Plugin check pref set to mozilla.com instead of mozilla.org causing a useless redirect and making it vulnerable to improper redirects in mozilla.com

RESOLVED FIXED in Thunderbird 18.0

Status

Thunderbird
General
RESOLVED FIXED
5 years ago
5 years ago

People

(Reporter: standard8, Assigned: aceman)

Tracking

Trunk
Thunderbird 18.0
Dependency tree / graph
Bug Flags:
in-testsuite -

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

+++ This bug was initially created as a clone of Bug #752161 +++

When I click the addon manager's link to the plugin check website, I end up at https://www.mozilla.com/en/404 (which for whatever reason is using the Student Reps theme).

That seems wrong.


The link from about:plugins works, for whatever that's worth.

I'm using the latest Nightly build as of mid-day Friday.

In about:config, "plugins.update.url" is set to the default "https://www.mozilla.com/%LOCALE%/plugincheck/". (Which, when I replace %LOCALE% with "en-US", leads me to that same 404 error page.)
(Assignee)

Comment 1

5 years ago
The https://www.mozilla.com/en-US/plugincheck/ link does work for me (from Firefox and Tb's plugin check) and redirects to https://www.mozilla.org/en-US/plugincheck/ .
(Assignee)

Comment 2

5 years ago
Is this the same as SM bug 787903?
Could the pref be merged into mailnews.js ?

Comment 3

5 years ago
> The https://www.mozilla.com/en-US/plugincheck/ link does work for me (from Firefox and
> Tb's plugin check) and redirects to https://www.mozilla.org/en-US/plugincheck/ .
The server side redirect has been fixed. This bug is about the client.

> Could the pref be merged into mailnews.js ?
I think we may want to keep these separate.
Keep them separate, but switch to https as that's better for the user as it gives a bit more security against mitm attacks.
(Assignee)

Comment 5

5 years ago
Created attachment 660523 [details] [diff] [review]
patch
Assignee: nobody → acelists
Status: NEW → ASSIGNED
Attachment #660523 - Flags: review?(mbanner)
Comment on attachment 660523 [details] [diff] [review]
patch

Looks great, thanks.
Attachment #660523 - Flags: review?(mbanner) → review+
(Assignee)

Comment 7

5 years ago
I have tested that all the changed links (outside of plugincheck) do work.
Keywords: checkin-needed
https://hg.mozilla.org/comm-central/rev/7f81f3623731
Status: ASSIGNED → RESOLVED
Last Resolved: 5 years ago
Flags: in-testsuite-
Keywords: checkin-needed
Resolution: --- → FIXED
Target Milestone: --- → Thunderbird 18.0
You need to log in before you can comment on or make changes to this bug.