Closed
Bug 752161
Opened 13 years ago
Closed 13 years ago
Plugin check pref set to mozilla.com instead of mozilla.org causing a useless redirect and making it vulnerable to improper redirects in mozilla.com
Categories
(Firefox :: General, defect)
Firefox
General
Tracking
()
RESOLVED
FIXED
Firefox 15
People
(Reporter: KWierso, Assigned: KWierso)
References
Details
Attachments
(1 file)
|
1019 bytes,
patch
|
Gavin
:
review+
|
Details | Diff | Splinter Review |
When I click the addon manager's link to the plugin check website, I end up at https://www.mozilla.com/en/404 (which for whatever reason is using the Student Reps theme).
That seems wrong.
The link from about:plugins works, for whatever that's worth.
I'm using the latest Nightly build as of mid-day Friday.
In about:config, "plugins.update.url" is set to the default "https://www.mozilla.com/%LOCALE%/plugincheck/". (Which, when I replace %LOCALE% with "en-US", leads me to that same 404 error page.)
|
Assignee | |
Comment 1•13 years ago
|
||
So fun story:
The link from about:plugins points to http://www.mozilla.com/plugincheck/ which redirects to http://www.mozilla.org/en-US/plugincheck/
http://www.mozilla.org/en-US/plugincheck/ is exactly what plugins.update.url ends up using after replacing the locale, except the working version uses "http", not "https".
|
|
Assignee | |
Comment 2•13 years ago
|
||
> I'm using the latest Nightly build as of mid-day Friday.
Apologies for the spam, thought I should add that I'm seeing this in Nightly, but I only spotted this from a MozillaZine post from people running the release version of Firefox 12, if that affects the severity or priority for getting this looked at...
OS: Windows 8 → All
Hardware: x86_64 → All
|
||
Comment 3•13 years ago
|
||
WORKAROUND:
Append the following to user.js.
user_pref("plugins.update.url", "http://www.mozilla.com/%LOCALE%/plugincheck/");
|
|
||
Comment 5•13 years ago
|
||
Other workaround: replace .com by .org in the plugins.update.url pref.
Dupe of bug 752178?
|
||
Comment 6•13 years ago
|
||
Workarounds are nice, but this bug needs to be fixed since it impacts security and since it appears in both the released as well as in the Nightly builds. I would bump the priority to critical, especially since it seems like it should be an easy fix.
|
||
Comment 7•13 years ago
|
||
Affects both Firefox and Thunderbird latest releases.
|
|
||
Comment 8•13 years ago
|
||
May be OS X only; just tested on Windows 7 and plugin update seems to work fine.
(In reply to David Jackson from comment #8)
> May be OS X only; just tested on Windows 7 and plugin update seems to work
> fine.
Nope. I've seen it Windows 7 for the past several days.
|
|
||
Comment 10•13 years ago
|
||
It will be fixed by bug 752232.
|
|
||
Comment 13•13 years ago
|
||
As per comment by Wes:
Gone to about:config and plugins.update.url and changed path from .com to .org and left https (notice "s" on end) and then closed browser and re-opened and gone to add-ons and clicked link. Works flawlessly! fixed TY for info Wes.
I agree that for most instances, need to recheck all links to Mozilla and ensure ".org" where appropriate are affixed to all web pages on servers.
|
|
||
Comment 14•13 years ago
|
||
just updated to 12.0 and the exact issue is still there ... applying workaround on my machine worked ... since this is an easy fix, I expect that it will be fixed in the next incremental update ...
|
|
||
Comment 15•13 years ago
|
||
FF 12.0.0
I have encountered the same problem with both my default profile and a test profile I created for testing. The test profile is in its virgin state with no changes to the default settings.
