1
0
MozillaFirefox/mozilla-bmo1822730.patch
Wolfgang Rosenauer 3eb8b737e4 - Mozilla Firefox 122.0
https://www.mozilla.org/en-US/firefox/122.0/releasenotes/
  MFSA 2024-01 (bsc#1218955)
  * CVE-2024-0741 (bmo#1864587)
    Out of bounds write in ANGLE
  * CVE-2024-0742 (bmo#1867152)
    Failure to update user input timestamp
  * CVE-2024-0743 (bmo#1867408)
    Crash in NSS TLS method
  * CVE-2024-0744 (bmo#1871089)
    Wild pointer dereference in JavaScript
  * CVE-2024-0745 (bmo#1871838)
    Stack buffer overflow in WebAudio
  * CVE-2024-0746 (bmo#1660223)
    Crash when listing printers on Linux
  * CVE-2024-0747 (bmo#1764343)
    Bypass of Content Security Policy when directive unsafe-inline was set
  * CVE-2024-0748 (bmo#1783504)
    Compromised content process could modify document URI
  * CVE-2024-0749 (bmo#1813463)
    Phishing site popup could show local origin in address bar
  * CVE-2024-0750 (bmo#1863083)
    Potential permissions request bypass via clickjacking
  * CVE-2024-0751 (bmo#1865689)
    Privilege escalation through devtools
  * CVE-2024-0752 (bmo#1866840)
    Use-after-free could occur when applying update on macOS
  * CVE-2024-0753 (bmo#1870262)
    HSTS policy on subdomain could bypass policy of upper domain
  * CVE-2024-0754 (bmo#1871605)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1128
2024-01-25 11:10:30 +00:00

64 lines
2.5 KiB
Diff

# HG changeset patch
# User Rob Krum <biggestsonicfan@gmail.com>
# Date 1695432215 25200
# Fri Sep 22 18:23:35 2023 -0700
# Node ID e6a8a9f0956d124e8de34eb4bcf09d8e17077d9d
# Parent 5dbbabbfaca21d2c5994f95ed095313284611c44
Bug 1822730 - Add basic blob protocol handling for blob URIs that contain parsable http/s protocols
diff --git a/toolkit/mozapps/downloads/DownloadLastDir.sys.mjs b/toolkit/mozapps/downloads/DownloadLastDir.sys.mjs
--- a/toolkit/mozapps/downloads/DownloadLastDir.sys.mjs
+++ b/toolkit/mozapps/downloads/DownloadLastDir.sys.mjs
@@ -216,38 +216,49 @@ export class DownloadLastDir {
Services.prefs.setComplexValue(LAST_DIR_PREF, nsIFile, aFile);
} else if (Services.prefs.prefHasUserValue(LAST_DIR_PREF)) {
Services.prefs.clearUserPref(LAST_DIR_PREF);
}
}
/**
* Pre-processor to extract a domain name to be used with the content-prefs
- * service. This specially handles data and file URIs so that the download
- * dirs are recalled in a more consistent way:
+ * service. This specially handles data, file and blob URIs so that the
+ * download dirs are recalled in a more consistent way:
* - all file:/// URIs share the same folder
* - data: URIs share a folder per mime-type. If a mime-type is not
* specified text/plain is assumed.
* - blob: URIs share the same folder as their origin. This is done by
* ContentPrefs already, so we just let the url fall-through.
* In any other case the original URL is returned as a string and ContentPrefs
* will do its usual parsing.
*
* @param {string|nsIURI|URL} url The URL to parse
* @returns {string} the domain name to use, or the original url.
*/
#cpsGroupFromURL(url) {
if (typeof url == "string") {
+ if (url.startsWith("blob:http://") || url.startsWith("blob:https://")) {
+ url = url.replace("blob:", "");
+ }
url = new URL(url);
} else if (url instanceof Ci.nsIURI) {
url = URL.fromURI(url);
}
if (!URL.isInstance(url)) {
return url;
}
+ if (url.protocol == "blob:") {
+ if (
+ url.href.startsWith("blob:http://") ||
+ url.href.startsWith("blob:https://")
+ ) {
+ return url.href.replace("blob:", "");
+ }
+ }
if (url.protocol == "data:") {
return url.href.match(/^data:[^;,]*/i)[0].replace(/:$/, ":text/plain");
}
if (url.protocol == "file:") {
return "file:///";
}
return url.href;
}