forked from pool/MozillaFirefox
3eb8b737e4
https://www.mozilla.org/en-US/firefox/122.0/releasenotes/ MFSA 2024-01 (bsc#1218955) * CVE-2024-0741 (bmo#1864587) Out of bounds write in ANGLE * CVE-2024-0742 (bmo#1867152) Failure to update user input timestamp * CVE-2024-0743 (bmo#1867408) Crash in NSS TLS method * CVE-2024-0744 (bmo#1871089) Wild pointer dereference in JavaScript * CVE-2024-0745 (bmo#1871838) Stack buffer overflow in WebAudio * CVE-2024-0746 (bmo#1660223) Crash when listing printers on Linux * CVE-2024-0747 (bmo#1764343) Bypass of Content Security Policy when directive unsafe-inline was set * CVE-2024-0748 (bmo#1783504) Compromised content process could modify document URI * CVE-2024-0749 (bmo#1813463) Phishing site popup could show local origin in address bar * CVE-2024-0750 (bmo#1863083) Potential permissions request bypass via clickjacking * CVE-2024-0751 (bmo#1865689) Privilege escalation through devtools * CVE-2024-0752 (bmo#1866840) Use-after-free could occur when applying update on macOS * CVE-2024-0753 (bmo#1870262) HSTS policy on subdomain could bypass policy of upper domain * CVE-2024-0754 (bmo#1871605) OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1128
64 lines
2.5 KiB
Diff
64 lines
2.5 KiB
Diff
# HG changeset patch
|
|
# User Rob Krum <biggestsonicfan@gmail.com>
|
|
# Date 1695432215 25200
|
|
# Fri Sep 22 18:23:35 2023 -0700
|
|
# Node ID e6a8a9f0956d124e8de34eb4bcf09d8e17077d9d
|
|
# Parent 5dbbabbfaca21d2c5994f95ed095313284611c44
|
|
Bug 1822730 - Add basic blob protocol handling for blob URIs that contain parsable http/s protocols
|
|
|
|
diff --git a/toolkit/mozapps/downloads/DownloadLastDir.sys.mjs b/toolkit/mozapps/downloads/DownloadLastDir.sys.mjs
|
|
--- a/toolkit/mozapps/downloads/DownloadLastDir.sys.mjs
|
|
+++ b/toolkit/mozapps/downloads/DownloadLastDir.sys.mjs
|
|
@@ -216,38 +216,49 @@ export class DownloadLastDir {
|
|
Services.prefs.setComplexValue(LAST_DIR_PREF, nsIFile, aFile);
|
|
} else if (Services.prefs.prefHasUserValue(LAST_DIR_PREF)) {
|
|
Services.prefs.clearUserPref(LAST_DIR_PREF);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Pre-processor to extract a domain name to be used with the content-prefs
|
|
- * service. This specially handles data and file URIs so that the download
|
|
- * dirs are recalled in a more consistent way:
|
|
+ * service. This specially handles data, file and blob URIs so that the
|
|
+ * download dirs are recalled in a more consistent way:
|
|
* - all file:/// URIs share the same folder
|
|
* - data: URIs share a folder per mime-type. If a mime-type is not
|
|
* specified text/plain is assumed.
|
|
* - blob: URIs share the same folder as their origin. This is done by
|
|
* ContentPrefs already, so we just let the url fall-through.
|
|
* In any other case the original URL is returned as a string and ContentPrefs
|
|
* will do its usual parsing.
|
|
*
|
|
* @param {string|nsIURI|URL} url The URL to parse
|
|
* @returns {string} the domain name to use, or the original url.
|
|
*/
|
|
#cpsGroupFromURL(url) {
|
|
if (typeof url == "string") {
|
|
+ if (url.startsWith("blob:http://") || url.startsWith("blob:https://")) {
|
|
+ url = url.replace("blob:", "");
|
|
+ }
|
|
url = new URL(url);
|
|
} else if (url instanceof Ci.nsIURI) {
|
|
url = URL.fromURI(url);
|
|
}
|
|
if (!URL.isInstance(url)) {
|
|
return url;
|
|
}
|
|
+ if (url.protocol == "blob:") {
|
|
+ if (
|
|
+ url.href.startsWith("blob:http://") ||
|
|
+ url.href.startsWith("blob:https://")
|
|
+ ) {
|
|
+ return url.href.replace("blob:", "");
|
|
+ }
|
|
+ }
|
|
if (url.protocol == "data:") {
|
|
return url.href.match(/^data:[^;,]*/i)[0].replace(/:$/, ":text/plain");
|
|
}
|
|
if (url.protocol == "file:") {
|
|
return "file:///";
|
|
}
|
|
return url.href;
|
|
}
|