#27459 closed defect (fixed)
Backport bug 1479311 for Tor Browser for Android?
Reported by: | gk | Owned by: | tbb-team |
---|---|---|---|
Priority: | Medium | Milestone: | |
Component: | Applications/Tor Browser | Version: | |
Severity: | Normal | Keywords: | tbb-mobile, TorBrowserTeam201809R |
Cc: | Actual Points: | ||
Parent ID: | Points: | ||
Reviewer: | Sponsor: | Sponsor8 |
Description
I guess we should think about backporting the patch for bug 1479311 which fixes an address bar spoofing vulnerability. The fix is pretty small and should not cause any regressions:
- if (index == -1) { + if (index == -1 || url.startsWith("javascript:")) {
Child Tickets
Change History (4)
comment:1 Changed 15 months ago by
comment:3 Changed 15 months ago by
Keywords: | TorBrowserTeam201809R added; TorBrowserTeam201809 removed |
---|---|
Resolution: | → fixed |
Status: | needs_review → closed |
Cherry-picked to tor-browser-60.2.0esr-8.5-1
(commit 4b66110d0704227ee7e90b7adb092da2d3bf0ac5), thanks.
comment:4 Changed 14 months ago by
Sponsor: | → Sponsor8 |
---|
Note: See
TracTickets for help on using
tickets.
I have a branch for review in my user repo:
27459
. I can reproduce this bug without the patch using the POC link provided in the upstream bug: https://www.alternativ-testing.fr/Research/Google%20Chrome/ATVR-09-2017_g6k2d7l0f8s3/testcase-addressbar-spoofing-version1.phpCherry-picked from https://github.com/mozilla/gecko-dev/commit/7b902db1b5c30458243340ee7f264bf118b323d2.patch
I haven't tested the patch yet, still building.