Last Comment Bug 788259 - Plugin check pref set to mozilla.com instead of mozilla.org causing a useless redirect and making it vulnerable to improper redirects in mozilla.com
: Plugin check pref set to mozilla.com instead of mozilla.org causing a useless...
Status: RESOLVED FIXED
:
Product: Thunderbird
Classification: Client Software
Component: General (show other bugs)
: Trunk
: All All
: -- normal (vote)
: Thunderbird 18.0
Assigned To: :aceman
:
:
Mentors:
Depends on: 752161 752232
Blocks:
  Show dependency treegraph
 
Reported: 2012-09-04 13:22 PDT by Mark Banner (:standard8)
Modified: 2012-09-18 18:26 PDT (History)
5 users (show)
ryanvm: in‑testsuite-
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---


Attachments
patch (5.50 KB, patch)
2012-09-12 11:13 PDT, :aceman
standard8: review+
Details | Diff | Splinter Review

Description Mark Banner (:standard8) 2012-09-04 13:22:59 PDT
+++ This bug was initially created as a clone of Bug #752161 +++

When I click the addon manager's link to the plugin check website, I end up at https://www.mozilla.com/en/404 (which for whatever reason is using the Student Reps theme).

That seems wrong.


The link from about:plugins works, for whatever that's worth.

I'm using the latest Nightly build as of mid-day Friday.

In about:config, "plugins.update.url" is set to the default "https://www.mozilla.com/%LOCALE%/plugincheck/". (Which, when I replace %LOCALE% with "en-US", leads me to that same 404 error page.)
Comment 1 :aceman 2012-09-04 23:24:21 PDT
The https://www.mozilla.com/en-US/plugincheck/ link does work for me (from Firefox and Tb's plugin check) and redirects to https://www.mozilla.org/en-US/plugincheck/ .
Comment 2 :aceman 2012-09-05 04:59:04 PDT
Is this the same as SM bug 787903?
Could the pref be merged into mailnews.js ?
Comment 3 Philip Chee 2012-09-05 22:32:25 PDT
> The https://www.mozilla.com/en-US/plugincheck/ link does work for me (from Firefox and
> Tb's plugin check) and redirects to https://www.mozilla.org/en-US/plugincheck/ .
The server side redirect has been fixed. This bug is about the client.

> Could the pref be merged into mailnews.js ?
I think we may want to keep these separate.
Comment 4 Mark Banner (:standard8) 2012-09-05 23:27:40 PDT
Keep them separate, but switch to https as that's better for the user as it gives a bit more security against mitm attacks.
Comment 5 :aceman 2012-09-12 11:13:32 PDT
Created attachment 660523 [details] [diff] [review]
patch
Comment 6 Mark Banner (:standard8) 2012-09-18 01:47:05 PDT
Comment on attachment 660523 [details] [diff] [review]
patch

Looks great, thanks.
Comment 7 :aceman 2012-09-18 01:56:33 PDT
I have tested that all the changed links (outside of plugincheck) do work.
Comment 8 Ryan VanderMeulen [:RyanVM] 2012-09-18 18:26:22 PDT
https://hg.mozilla.org/comm-central/rev/7f81f3623731

Note You need to log in before you can comment on or make changes to this bug.