Closed Bug 414668 Opened 14 years ago Closed 11 years ago
Verify that AUS doesn't allow updates from http URLs
From distribution customizations sec. review- The fear is that someone might create a customized distribution and change the AUS update URL to point to some server under their control, and inadvertently use an insecure update method. This is not specific to customized distributions, just possibly more likely in that case.
Just to clarify, the idea is that the software update code in the app should require that the query go over https ? Looks like AUS is currently using a 302 to redirect http requests to https.
That's correct, the idea is for the client to not make http requests, only https. Talking to Rob Strong yesterday, he said that software update was shared functionality amongst several applications (it's in toolkit), and that requiring https would be an unreasonable requirement to impose on all applications. So, not knowing much of software update, I'm not sure if we could easily do this for Firefox only, or if we want to make a note to warn people making customized distributions and leave it at that. Note: distribution.ini doesn't have a specialized field (mandatory or otherwise) for setting the AUS ping URL. It simply allows for setting any pref, which the AUS URL [template] is.
What software is it ok to update insecurely?
Intranet software, maybe? (I'm playing devil's advocate here...)
(In reply to comment #4) > Intranet software, maybe? > > (I'm playing devil's advocate here...) correct There is the option to allow updating over http and app's can enforce requiring https by either defining certificate checks as was added by bug 544442 for Firefox or by adding an app.update.certs.<any value> preference to require https.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 544442
You need to log in before you can comment on or make changes to this bug.