Opened 13 months ago

Closed 13 months ago

Last modified 11 months ago

#27459 closed defect (fixed)

Backport bug 1479311 for Tor Browser for Android?

Reported by: gk Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-mobile, TorBrowserTeam201809R
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor: Sponsor8

Description

I guess we should think about backporting the patch for bug 1479311 which fixes an address bar spoofing vulnerability. The fix is pretty small and should not cause any regressions:

-        if (index == -1) {
+        if (index == -1 || url.startsWith("javascript:")) {

Child Tickets

Change History (4)

comment:1 Changed 13 months ago by sysrqb

I have a branch for review in my user repo: 27459. I can reproduce this bug without the patch using the POC link provided in the upstream bug: https://www.alternativ-testing.fr/Research/Google%20Chrome/ATVR-09-2017_g6k2d7l0f8s3/testcase-addressbar-spoofing-version1.php

Cherry-picked from https://github.com/mozilla/gecko-dev/commit/7b902db1b5c30458243340ee7f264bf118b323d2.patch

I haven't tested the patch yet, still building.

comment:2 Changed 13 months ago by sysrqb

Status: newneeds_review

Okay, looks good.

comment:3 Changed 13 months ago by gk

Keywords: TorBrowserTeam201809R added; TorBrowserTeam201809 removed
Resolution: fixed
Status: needs_reviewclosed

Cherry-picked to tor-browser-60.2.0esr-8.5-1 (commit 4b66110d0704227ee7e90b7adb092da2d3bf0ac5), thanks.

comment:4 Changed 11 months ago by pili

Sponsor: Sponsor8
Note: See TracTickets for help on using tickets.