d5ecca7d59
* Fixed issues causing intermittent video playback problems on
some sites. (bmo#1928484, bmo#1928798)
- remove KDE integration patches
- mozilla-kde.patch
- firefox-kde.patch
on KDE use these settings instead
widget.use-xdg-desktop-portal.file-picker=1
widget.use-xdg-desktop-portal.mime-handler=1
(those are set by the latest branding package as well)
- Mozilla Firefox 132.0
https://www.mozilla.org/en-US/firefox/132.0/releasenotes
MFSA 2024-55 (bsc#1231879)
* CVE-2024-10458 (bmo#1921733)
Permission leak via embed or object elements
* CVE-2024-10459 (bmo#1919087)
Use-after-free in layout with accessibility
* CVE-2024-10460 (bmo#1912537)
Confusing display of origin for external protocol handler prompt
* CVE-2024-10461 (bmo#1914521)
XSS due to Content-Disposition being ignored in
multipart/x-mixed-replace response
* CVE-2024-10462 (bmo#1920423)
Origin of permission prompt could be spoofed by long URL
* CVE-2024-10463 (bmo#1920800)
Cross origin video frame leak
* CVE-2024-10468 (bmo#1914982)
Race conditions in IndexedDB
* CVE-2024-10464 (bmo#1913000)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1184
64 lines
2.5 KiB
Diff
64 lines
2.5 KiB
Diff
# HG changeset patch
|
|
# User Rob Krum <biggestsonicfan@gmail.com>
|
|
# Date 1695432215 25200
|
|
# Fri Sep 22 18:23:35 2023 -0700
|
|
# Node ID e6a8a9f0956d124e8de34eb4bcf09d8e17077d9d
|
|
# Parent 5dbbabbfaca21d2c5994f95ed095313284611c44
|
|
Bug 1822730 - Add basic blob protocol handling for blob URIs that contain parsable http/s protocols
|
|
|
|
diff --git a/toolkit/mozapps/downloads/DownloadLastDir.sys.mjs b/toolkit/mozapps/downloads/DownloadLastDir.sys.mjs
|
|
--- a/toolkit/mozapps/downloads/DownloadLastDir.sys.mjs
|
|
+++ b/toolkit/mozapps/downloads/DownloadLastDir.sys.mjs
|
|
@@ -216,38 +216,49 @@ export class DownloadLastDir {
|
|
Services.prefs.setComplexValue(LAST_DIR_PREF, nsIFile, aFile);
|
|
} else if (Services.prefs.prefHasUserValue(LAST_DIR_PREF)) {
|
|
Services.prefs.clearUserPref(LAST_DIR_PREF);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Pre-processor to extract a domain name to be used with the content-prefs
|
|
- * service. This specially handles data and file URIs so that the download
|
|
- * dirs are recalled in a more consistent way:
|
|
+ * service. This specially handles data, file and blob URIs so that the
|
|
+ * download dirs are recalled in a more consistent way:
|
|
* - all file:/// URIs share the same folder
|
|
* - data: URIs share a folder per mime-type. If a mime-type is not
|
|
* specified text/plain is assumed.
|
|
* - blob: URIs share the same folder as their origin. This is done by
|
|
* ContentPrefs already, so we just let the url fall-through.
|
|
* In any other case the original URL is returned as a string and ContentPrefs
|
|
* will do its usual parsing.
|
|
*
|
|
* @param {string|nsIURI|URL} url The URL to parse
|
|
* @returns {string} the domain name to use, or the original url.
|
|
*/
|
|
#cpsGroupFromURL(url) {
|
|
if (typeof url == "string") {
|
|
+ if (url.startsWith("blob:http://") || url.startsWith("blob:https://")) {
|
|
+ url = url.replace("blob:", "");
|
|
+ }
|
|
url = new URL(url);
|
|
} else if (url instanceof Ci.nsIURI) {
|
|
url = URL.fromURI(url);
|
|
}
|
|
if (!URL.isInstance(url)) {
|
|
return url;
|
|
}
|
|
+ if (url.protocol == "blob:") {
|
|
+ if (
|
|
+ url.href.startsWith("blob:http://") ||
|
|
+ url.href.startsWith("blob:https://")
|
|
+ ) {
|
|
+ return url.href.replace("blob:", "");
|
|
+ }
|
|
+ }
|
|
if (url.protocol == "data:") {
|
|
return url.href.match(/^data:[^;,]*/i)[0].replace(/:$/, ":text/plain");
|
|
}
|
|
if (url.protocol == "file:") {
|
|
return "file:///";
|
|
}
|
|
return url.href;
|
|
}
|