Last Comment Bug 752161 - Plugin check pref set to mozilla.com instead of mozilla.org causing a useless redirect and making it vulnerable to improper redirects in mozilla.com
: Plugin check pref set to mozilla.com instead of mozilla.org causing a useless...
Status: RESOLVED FIXED
:
Product: Firefox
Classification: Client Software
Component: General (show other bugs)
: unspecified
: All All
: -- normal with 2 votes (vote)
: Firefox 15
Assigned To: Wes Kocher (:KWierso)
:
Mentors:
: 752073 752194 752248 752264 752307 752322 752349 (view as bug list)
Depends on: 752232
Blocks: 788259
  Show dependency treegraph
 
Reported: 2012-05-04 22:40 PDT by Wes Kocher (:KWierso)
Modified: 2012-09-04 13:22 PDT (History)
23 users (show)
MattN+bmo: in‑testsuite-
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments
s/com/org (1019 bytes, patch)
2012-05-06 17:25 PDT, Wes Kocher (:KWierso)
gavin.sharp: review+
Details | Diff | Splinter Review

Description Wes Kocher (:KWierso) 2012-05-04 22:40:57 PDT
When I click the addon manager's link to the plugin check website, I end up at https://www.mozilla.com/en/404 (which for whatever reason is using the Student Reps theme).

That seems wrong.


The link from about:plugins works, for whatever that's worth.

I'm using the latest Nightly build as of mid-day Friday.

In about:config, "plugins.update.url" is set to the default "https://www.mozilla.com/%LOCALE%/plugincheck/". (Which, when I replace %LOCALE% with "en-US", leads me to that same 404 error page.)
Comment 1 Wes Kocher (:KWierso) 2012-05-04 22:42:22 PDT
So fun story:
The link from about:plugins points to http://www.mozilla.com/plugincheck/ which redirects to http://www.mozilla.org/en-US/plugincheck/

http://www.mozilla.org/en-US/plugincheck/ is exactly what plugins.update.url ends up using after replacing the locale, except the working version uses "http", not "https".
Comment 2 Wes Kocher (:KWierso) 2012-05-04 22:47:15 PDT
> I'm using the latest Nightly build as of mid-day Friday.
Apologies for the spam, thought I should add that I'm seeing this in Nightly, but I only spotted this from a MozillaZine post from people running the release version of Firefox 12, if that affects the severity or priority for getting this looked at...
Comment 3 Alice0775 White 2012-05-05 00:54:14 PDT
WORKAROUND:
Append the following to user.js.
user_pref("plugins.update.url", "http://www.mozilla.com/%LOCALE%/plugincheck/");
Comment 4 Alice0775 White 2012-05-05 05:09:44 PDT
*** Bug 752194 has been marked as a duplicate of this bug. ***
Comment 5 Scoobidiver (away) 2012-05-05 06:01:02 PDT
Other workaround: replace .com by .org in the plugins.update.url pref.

Dupe of bug 752178?
Comment 6 David Jackson 2012-05-05 09:52:10 PDT
Workarounds are nice, but this bug needs to be fixed since it impacts security and since it appears in both the released as well as in the Nightly builds.  I would bump the priority to critical, especially since it seems like it should be an easy fix.
Comment 7 Erik Blake 2012-05-05 10:12:19 PDT
Affects both Firefox and Thunderbird latest releases.
Comment 8 David Jackson 2012-05-05 10:38:22 PDT
May be OS X only; just tested on Windows 7 and plugin update seems to work fine.
Comment 9 Peter S. 2012-05-05 10:49:54 PDT
(In reply to David Jackson from comment #8)
> May be OS X only; just tested on Windows 7 and plugin update seems to work
> fine.

Nope. I've seen it Windows 7 for the past several days.
Comment 10 Scoobidiver (away) 2012-05-05 10:56:38 PDT
It will be fixed by bug 752232.
Comment 11 Alice0775 White 2012-05-05 11:51:58 PDT
*** Bug 752248 has been marked as a duplicate of this bug. ***
Comment 12 Matthias Versen [:Matti] 2012-05-05 12:45:24 PDT
*** Bug 752073 has been marked as a duplicate of this bug. ***
Comment 13 Suny 2012-05-05 15:39:53 PDT
As per comment by Wes:
Gone to about:config and plugins.update.url and changed path from .com to .org and left https (notice "s" on end) and then closed browser and re-opened and gone to add-ons  and clicked link. Works flawlessly! fixed TY for info Wes.

I agree that for most instances, need to recheck all links to Mozilla and ensure ".org" where appropriate are affixed to all web pages on servers.
Comment 14 Belphebe 2012-05-05 16:50:39 PDT
just updated to 12.0 and the exact issue is still there ... applying workaround on my machine worked ...  since this is an easy fix, I expect that it will be fixed in the next incremental update ...
Comment 15 johnobjects 2012-05-06 08:16:28 PDT
FF 12.0.0

I have encountered the same problem with both my default profile and a test profile I created for testing. The test profile is in its virgin state with no changes to the default settings.

