Created attachment 791788 [details] logcat_except_gecko.txt User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:23.0) Gecko/20100101 Firefox/23.0 (Beta/Release) Build ID: 20130803215302 Steps to reproduce: Searched websites with "startpage (SSL)" add-on installed. Clicked on any search result. Actual results: Logcat shows security exceptions with every website loading. Expected results: On the surface everything works as expected. I just worry about the exceptions.
Do you see these when you disable "Startpage (SSL)" ?
Hi Aaron! I disabled every add-on and the culprit is "adblock plus". How can I provide further information? Should I contact the developer of "adblock plus"? Greetz Martin
It is suggested to file a bug-report over at https://adblockplus.org/forum/viewforum.php?f=11; if the case be that it's an issue on our end discovered in comment, I would imagine we could re-open this.
I had filed this previously ... sounds like a dup and we should close that too https://bugzilla.mozilla.org/show_bug.cgi?id=901939
(In reply to Aaron Train [:aaronmt] from comment #3) > It is suggested to file a bug-report over at > https://adblockplus.org/forum/viewforum.php?f=11; I disagree - this isn't an Adblock Plus bug. Adblock Plus has been signed correctly but that's not really the point. The problem here is rather that Firefox shouldn't attempt to validate the signature when displaying the extension icon. For reference, the corresponding bug in the desktop Firefox version is bug 726125 which has been resolved a while ago. Note that my comment is based on the description from bug 901939 which has been resolved as a duplicate of this one - there isn't much of a description here.
Created attachment 820696 [details] [diff] [review] bug906402 (v0) If you're saying that we can assume extension icons are trusted sources, we can bypass the security check done in Java and provide a working patch for consideration this way.
Comment on attachment 820696 [details] [diff] [review] bug906402 (v0) Ping mfinkle for feedback, not sure who to check with otherwise
Created attachment 821632 [details] [diff] [review] bug906402 (v1) new version tightens it up a bit
Comment on attachment 821632 [details] [diff] [review] bug906402 (v1) >+ // Addons, extensions, etc Let's make the comment a bit more descriptive: // Don't attempt to validate the JAR signature when loading an add-on icon
TRY is nice and green: https://tbpl.mozilla.org/?tree=Try&rev=83e7ed66547f
And on we go https://hg.mozilla.org/integration/fx-team/rev/06e480dedcb0 Adblock plus icons for everyone