diff options
| author | Mark H Weaver <mhw@netris.org> | 2024-11-28 13:01:11 -0500 |
|---|---|---|
| committer | Mark H Weaver <mhw@netris.org> | 2024-11-28 13:01:25 -0500 |
| commit | dc99e15355412bc9b11b34d3fe5729bed1c251de (patch) | |
| tree | 653e947f501463f5f6c14cbae6dbb6490083be8d | |
| parent | c85854d2f1eb4ec59a1e1c12a1ba0ba4ae29a557 (diff) | |
Revert "Fix CVE-2024-11695."v115.18.0-gnu2
This reverts commit 306c589a92599638c843d32beaa4119961330d6c.
| -rw-r--r-- | data/patches/CVE-2024-11695.patch | 91 |
1 files changed, 0 insertions, 91 deletions
diff --git a/data/patches/CVE-2024-11695.patch b/data/patches/CVE-2024-11695.patch deleted file mode 100644 index aef984e..0000000 --- a/data/patches/CVE-2024-11695.patch +++ /dev/null @@ -1,91 +0,0 @@ -Fixes CVE-2024-11695 (URL Bar Spoofing via Manipulated Punycode and Whitespace Characters) -Based on <https://hg.mozilla.org/releases/mozilla-esr128/rev/e6099586845f23c0f85fe29a636980e57d206897> -Adapted to ESR 115 by Mark H Weaver <mhw@netris.org> - -# HG changeset patch -# User Marco Bonardo <mbonardo@mozilla.com> -# Date 1731417582 0 -# Node ID e6099586845f23c0f85fe29a636980e57d206897 -# Parent 3b50417aca257bfb30f3277f915fc400aa83c7c7 -Bug 1925496. a=dmeehan - -Original Revision: https://phabricator.services.mozilla.com/D228315 - -Differential Revision: https://phabricator.services.mozilla.com/D228568 - -diff --git a/browser/components/urlbar/UrlbarInput.sys.mjs b/browser/components/urlbar/UrlbarInput.sys.mjs ---- a/browser/components/urlbar/UrlbarInput.sys.mjs -+++ b/browser/components/urlbar/UrlbarInput.sys.mjs -@@ -4001,22 +4001,23 @@ function losslessDecodeURI(aURI) { - // U+2028-2029: line and paragraph separators - // U+2800: braille empty pattern - // U+FFFC: object replacement character - // Encode any trailing whitespace that may be part of a pasted URL, so that it - // doesn't get eaten away by the location bar (bug 410726). - // Encode all adjacent space chars (U+0020), to prevent spoofing attempts - // where they would push part of the URL to overflow the location bar - // (bug 1395508). A single space, or the last space if the are many, is -- // preserved to maintain readability of certain urls. We only do this for the -- // common space, because others may be eaten when copied to the clipboard, so -- // it's safer to preserve them encoded. -+ // preserved to maintain readability of certain urls if it's not followed by a -+ // control or separator character. We only do this for the common space, -+ // because others may be eaten when copied to the clipboard,so it's safer to -+ // preserve them encoded. - value = value.replace( - // eslint-disable-next-line no-control-regex -- /[\u0000-\u001f\u007f-\u00a0\u1680\u2000-\u200a\u2028\u2029\u202f\u205f\u2800\u3000\ufffc]|[\r\n\t]|\u0020(?=\u0020)|\s$/g, -+ /[[\p{Separator}--\u0020]\p{Control}\u2800\ufffc]|\u0020(?=[\p{Other}\p{Separator}])|\s$/gv, - encodeURIComponent - ); - - // Encode characters that are ignorable, can't be rendered usefully, or may - // confuse users. - // - // Default ignorable characters; ZWNJ (U+200C) and ZWJ (U+200D) are excluded - // per bug 582186: -@@ -4028,19 +4029,20 @@ function losslessDecodeURI(aURI) { - // U+061C, U+200E, U+200F, U+202A-202E, U+2066-2069 - // Other format characters in the Cf category that are unlikely to be rendered - // usefully: - // U+0600-0605, U+08E2, U+110BD (U+D804 + U+DCBD), - // U+110CD (U+D804 + U+DCCD), U+13430-13438 (U+D80D + U+DC30-DC38), - // U+1BCA0-1BCA3 (U+D82F + U+DCA0-DCA3) - // Mimicking UI parts: - // U+1F50F-1F513 (U+D83D + U+DD0F-DD13), U+1F6E1 (U+D83D + U+DEE1) -+ // Unassigned codepoints, sometimes shown as empty glyphs. - value = value.replace( - // eslint-disable-next-line no-misleading-character-class -- /[\u00ad\u034f\u061c\u06dd\u070f\u115f\u1160\u17b4\u17b5\u180b-\u180e\u200b\u200e\u200f\u202a-\u202e\u2060-\u206f\u3164\u0600-\u0605\u08e2\ufe00-\ufe0f\ufeff\uffa0\ufff0-\ufffb]|\ud804[\udcbd\udccd]|\ud80d[\udc30-\udc38]|\ud82f[\udca0-\udca3]|\ud834[\udd73-\udd7a]|[\udb40-\udb43][\udc00-\udfff]|\ud83d[\udd0f-\udd13\udee1]/g, -+ /[\u00ad\u034f\u061c\u06dd\u070f\u115f\u1160\u17b4\u17b5\u180b-\u180e\u200b\u200e\u200f\u202a-\u202e\u2060-\u206f\u3164\u0600-\u0605\u08e2\ufe00-\ufe0f\ufeff\uffa0\ufff0-\ufffb\p{Unassigned}\p{Private_Use}]|\ud804[\udcbd\udccd]|\ud80d[\udc30-\udc38]|\ud82f[\udca0-\udca3]|\ud834[\udd73-\udd7a]|[\udb40-\udb43][\udc00-\udfff]|\ud83d[\udd0f-\udd13\udee1]/gv, - encodeURIComponent - ); - return value; - } - - /** - * Handles copy and cut commands for the urlbar. - */ -diff --git a/browser/components/urlbar/tests/browser/browser_copying.js b/browser/components/urlbar/tests/browser/browser_copying.js ---- a/browser/components/urlbar/tests/browser/browser_copying.js -+++ b/browser/components/urlbar/tests/browser/browser_copying.js -@@ -247,17 +247,17 @@ var tests = [ - }, - { - loadURL: "http://example.com/a%E3%80%80test", - expectedURL: "example.com/a%E3%80%80test", - copyExpected: "http://example.com/a%E3%80%80test", - }, - { - loadURL: "http://example.com/a%20%C2%A0test", -- expectedURL: "example.com/a %C2%A0test", -+ expectedURL: "example.com/a%20%C2%A0test", - copyExpected: "http://example.com/a%20%C2%A0test", - }, - { - loadURL: "http://example.com/%20%20%20", - expectedURL: "example.com/%20%20%20", - copyExpected: "http://example.com/%20%20%20", - }, - { - |