Closed
Bug 1348644
Opened 7 years ago
Closed 7 years ago
Copied part of URL suggestions in awesomebar that contain both '?' and '&' is just symbols (U+E5E5)
Categories
(Firefox :: Address Bar, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 1346140
| Tracking | Status | |
|---|---|---|
| firefox-esr45 | --- | unaffected |
| firefox52 | --- | wontfix |
| firefox-esr52 | - | wontfix |
| firefox53 | --- | unaffected |
| firefox54 | --- | unaffected |
| firefox55 | --- | unaffected |
People
(Reporter: rick3162, Unassigned)
References
Details
(Keywords: csectype-uaf, regression, sec-high, Whiteboard: [regressed by Bug 1330593])
Attachments
(1 file)
|
(deleted),
video/x-ms-wmv
|
Details |
To reproduce: in a clean FF52 stable profile: - open https://forums.informaction.com/ - click 'NoScript Development' subforum link (in my case it was: https://forums.informaction.com/viewforum.php?f=10&sid=63659c6b69f4b5d56e09bdbd19915a5f) - open new tab, and close the above link and all others. - type 'dev' in awesomebar: the above link will be displayed as a suggestion - press the Down key to select/highlight the suggestion and press Home: the suggestion will now appear inserted in awesomebar and the cursor will be on the left/start of it - now copy the part 'https://forums.informaction.com' via mouse - here is what the copied text is: I also attach a video capture. PS. I haven't manage to recreate this with other URLs.
Status: UNCONFIRMED → NEW
Has Regression Range: --- → no
Has STR: --- → yes
Ever confirmed: true
Keywords: regression,
regressionwindow-wanted
OS: Unspecified → Windows 10
Hardware: Unspecified → x86
Summary: Copied part of a specific URL suggestion in awesomebar is just symbols → Copied part of a specific URL suggestion in awesomebar is just symbols (U+E5E5)
Version: unspecified → 52 Branch
status-firefox52:
--- → affected
status-firefox53:
--- → ?
status-firefox54:
--- → ?
status-firefox55:
--- → ?
status-firefox-esr45:
--- → unaffected
status-firefox-esr52:
--- → affected
I tried to find the regression range but (as I describe in bug 1348867) I'm getting a 404 in the 6th step. Anyway, the final pushlog_url is https://hg.mozilla.org/releases/mozilla-release/pushloghtml?fromchange=1f0fc9316e65cd171b03d4382b4c0f7443a258dc&tochange=d75a1dba431fd3e3e44cb06ce7f545f1a358948a but displays way too many pushed changesets (all on 3/27) to be of use. Also, (thanks to therube) I quote from http://forums.mozillazine.org/viewtopic.php?p=14738701#p14738701 a precise description of the issue: > More likely a combination of "?" & "&" in the URL. > > So... type "&" into the urlbar > Search through the dropdown for a URL that also includes "?" > > Play around with that URL & most likely you'll duplicate the issue. > > Heh, even your "bad" URL works: > https://hg.mozilla.org/integration/autoland/json-pushes?changset=d75a1dba431fd3e3e44cb06ce7f545f1a358948a&full=1
Summary: Copied part of a specific URL suggestion in awesomebar is just symbols (U+E5E5) → Copied part of URL suggestions in awesomebar that contain both '?' and '&' is just symbols (U+E5E5)
|
||
Comment 2•7 years ago
|
||
[Tracking Requested - why for this release]: Broken UX cut & paste This seems fixed by Bug 1328025 in 53.
tracking-firefox-esr52:
--- → ?
Depends on: 1328025
|
|
||
Comment 3•7 years ago
|
||
Regression window: https://hg.mozilla.org/releases/mozilla-beta/pushloghtml?fromchange=e293c1aa1c10d38b271b48742650d97a4ee5061e&tochange=93b639dcd0c2c6231932bdd8279dc858f6596bf6 Via local build, Last Good: ec8f0f613a8c First Bad: 93b639dcd0c2 Regressed by: 93b639dcd0c2 Jan de Mooij — Bug 1330593 part 1 - Allow non-flat external strings. r=jwalden, r=bz, a=jcristau And fixed by Bug 1328025 in 53. :mats, If the risk of bug 1328025 is low, I think it is worth uplifting to ESR 52.
Flags: needinfo?(mats)
Flags: needinfo?(jdemooij)
Keywords: regressionwindow-wanted
Whiteboard: [regressed by Bug 1330593]
|
||
Comment 4•7 years ago
|
||
Let's lock this bug for now. It's likely a duplicate of bug 1346140, I'll land that tomorrow. Bug 1328025 is not the right fix for this that we should uplift. It probably just happens to hide the problem.
Group: firefox-core-security
Flags: needinfo?(mats)
|
|
||
Updated•7 years ago
|
|
||
Updated•7 years ago
|
Blocks: 1330593
Keywords: csectype-uaf,
sec-high
|
|
||
Comment 5•7 years ago
|
||
Alice, can you confirm this is fixed now on Nightly? I can't reproduce the problem with the STR in comment 0.
Flags: needinfo?(alice0775)
|
|
||
Comment 6•7 years ago
|
||
(In reply to Jan de Mooij [:jandem] from comment #5) > Alice, can you confirm this is fixed now on Nightly? I can't reproduce the > problem with the STR in comment 0. Bug 1328025 hides the problem on 53+ as you describe in comment#4. So, I cannot confirm the root cause is fixed or not. Anyway, I cannot reproduce the problem on Nightly(2017-03-24). Though, I can reproduce this on Firefox52.0.1.
Flags: needinfo?(alice0775)
|
|
||
Comment 7•7 years ago
|
||
In addition to the comment #6, I manually back Bug 1328025 out from Nightly(2017-03-22). And I can reproduce the problem. And I manually back Bug 1328025 out from Nightly(2017-03-24). And I can verify that the problem is no longer reproduce. So, the root cause seems to have been fixed between 2017-03-22 and 2017-03-24.
|
|
||
Comment 8•7 years ago
|
||
(In reply to Alice0775 White from comment #7) > So, the root cause seems to have been fixed between 2017-03-22 and 2017-03-24. Thanks a lot for checking this! Bug 1346140 landed in that range so let's mark this as duplicate.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → DUPLICATE
|
||
Updated•7 years ago
|
|
|
||
Updated•4 years ago
|
Group: firefox-core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•