My exact path to receive the error is:
tools > add-ons > plugins (in the add-ons manager window) > "Check to see if your plugins are up to date" (hyperlink)

This directs to https://www.mozilla.com/en/404 which is a web page titled "Mozilla Student Reps" which displays this error message:

Sorry
We couldn't find the page you're looking for

I hope the more detailed step-wise process along with the information that indicates that extensions and plugins are not part of the problem proves to be helpful in resolving this issue.
Comment 16 Scoobidiver (away) 2012-05-06 09:22:01 PDT
Thanks for you help but the problem is well understood (even if the primary cause is unknown) and will be fixed by bug 752232 during working days.
Comment 17 Jo Hermans 2012-05-06 09:46:05 PDT
*** Bug 752307 has been marked as a duplicate of this bug. ***
Comment 18 Matthias Versen [:Matti] 2012-05-06 09:54:37 PDT
*** Bug 752322 has been marked as a duplicate of this bug. ***
Comment 19 Matthias Versen [:Matti] 2012-05-06 10:03:25 PDT
*** Bug 752264 has been marked as a duplicate of this bug. ***
Comment 20 Jo Hermans 2012-05-06 12:30:38 PDT
*** Bug 752349 has been marked as a duplicate of this bug. ***
Comment 21 Jake Maul [:jakem] 2012-05-06 14:11:06 PDT
This should be fixed now.

As a related bug, what does it take to have this default URL changed in the Addons Manager to point to www.mozilla.org instead of .com? I mean, upstream in a future release. We should endeavor to save all users a redirect (and DNS lookups) here. Fewer steps is both faster and more reliable (fewer things in line that can break).
Comment 22 johnobjects 2012-05-06 14:33:06 PDT
thanks ... works good now
Comment 23 Wes Kocher (:KWierso) 2012-05-06 16:10:02 PDT
(In reply to Jake Maul [:jakem] from comment #21)
> As a related bug, what does it take to have this default URL changed in the
> Addons Manager to point to www.mozilla.org instead of .com? I mean, upstream
> in a future release. We should endeavor to save all users a redirect (and
> DNS lookups) here. Fewer steps is both faster and more reliable (fewer
> things in line that can break).

Change http://mxr.mozilla.org/mozilla-central/source/browser/app/profile/firefox.js#618 and you should be good to go.
Comment 24 Wes Kocher (:KWierso) 2012-05-06 17:25:16 PDT
Created attachment 621485 [details] [diff] [review]
s/com/org

Something like this.

Gavin, can you review this? It changes the plugin update URL from pointing at mozilla.com to mozilla.org, which cuts down a redirect for everyone clicking the "check for updates" link.
Comment 25 :Gavin Sharp [email: gavin@gavinsharp.com] 2012-05-06 19:15:17 PDT
Comment on attachment 621485 [details] [diff] [review]
s/com/org

This is probably not the right bug to be doing this in, but sure, this looks fine. I think there was another tracking bug on file to do all these switches across the board (we have a lot of in-product mozilla.com links that need to be updated).
Comment 26 Erik Blake 2012-05-07 00:48:03 PDT
(In reply to Scoobidiver from comment #16)
> Thanks for you help but the problem is well understood (even if the primary
> cause is unknown) and will be fixed by bug 752232 during working days.

There are two issues here.

(1) the landing page for 404 errors (see 752232)
(2) a typo in the plugins.update.url config (should be http://www.mozilla.com/%LOCALE%/plugincheck/, not https://www.mozilla.com/%LOCALE%/plugincheck/). It's getting a bit unclear as to which tracker is for which issue...
Comment 27 :Gavin Sharp [email: gavin@gavinsharp.com] 2012-05-07 17:04:58 PDT
(In reply to Erik Blake from comment #26)

> (2) a typo in the plugins.update.url config (should be
> http://www.mozilla.com/%LOCALE%/plugincheck/, not
> https://www.mozilla.com/%LOCALE%/plugincheck/). It's getting a bit unclear
> as to which tracker is for which issue...

Why do you think this is a typo? It makes sense to me that we'd use https wherever possible - prior to bug 752232 (and now that it is fixed), this works fine.
Comment 28 Scoobidiver (away) 2012-05-12 08:04:25 PDT
Can the patch land on m-c?
Comment 29 Wes Kocher (:KWierso) 2012-05-29 23:32:41 PDT
I just pushed this to inbound: 

https://hg.mozilla.org/integration/mozilla-inbound/rev/b613ac5ff64a
Comment 30 Ed Morley [:emorley] 2012-05-30 07:32:19 PDT
https://hg.mozilla.org/mozilla-central/rev/b613ac5ff64a

Note You need to log in before you can comment on or make changes to this bug.