See bug 397427 of why I made this bug security sensitive.
Fennec is failing some of the tests in test_bug397427.html, making it susceptible to those attacks, afaict. (although the description in bug 397427 sounds rather vague to me, and since Fennec hasn't gained major marketshare, I would think this bug can be unhidden).
See testcase here:
It should say (and Firefox desktop does):
But in Fennec it does say:
Here is the original mochitest, btw, which partly fail in Fennec:
We badly set mOriginalURI on redirected child channel on the content process. I will check why, probably my fault.
When exactly this started to appear? Wasn't it always failing?
Created attachment 550182 [details] [diff] [review]
Not sure why I have introduced the new member, but it is apparently always left null.
This is probably one of the many tests we haven't been running. I'm not even certain that it's in the tests we're running right now.
Yes, the plan is to enable the layout/style/test/ mochitests, but we need to figure out which ones are failing, first. And then fix the tests or disable them otherwise.
Would this also fix this case? http://www.kantjils.nl/moz/mochitestjs/body_onload_script_redirect.html
That page never stops loading in Fennec, it works fine in Firefox.
This is probably the cause for failures in:
(In reply to comment #5)
> Would this also fix this case?
> That page never stops loading in Fennec, it works fine in Firefox.
The patch has no affect on this issue.
> This is probably the cause for failures in:
I can see "ASSERTION: Redirecting to a protocol that doesn't support universal protocol redirect" when running the test. If that is cause of the test failure then it is quit different issue. See https://bugzilla.mozilla.org/show_bug.cgi?id=661604#c2 that might be related.
However, we should track all "universal protocol redirect" failing tests and fix the code ; in a different bug.
Yes, bug 661604 sounds exactly what http://www.kantjils.nl/moz/mochitestjs/body_onload_script_redirect.html is suffering from in Fennec.