| author | Masatoshi Kimura <VYV03354@nifty.ne.jp> |
| Sat, 19 Nov 2016 13:45:46 +0900 | |
| changeset 341297 | 9b67e1ce3c8099bc77cab0f2fd8d069c88cb1532 |
| parent 341296 | 7038e10280b2905704687ea6d74020c6c437e114 |
| child 341298 | 9fad6f3a8b036f2f42394c7acfee9060dca77054 |
| push id | 86684 |
| push user | cbook@mozilla.com |
| push date | Wed, 08 Feb 2017 10:31:03 +0000 |
| treeherder | mozilla-inbound@c5b88e4e70f4 [default view] [failures only] |
| perfherder | [talos] [build metrics] [platform microbench] (compared to previous push) |
| reviewers | Dolske |
| bugs | 1321778 |
| milestone | 54.0a1 |
| first release with | nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
|
| last release without | nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
|
--- a/browser/base/content/aboutNetError.xhtml +++ b/browser/base/content/aboutNetError.xhtml @@ -72,22 +72,16 @@ } catch (e) { // We probably tried to reload a URI that caused an exception to // occur; e.g. a nonexistent file. } buttonEl.disabled = true; } - function doOverride(buttonEl) { - var event = new CustomEvent("AboutNetErrorOverride", {bubbles:true}); - document.dispatchEvent(event); - retryThis(buttonEl); - } - function toggleDisplay(node) { const toggle = { "": "block", "none": "block", "block": "none" }; return (node.style.display = toggle[node.style.display]); } @@ -102,20 +96,19 @@ panel.style.display = "block"; document.getElementById("netErrorButtonContainer").style.display = "none"; document.getElementById("prefResetButton").addEventListener("click", function resetPreferences(e) { const event = new CustomEvent("AboutNetErrorResetPreferences", {bubbles:true}); document.dispatchEvent(event); }); } - function setupAdvancedButton(allowOverride) { + function setupAdvancedButton() { // Get the hostname and add it to the panel - var panelId = gIsCertError ? "badCertAdvancedPanel" : "weakCryptoAdvancedPanel"; - var panel = document.getElementById(panelId); + var panel = document.getElementById("badCertAdvancedPanel"); for (var span of panel.querySelectorAll("span.hostname")) { span.textContent = document.location.hostname; } if (!gIsCertError) { panel.replaceChild(document.getElementById("errorLongDesc"), document.getElementById("advancedLongDesc")); } @@ -133,22 +126,16 @@ if (panel.style.display == "block") { // send event to trigger telemetry ping var event = new CustomEvent("AboutNetErrorUIExpanded", {bubbles:true}); document.dispatchEvent(event); } }); - if (allowOverride) { - document.getElementById("overrideWeakCryptoPanel").style.display = "flex"; - var overrideLink = document.getElementById("overrideWeakCrypto"); - overrideLink.addEventListener("click", () => doOverride(overrideLink)); - } - if (!gIsCertError) { return; } if (getCSSClass() == "expertBadCert") { toggleDisplay(document.getElementById("badCertAdvancedPanel")); // Toggling the advanced panel must ensure that the debugging // information panel is hidden as well, since it's opened by the @@ -221,20 +208,16 @@ if (err == "sslv3Used") { document.getElementById("learnMoreContainer").style.display = "block"; let learnMoreLink = document.getElementById("learnMoreLink"); learnMoreLink.href = "https://support.mozilla.org/kb/how-resolve-sslv3-error-messages-firefox"; document.body.className = "certerror"; } - if (err == "weakCryptoUsed") { - document.body.className = "certerror"; - } - // remove undisplayed errors to avoid bug 39098 var errContainer = document.getElementById("errorContainer"); errContainer.remove(); var className = getCSSClass(); if (className && className != "expertBadCert") { // Associate a CSS class with the root of the page, if one was passed in, // to allow custom styling. @@ -260,27 +243,24 @@ if (err == "cspBlocked") { // Remove the "Try again" button for CSP violations, since it's // almost certainly useless. (Bug 553180) document.getElementById("netErrorButtonContainer").style.display = "none"; } window.addEventListener("AboutNetErrorOptions", function(evt) { // Pinning errors are of type nssFailure2 - if (getErrorCode() == "nssFailure2" || getErrorCode() == "weakCryptoUsed") { + if (getErrorCode() == "nssFailure2") { document.getElementById("learnMoreContainer").style.display = "block"; let learnMoreLink = document.getElementById("learnMoreLink"); // nssFailure2 also gets us other non-overrideable errors. Choose // a "learn more" link based on description: if (getDescription().includes("mozilla_pkix_error_key_pinning_failure")) { learnMoreLink.href = "https://support.mozilla.org/kb/certificate-pinning-reports"; } - if (getErrorCode() == "weakCryptoUsed") { - learnMoreLink.href = "https://support.mozilla.org/kb/how-resolve-weak-crypto-error-messages-firefox"; - } var options = JSON.parse(evt.detail); if (options && options.enabled) { var checkbox = document.getElementById("automaticallyReportInFuture"); showCertificateErrorReporting(); if (options.automatic) { // set the checkbox checkbox.checked = true; @@ -300,18 +280,18 @@ "SSL_ERROR_NO_CYPHER_OVERLAP", "SSL_ERROR_NO_CIPHERS_SUPPORTED" ].some((substring) => getDescription().includes(substring)); // If it looks like an error that is user config based if (getErrorCode() == "nssFailure2" && hasPrefStyleError && options && options.changedCertPrefs) { showPrefChangeContainer(); } } - if (getErrorCode() == "weakCryptoUsed" || getErrorCode() == "sslv3Used") { - setupAdvancedButton(getErrorCode() == "weakCryptoUsed"); + if (getErrorCode() == "sslv3Used") { + setupAdvancedButton(); } }, true, true); var event = new CustomEvent("AboutNetErrorLoad", {bubbles:true}); document.dispatchEvent(event); if (err == "inadequateSecurityError") { // Remove the "Try again" button for HTTP/2 inadequate security as it @@ -332,17 +312,17 @@ document.title = document.getElementById("captivePortalPageTitle").textContent; document.getElementById("openPortalLoginPageButton") .addEventListener("click", () => { let event = new CustomEvent("AboutNetErrorOpenCaptivePortal", {bubbles:true}); document.dispatchEvent(event); }); - setupAdvancedButton(true); + setupAdvancedButton(); addDomainErrorLinks(); // When the portal is freed, an event is generated by the frame script // that we can pick up and attempt to reload the original page. window.addEventListener("AboutNetErrorCaptivePortalFreed", () => { document.location.reload(); }); @@ -350,17 +330,17 @@ function initPageCertError() { document.body.className = "certerror"; document.title = document.getElementById("certErrorPageTitle").textContent; for (let host of document.querySelectorAll(".hostname")) { host.textContent = document.location.hostname; } - setupAdvancedButton(true); + setupAdvancedButton(); document.getElementById("learnMoreContainer").style.display = "block"; let checkbox = document.getElementById("automaticallyReportInFuture"); checkbox.addEventListener("change", function({target: {checked}}) { document.dispatchEvent(new CustomEvent("AboutNetErrorSetAutomatic", { detail: checked, bubbles: true @@ -484,18 +464,17 @@ * The certificate is only valid for garage.maemo.org */ if (thisHost.endsWith("." + okHost)) link.href = proto + okHost; // If we set a link, meaning there's something helpful for // the user here, expand the section by default if (link.href && getCSSClass() != "expertBadCert") { - var panelId = gIsCertError ? "badCertAdvancedPanel" : "weakCryptoAdvancedPanel" - toggleDisplay(document.getElementById(panelId)); + toggleDisplay(document.getElementById("badCertAdvancedPanel")); if (gIsCertError) { // Toggling the advanced panel must ensure that the debugging // information panel is hidden as well, since it's opened by the // error code link in the advanced panel. var div = document.getElementById("certificateErrorDebugInformation"); div.style.display = "none"; } } @@ -540,17 +519,16 @@ <h1 