See bug 397427 of why I made this bug security sensitive. Fennec is failing some of the tests in test_bug397427.html, making it susceptible to those attacks, afaict. (although the description in bug 397427 sounds rather vague to me, and since Fennec hasn't gained major marketshare, I would think this bug can be unhidden). See testcase here: http://www.kantjils.nl/moz/mochitestjs/select.html It should say (and Firefox desktop does): style.sheet.cssRules.styleSheet.href: http://www.kantjils.nl/moz/mochitestjs/bodyred.css style.sheet.cssRules.styleSheet.href: http://www.kantjils.nl/moz/mochitestjs/redirect.php?bodygreen.css c.href:c.sheet.href http://www.kantjils.nl/moz/mochitestjs/redirect.php?bodygreen.css:http://www.kantjils.nl/moz/mochitestjs/redirect.php?bodygreen.css But in Fennec it does say: style.sheet.cssRules.styleSheet.href: http://www.kantjils.nl/moz/mochitestjs/bodyred.css style.sheet.cssRules.styleSheet.href: http://www.kantjils.nl/moz/mochitestjs/bodygreen.css c.href:c.sheet.href http://www.kantjils.nl/moz/mochitestjs/redirect.php?bodygreen.css:http://www.kantjils.nl/moz/mochitestjs/bodygreen.css Here is the original mochitest, btw, which partly fail in Fennec: http://www.kantjils.nl/moz/mochitestjs/test_bug397427.html
We badly set mOriginalURI on redirected child channel on the content process. I will check why, probably my fault. When exactly this started to appear? Wasn't it always failing?
Created attachment 550182 [details] [diff] [review] v1 Not sure why I have introduced the new member, but it is apparently always left null.
This is probably one of the many tests we haven't been running. I'm not even certain that it's in the tests we're running right now.
Yes, the plan is to enable the layout/style/test/ mochitests, but we need to figure out which ones are failing, first. And then fix the tests or disable them otherwise.
Would this also fix this case? http://www.kantjils.nl/moz/mochitestjs/body_onload_script_redirect.html That page never stops loading in Fennec, it works fine in Firefox. This is probably the cause for failures in: http://mxr.mozilla.org/mozilla-central/source/layout/style/test/test_visited_image_loading.html?force=1
(In reply to comment #5) > Would this also fix this case? > http://www.kantjils.nl/moz/mochitestjs/body_onload_script_redirect.html > That page never stops loading in Fennec, it works fine in Firefox. > The patch has no affect on this issue. > This is probably the cause for failures in: > http://mxr.mozilla.org/mozilla-central/source/layout/style/test/ > test_visited_image_loading.html?force=1 I can see "ASSERTION: Redirecting to a protocol that doesn't support universal protocol redirect" when running the test. If that is cause of the test failure then it is quit different issue. See https://bugzilla.mozilla.org/show_bug.cgi?id=661604#c2 that might be related. However, we should track all "universal protocol redirect" failing tests and fix the code ; in a different bug.
Yes, bug 661604 sounds exactly what http://www.kantjils.nl/moz/mochitestjs/body_onload_script_redirect.html is suffering from in Fennec.