Closed Bug 1897136 Opened 2 years ago Closed 1 year ago

Fix HTTPS->HTTP downgrades when using proxies

Categories

(Core :: DOM: Security, defect)

Product:
Core
Component:
DOM: Security
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
140 Branch
Tracking Flags:
Tracking Status
firefox140 --- fixed

People

(Reporter: simonf, Assigned: simonf)

References

(Blocks 1 open bug)

Details

(Whiteboard: [domsecurity-active])

Attachments

(1 file)

Bug 1897136 - Fix HTTPS first downgrades for proxies r=maltejur,valentin
48 bytes, text/x-phabricator-request
Details | Review

For HTTPS first we want to treat NS_ERROR_UNKNOWN_HOST as an HTTPS
related error because it might be a 404 returned by a proxy (see
HttpProxyResponseToErrorCode). For the HTTPS-only case we don't want
that because it almost always is an unrelated error and the users would
have to confirm the interstitial every time to find out.

Assignee: nobody → sfriedberger
Depends on: 1894662
No longer depends on: 1894662
See Also: → 1894662
Depends on: 1897075
See Also: → 1897148
Whiteboard: [domsecurity-active]
Severity: -- → S3
Blocks: https-first-mode
No longer blocks: 1719271
No longer depends on: 1897075
Depends on: 1897075
No longer depends on: 1897075

The practical relevance of weird proxy setups is low. The error mode here is that we fail to downgrade to an insecure connection in which case a user can manually switch to an explicit http:// scheme. The actual security impact seems to be minimal since the CONNECT case is not affected and in other cases no secure connection to the destination is achieved anyway. Valentin, do you agree?

I suggest we WONTFIX.

Flags: needinfo?(valentin.gosu)
Status: NEW → RESOLVED
Closed: 1 year ago
Flags: needinfo?(valentin.gosu)
Resolution: --- → WONTFIX
Status: RESOLVED → REOPENED
Resolution: WONTFIX → ---

Okay, this is not a security issue but it might be a usability issue. Skipping downgrades might lead to people seeing connection failures where an HTTP connection would have worked.

For HTTPS first we want to treat NS_ERROR_UNKNOWN_HOST as an HTTPS
related error because it might be a 404 returned by a proxy (see
HttpProxyResponseToErrorCode). For the HTTPS-only case we don't want
that because it almost always is an unrelated error and the users would
have to confirm the interstitial every time to find out.

Attachment #9484982 - Attachment is obsolete: true
Attachment #9484982 - Attachment description: Bug 1897136 - Fix HTTPS first downgrades for proxies r=maltejur,freddyb → Bug 1897136 - Fix HTTPS first downgrades for proxies r=maltejur,valentin
Attachment #9484982 - Attachment is obsolete: false
See Also: → 1897075
Pushed by sfriedberger@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/a6b70bf9b1b3 Fix HTTPS first downgrades for proxies r=maltejur,valentin,extension-reviewers,robwu

https://hg.mozilla.org/mozilla-central/rev/a6b70bf9b1b3

Status: REOPENED → RESOLVED
Closed: 1 year ago1 year ago
status-firefox140: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 140 Branch
Regressions: 1850636
Regressions: 1967886
QA Whiteboard: [qa-triage-done-c141/b140]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: