
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: