Skip to content
This repository has been archived by the owner on Mar 25, 2024. It is now read-only.

[upstream/firefox-ios][hackerone] #1634597 - about:blank spoofing #2952

Closed
jumde opened this issue Oct 12, 2020 · 3 comments · Fixed by #2978
Closed

[upstream/firefox-ios][hackerone] #1634597 - about:blank spoofing #2952

jumde opened this issue Oct 12, 2020 · 3 comments · Fixed by #2978
Assignees
@jumde
Labels
bug Epic: Security priority/P3 The next thing for us to work on. QA Pass - iPad QA Pass - iPhone QA/Yes release-notes/include security
Milestone
1.23

Comments

@jumde
Copy link
Contributor

jumde commented Oct 12, 2020
edited by diracdeltas

https://bugzilla.mozilla.org/show_bug.cgi?id=1634597

hackerone report: https://hackerone.com/reports/860867
@jumde jumde added the security label Oct 12, 2020
@jumde jumde changed the title [upstream/firefox-ios] #1634597 [upstream/firefox-ios] #1634597 - address bar spoofing Oct 12, 2020
@iccub iccub mentioned this issue Oct 12, 2020
Closed
@diracdeltas diracdeltas added the priority/P2 A bad problem. We might uplift this to the next planned release. label Oct 14, 2020
@diracdeltas diracdeltas mentioned this issue Oct 14, 2020
Closed
@diracdeltas diracdeltas added priority/P3 The next thing for us to work on. and removed priority/P2 A bad problem. We might uplift this to the next planned release. labels Oct 14, 2020
@diracdeltas diracdeltas changed the title [upstream/firefox-ios] #1634597 - address bar spoofing [upstream/firefox-ios][hackerone] #1634597 - address bar spoofing Oct 14, 2020
@diracdeltas diracdeltas changed the title [upstream/firefox-ios][hackerone] #1634597 - address bar spoofing [upstream/firefox-ios][hackerone] #1634597 - about:blank spoofing Oct 14, 2020
This was referenced Oct 14, 2020
Closed
Merged
@jumde jumde added this to the 1.23 milestone Oct 19, 2020
@jumde jumde self-assigned this Oct 22, 2020
@kjozwiak
Copy link
Member

kjozwiak commented Feb 2, 2021

@jumde assuming we'll want to include this in the release notes as it fixed a security issue?

@jumde
Copy link
Contributor Author

jumde commented Feb 2, 2021

@kjozwiak - Updated 👍

@kjozwiak
Copy link
Member

kjozwiak commented Feb 3, 2021
edited

Verification PASSED as per https://github.com/brave/security/issues/244#issuecomment-772099890 using the following build:

1.23 (21.1.28.17)
  • iPad Air (3rd Gen) on iOS 14.3 - PASSED
  • iPad Mini 4 on iOS 13.7 - PASSED
  • iPhone 11 on iOS 14.4 - PASSED
  • iPhone 6+ on iOS 12.4.1 - PASSED

@kjozwiak kjozwiak mentioned this issue Feb 22, 2021
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@jumde jumde

Labels
bug Epic: Security priority/P3 The next thing for us to work on. QA Pass - iPad QA Pass - iPhone QA/Yes release-notes/include security
Projects
None yet
Milestone
1.23
Development

Successfully merging a pull request may close this issue.

Fix 2952: Show about:blank for empty window.open brave/brave-ios
4 participants
@diracdeltas @jumde @kjozwiak @iccub