Closed
Bug 554832
Opened 14 years ago
Closed 11 years ago
test_info_leak fails on Win7 with Skype running
Categories
(Core :: Audio/Video, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: cpearce, Unassigned)
Details
(Keywords: sec-moderate, Whiteboard: [sg:moderate])
Mochitest content/media/test/test_info_leak.html fails on trunk on fully-patched Windows7 Pro 64bit when Skype 4.1.0.179 is running. This may also occur with other versions of Skype and Windows; Matthew Gregan tells me he saw this test fail on his Win7 beta machine, on which he runs Skype. This test fails on trunk nightly builds at least back as far as 1 January 2010. test_info_leak creates <video> elements and with invalid src URLs, and checks that we don't "leak" any state or events which can be used by script to determine whether the URL can be resolved from the client domain (as opposed to being accessible from the webserver's domain). I think this should be a security bug because this *may* (I'm not sure if it *will*) leak state if a client-only-resolvable URL is set as a <video>'s src attribute when Skype is installed.
Whiteboard: [sg:moderate]
|
||
Comment 1•14 years ago
|
||
Chris, what's the skype addon version you have? IS the problem still present with the addon disabled?
|
Reporter | |
Comment 2•14 years ago
|
||
I don't have a Skype Addon installed, Skype was somehow interfering with the Firefox process. I'm now running Skype 4.2.0.115, and test_info_leak doesn't fail running current trunk. Maybe Skype fixed it on their end. Resolving WFM...
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → WORKSFORME
|
||
Comment 3•14 years ago
|
||
I'm running Skype 5.0.0.152 and test_info_leak still fails for me on Windows 7.
Status: RESOLVED → REOPENED
Resolution: WORKSFORME → ---
|
|
||
Comment 4•14 years ago
|
||
So this is just skype without the skype extension?
|
|
||
Comment 5•14 years ago
|
||
yes
|
|
Reporter | |
Updated•13 years ago
|
Summary: test_info_leak fails on Win7 with Skype installed → test_info_leak fails on Win7 with Skype running
|
|
||
Updated•12 years ago
|
Keywords: sec-moderate
|
||
Comment 6•11 years ago
|
||
Chris D -- Since you were the last one to repro this bug, could you retest now and see if it is still happening? Thanks.
Flags: needinfo?(chris.double)
|
|
||
Comment 7•11 years ago
|
||
I no longer run Windows so cannot test, sorry.
Flags: needinfo?(chris.double)
|
|
||
Comment 8•11 years ago
|
||
Chris P -- Since Chris D can no longer test this readily, do you think you could try to repro with the recent versions of Skype and Firefox? I wouldn't be surprised if this bug were fixed now (either by our code changing or Skype's). I believe this is the last, older, media security bug that is still open.
Flags: needinfo?(cpearce)
|
|
Reporter | |
Comment 9•11 years ago
|
||
I retested on Winows 7 x64 Pro with Skype 6.3.0.105 and mozilla-central from Wed Mar 20, 2013, and the failure no longer occurs. -> WFM.
Status: REOPENED → RESOLVED
Closed: 14 years ago → 11 years ago
Flags: needinfo?(cpearce)
Resolution: --- → WORKSFORME
|
||
Updated•9 years ago
|
Group: core-security → core-security-release
|
||
Updated•7 years ago
|
Group: core-security-release
You need to log in
before you can comment on or make changes to this bug.
Description
•