id="et_contentEncodingError">&contentEncodingError.title;</h1> <h1 id="et_unsafeContentType">&unsafeContentType.title;</h1> <h1 id="et_nssFailure2">&nssFailure2.title;</h1> <h1 id="et_nssBadCert">&certerror.longpagetitle1;</h1> <h1 id="et_cspBlocked">&cspBlocked.title;</h1> <h1 id="et_remoteXUL">&remoteXUL.title;</h1> <h1 id="et_corruptedContentErrorv2">&corruptedContentErrorv2.title;</h1> <h1 id="et_sslv3Used">&sslv3Used.title;</h1> - <h1 id="et_weakCryptoUsed">&weakCryptoUsed.title;</h1> <h1 id="et_inadequateSecurityError">&inadequateSecurityError.title;</h1> </div> <div id="errorDescriptionsContainer"> <div id="ed_generic">&generic.longDesc;</div> <div id="ed_captivePortal">&captivePortal.longDesc2;</div> <div id="ed_dnsNotFound">&dnsNotFound.longDesc;</div> <div id="ed_fileNotFound">&fileNotFound.longDesc;</div> <div id="ed_fileAccessDenied">&fileAccessDenied.longDesc;</div> @@ -570,17 +548,16 @@ <div id="ed_contentEncodingError">&contentEncodingError.longDesc;</div> <div id="ed_unsafeContentType">&unsafeContentType.longDesc;</div> <div id="ed_nssFailure2">&nssFailure2.longDesc2;</div> <div id="ed_nssBadCert">&certerror.introPara;</div> <div id="ed_cspBlocked">&cspBlocked.longDesc;</div> <div id="ed_remoteXUL">&remoteXUL.longDesc;</div> <div id="ed_corruptedContentErrorv2">&corruptedContentErrorv2.longDesc;</div> <div id="ed_sslv3Used">&sslv3Used.longDesc2;</div> - <div id="ed_weakCryptoUsed">&weakCryptoUsed.longDesc2;</div> <div id="ed_inadequateSecurityError">&inadequateSecurityError.longDesc;</div> </div> </div> <!-- PAGE CONTAINER (for styling purposes only) --> <div id="errorPageContainer" class="container"> <!-- Error Title --> @@ -649,26 +626,16 @@ <div id="certificateErrorReporting"> <p class="toggle-container-with-text"> <input type="checkbox" id="automaticallyReportInFuture" /> <label for="automaticallyReportInFuture" id="automaticallyReportInFuture">&errorReporting.automatic2;</label> </p> </div> <div id="advancedPanelContainer"> - <div id="weakCryptoAdvancedPanel" class="advanced-panel"> - <div id="weakCryptoAdvancedDescription"> - <p>&weakCryptoAdvanced.longDesc;</p> - </div> - <div id="advancedLongDesc" /> - <div id="overrideWeakCryptoPanel"> - <a id="overrideWeakCrypto" href="#">&weakCryptoAdvanced.override;</a> - </div> - </div> - <div id="badCertAdvancedPanel" class="advanced-panel"> <p id="badCertTechnicalInfo"/> <button id="exceptionDialogButton">&securityOverride.exceptionButtonLabel;</button> </div> </div> </div>
--- a/browser/base/content/browser.js +++ b/browser/base/content/browser.js @@ -2841,33 +2841,31 @@ var BrowserOnClick = { mm.addMessageListener("Browser:CertExceptionError", this); mm.addMessageListener("Browser:OpenCaptivePortalPage", this); mm.addMessageListener("Browser:SiteBlockedError", this); mm.addMessageListener("Browser:EnableOnlineMode", this); mm.addMessageListener("Browser:SendSSLErrorReport", this); mm.addMessageListener("Browser:SetSSLErrorReportAuto", this); mm.addMessageListener("Browser:ResetSSLPreferences", this); mm.addMessageListener("Browser:SSLErrorReportTelemetry", this); - mm.addMessageListener("Browser:OverrideWeakCrypto", this); mm.addMessageListener("Browser:SSLErrorGoBack", this); Services.obs.addObserver(this, "captive-portal-login-abort", false); Services.obs.addObserver(this, "captive-portal-login-success", false); }, uninit() { let mm = window.messageManager; mm.removeMessageListener("Browser:CertExceptionError", this); mm.removeMessageListener("Browser:SiteBlockedError", this); mm.removeMessageListener("Browser:EnableOnlineMode", this); mm.removeMessageListener("Browser:SendSSLErrorReport", this); mm.removeMessageListener("Browser:SetSSLErrorReportAuto", this); mm.removeMessageListener("Browser:ResetSSLPreferences", this); mm.removeMessageListener("Browser:SSLErrorReportTelemetry", this); - mm.removeMessageListener("Browser:OverrideWeakCrypto", this); mm.removeMessageListener("Browser:SSLErrorGoBack", this); Services.obs.removeObserver(this, "captive-portal-login-abort"); Services.obs.removeObserver(this, "captive-portal-login-success"); }, observe(aSubject, aTopic, aData) { switch (aTopic) { @@ -2938,23 +2936,16 @@ var BrowserOnClick = { } Services.telemetry.getHistogramById("TLS_ERROR_REPORT_UI").add(bin); break; case "Browser:SSLErrorReportTelemetry": let reportStatus = msg.data.reportStatus; Services.telemetry.getHistogramById("TLS_ERROR_REPORT_UI") .add(reportStatus); break; - case "Browser:OverrideWeakCrypto": - let weakCryptoOverride = Cc["@mozilla.org/security/weakcryptooverride;1"] - .getService(Ci.nsIWeakCryptoOverride); - weakCryptoOverride.addWeakCryptoOverride( - msg.data.uri.host, - PrivateBrowsingUtils.isBrowserPrivate(gBrowser.selectedBrowser)); - break; case "Browser:SSLErrorGoBack": goBackFromErrorPage(); break; } }, onSSLErrorReport(browser, uri, securityInfo) { if (!Services.prefs.getBoolPref("security.ssl.errorReporting.enabled")) { @@ -6937,17 +6928,16 @@ var gIdentityHandler = { // Then, update the user interface with the available data. this.refreshIdentityBlock(); // Handle a location change while the Control Center is focused // by closing the popup (bug 1207542) if (shouldHidePopup) { this._identityPopup.hidePopup(); } - this.showWeakCryptoInfoBar(); // NOTE: We do NOT update the identity popup (the control center) when // we receive a new security state on the existing page (i.e. from a // subframe). If the user opened the popup and looks at the provided // information we don't want to suddenly change the panel contents. }, /** @@ -7127,65 +7117,16 @@ var gIdentityHandler = { // Set cropping and direction this._identityIconLabel.crop = icon_country_label ? "end" : "center"; this._identityIconLabel.parentNode.style.direction = icon_labels_dir; // Hide completely if the organization label is empty this._identityIconLabel.parentNode.collapsed = icon_label ? false : true; }, /** - * Show the weak crypto notification bar. - */ - showWeakCryptoInfoBar() { - if (!this._uriHasHost || !this._isBroken || !this._sslStatus.cipherName || - this._sslStatus.cipherName.indexOf("_RC4_") < 0) { - return; - } - - let notificationBox = gBrowser.getNotificationBox(); - let notification = notificationBox.getNotificationWithValue("weak-crypto"); - if (notification) { - return; - } - - let brandBundle = document.getElementById("bundle_brand"); - let brandShortName = brandBundle.getString("brandShortName"); - let message = gNavigatorBundle.getFormattedString("weakCryptoOverriding.message", - [brandShortName]); - - let host = this._uri.host; - let port = 443; - try { - if (this._uri.port > 0) { - port = this._uri.port; - } - } catch (e) {} - - let buttons = [{ - label: gNavigatorBundle.getString("revokeOverride.label"), - accessKey: gNavigatorBundle.getString("revokeOverride.accesskey"), - callback(aNotification, aButton) { - try { - let weakCryptoOverride = Cc["@mozilla.org/security/weakcryptooverride;1"] - .getService(Ci.nsIWeakCryptoOverride); - weakCryptoOverride.removeWeakCryptoOverride(host, port, - PrivateBrowsingUtils.isBrowserPrivate(gBrowser.selectedBrowser)); - BrowserReloadWithFlags(nsIWebNavigation.LOAD_FLAGS_BYPASS_CACHE); - } catch (e) { - Cu.reportError(e); - } - } - }]; - - const priority = notificationBox.PRIORITY_WARNING_MEDIUM; - notificationBox.appendNotification(message, "weak-crypto", null, - priority, buttons); - }, - - /** * Set up the title and content messages for the identity message popup, * based on the specified mode, and the details of the SSL cert, where * applicable */ refreshIdentityPopup() { // Update "Learn More" for Mixed Content Blocking and Insecure Login Forms. let baseURL = Services.urlFormatter.formatURLPref("app.support.baseURL"); this._identityPopupMixedContentLearnMore