My exact path to receive the error is:
tools > add-ons > plugins (in the add-ons manager window) > "Check to see if your plugins are up to date" (hyperlink)
This directs to https://www.mozilla.com/en/404 which is a web page titled "Mozilla Student Reps" which displays this error message:
Sorry
We couldn't find the page you're looking for
I hope the more detailed step-wise process along with the information that indicates that extensions and plugins are not part of the problem proves to be helpful in resolving this issue.
|
|
||
Comment 16•13 years ago
|
||
Thanks for you help but the problem is well understood (even if the primary cause is unknown) and will be fixed by bug 752232 during working days.
|
|
||
Comment 21•13 years ago
|
||
This should be fixed now.
As a related bug, what does it take to have this default URL changed in the Addons Manager to point to www.mozilla.org instead of .com? I mean, upstream in a future release. We should endeavor to save all users a redirect (and DNS lookups) here. Fewer steps is both faster and more reliable (fewer things in line that can break).
|
|
||
Comment 22•13 years ago
|
||
thanks ... works good now
|
|
Assignee | |
Comment 23•13 years ago
|
||
(In reply to Jake Maul [:jakem] from comment #21)
> As a related bug, what does it take to have this default URL changed in the
> Addons Manager to point to www.mozilla.org instead of .com? I mean, upstream
> in a future release. We should endeavor to save all users a redirect (and
> DNS lookups) here. Fewer steps is both faster and more reliable (fewer
> things in line that can break).
Change http://mxr.mozilla.org/mozilla-central/source/browser/app/profile/firefox.js#618 and you should be good to go.
|
|
Assignee | |
Comment 24•13 years ago
|
||
Something like this.
Gavin, can you review this? It changes the plugin update URL from pointing at mozilla.com to mozilla.org, which cuts down a redirect for everyone clicking the "check for updates" link.
Attachment #621485 -
Flags: review?(gavin.sharp)
|
||
Comment 25•13 years ago
|
||
Comment on attachment 621485 [details] [diff] [review]
s/com/org
This is probably not the right bug to be doing this in, but sure, this looks fine. I think there was another tracking bug on file to do all these switches across the board (we have a lot of in-product mozilla.com links that need to be updated).
Attachment #621485 -
Flags: review?(gavin.sharp) → review+
|
|
||
Comment 26•13 years ago
|
||
(In reply to Scoobidiver from comment #16)
> Thanks for you help but the problem is well understood (even if the primary
> cause is unknown) and will be fixed by bug 752232 during working days.
There are two issues here.
(1) the landing page for 404 errors (see 752232)
(2) a typo in the plugins.update.url config (should be http://www.mozilla.com/%LOCALE%/plugincheck/, not https://www.mozilla.com/%LOCALE%/plugincheck/). It's getting a bit unclear as to which tracker is for which issue...
|
|
||
Updated•13 years ago
|
Component: plugincheck → General
Product: Websites → Firefox
QA Contact: plugincheck → general
Summary: "Check to see if your plugins are up to date" link in Addon Manager's Plugins section ends up with a 404 error → Plugin check pref set to mozilla.com instead of mozilla.org causing a useless redirect and making it vulnerable to improper redirects in mozilla.com
|
|
||
Comment 27•13 years ago
|
||
(In reply to Erik Blake from comment #26)
> (2) a typo in the plugins.update.url config (should be
> http://www.mozilla.com/%LOCALE%/plugincheck/, not
> https://www.mozilla.com/%LOCALE%/plugincheck/). It's getting a bit unclear
> as to which tracker is for which issue...
Why do you think this is a typo? It makes sense to me that we'd use https wherever possible - prior to bug 752232 (and now that it is fixed), this works fine.
|
|
||
Comment 28•13 years ago
|
||
Can the patch land on m-c?
|
||
Updated•13 years ago
|
Assignee: nobody → kwierso
Status: NEW → ASSIGNED
|
|
Assignee | |
Comment 29•13 years ago
|
||
I just pushed this to inbound:
https://hg.mozilla.org/integration/mozilla-inbound/rev/b613ac5ff64a
|
|
||
Updated•13 years ago
|
Flags: in-testsuite-
Target Milestone: --- → Firefox 15
|
|
||
Comment 30•13 years ago
|
||
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•