Opened 2 years ago

Closed 2 years ago

Last modified 2 years ago

#27459 closed defect (fixed)

Backport bug 1479311 for Tor Browser for Android?

Reported by: gk Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-mobile, TorBrowserTeam201809R
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor: Sponsor8


I guess we should think about backporting the patch for bug 1479311 which fixes an address bar spoofing vulnerability. The fix is pretty small and should not cause any regressions:

-        if (index == -1) {
+        if (index == -1 || url.startsWith("javascript:")) {

Child Tickets

Change History (4)

comment:1 Changed 2 years ago by sysrqb

I have a branch for review in my user repo: 27459. I can reproduce this bug without the patch using the POC link provided in the upstream bug:

Cherry-picked from

I haven't tested the patch yet, still building.

comment:2 Changed 2 years ago by sysrqb

Status: newneeds_review

Okay, looks good.

comment:3 Changed 2 years ago by gk

Keywords: TorBrowserTeam201809R added; TorBrowserTeam201809 removed
Resolution: fixed
Status: needs_reviewclosed

Cherry-picked to tor-browser-60.2.0esr-8.5-1 (commit 4b66110d0704227ee7e90b7adb092da2d3bf0ac5), thanks.

comment:4 Changed 2 years ago by pili

Sponsor: Sponsor8
Note: See TracTickets for help on using tickets.