#27459 closed defect (fixed)
Backport bug 1479311 for Tor Browser for Android?
| Reported by: | gk | Owned by: | tbb-team |
|---|---|---|---|
| Priority: | Medium | Milestone: | |
| Component: | Applications/Tor Browser | Version: | |
| Severity: | Normal | Keywords: | tbb-mobile, TorBrowserTeam201809R |
| Cc: | Actual Points: | ||
| Parent ID: | Points: | ||
| Reviewer: | Sponsor: | Sponsor8 |
Description
I guess we should think about backporting the patch for bug 1479311 which fixes an address bar spoofing vulnerability. The fix is pretty small and should not cause any regressions:
- if (index == -1) {
+ if (index == -1 || url.startsWith("javascript:")) {
Child Tickets
Change History (4)
comment:1 Changed 2 years ago by
comment:3 Changed 2 years ago by
| Keywords: | TorBrowserTeam201809R added; TorBrowserTeam201809 removed |
|---|---|
| Resolution: | → fixed |
| Status: | needs_review → closed |
Cherry-picked to tor-browser-60.2.0esr-8.5-1 (commit 4b66110d0704227ee7e90b7adb092da2d3bf0ac5), thanks.
comment:4 Changed 2 years ago by
| Sponsor: | → Sponsor8 |
|---|
Note: See
TracTickets for help on using
tickets.
I have a branch for review in my user repo:
27459. I can reproduce this bug without the patch using the POC link provided in the upstream bug: https://www.alternativ-testing.fr/Research/Google%20Chrome/ATVR-09-2017_g6k2d7l0f8s3/testcase-addressbar-spoofing-version1.phpCherry-picked from https://github.com/mozilla/gecko-dev/commit/7b902db1b5c30458243340ee7f264bf118b323d2.patch
I haven't tested the patch yet, still building.