--- a/browser/base/content/content.js +++ b/browser/base/content/content.js @@ -262,17 +262,16 @@ function getSerializedSecurityInfo(docSh var AboutNetAndCertErrorListener = { init(chromeGlobal) { addMessageListener("CertErrorDetails", this); addMessageListener("Browser:CaptivePortalFreed", this); chromeGlobal.addEventListener("AboutNetErrorLoad", this, false, true); chromeGlobal.addEventListener("AboutNetErrorOpenCaptivePortal", this, false, true); chromeGlobal.addEventListener("AboutNetErrorSetAutomatic", this, false, true); - chromeGlobal.addEventListener("AboutNetErrorOverride", this, false, true); chromeGlobal.addEventListener("AboutNetErrorResetPreferences", this, false, true); }, get isAboutNetError() { return content.document.documentURI.startsWith("about:neterror"); }, get isAboutCertError() { @@ -385,19 +384,16 @@ var AboutNetAndCertErrorListener = { this.onPageLoad(aEvent); break; case "AboutNetErrorOpenCaptivePortal": this.openCaptivePortalPage(aEvent); break; case "AboutNetErrorSetAutomatic": this.onSetAutomatic(aEvent); break; - case "AboutNetErrorOverride": - this.onOverride(aEvent); - break; case "AboutNetErrorResetPreferences": this.onResetPreferences(aEvent); break; } }, changedCertPrefs() { for (let prefName of PREF_SSL_IMPACT) { @@ -448,21 +444,16 @@ var AboutNetAndCertErrorListener = { let {host, port} = content.document.mozDocumentURIIfNotForErrorPages; sendAsyncMessage("Browser:SendSSLErrorReport", { uri: { host, port }, securityInfo: getSerializedSecurityInfo(docShell), }); } }, - - onOverride(evt) { - let {host, port} = content.document.mozDocumentURIIfNotForErrorPages; - sendAsyncMessage("Browser:OverrideWeakCrypto", { uri: {host, port} }); - } } AboutNetAndCertErrorListener.init(this); var ClickEventHandler = { init: function init() { Cc["@mozilla.org/eventlistenerservice;1"]
--- a/browser/base/content/test/general/browser_misused_characters_in_strings.js +++ b/browser/base/content/test/general/browser_misused_characters_in_strings.js @@ -13,24 +13,16 @@ let gWhitelist = [{ key: "searchForSomethingWith", type: "single-quote" }, { file: "netError.dtd", key: "certerror.introPara", type: "single-quote" }, { file: "netError.dtd", - key: "weakCryptoAdvanced.longDesc", - type: "single-quote" - }, { - file: "netError.dtd", - key: "weakCryptoAdvanced.override", - type: "single-quote" - }, { - file: "netError.dtd", key: "inadequateSecurityError.longDesc", type: "single-quote" }, { file: "netError.dtd", key: "certerror.wrongSystemTime2", type: "single-quote" }, { file: "netError.dtd",
--- a/browser/locales/en-US/chrome/browser/browser.properties +++ b/browser/locales/en-US/chrome/browser/browser.properties @@ -813,21 +813,16 @@ userContextOpenLink.label = Open Link in muteTab.label = Mute Tab muteTab.accesskey = M unmuteTab.label = Unmute Tab unmuteTab.accesskey = m playTab.label = Play Tab playTab.accesskey = l -# LOCALIZATION NOTE (weakCryptoOverriding.message): %S is brandShortName -weakCryptoOverriding.message = %S recommends that you don’t enter your password, credit card and other personal information on this website. -revokeOverride.label = Don’t Trust This Website -revokeOverride.accesskey = D - # LOCALIZATION NOTE (certErrorDetails*.label): These are text strings that # appear in the about:certerror page, so that the user can copy and send them to # the server administrators for troubleshooting. certErrorDetailsHSTS.label = HTTP Strict Transport Security: %S certErrorDetailsKeyPinning.label = HTTP Public Key Pinning: %S certErrorDetailsCertChain.label = Certificate chain: # LOCALIZATION NOTE (pendingCrashReports2.label): Semi-colon list of plural forms
--- a/browser/locales/en-US/chrome/overrides/appstrings.properties +++ b/browser/locales/en-US/chrome/overrides/appstrings.properties @@ -33,11 +33,9 @@ externalProtocolLaunchBtn=Launch applica malwareBlocked=The site at %S has been reported as an attack site and has been blocked based on your security preferences. unwantedBlocked=The site at %S has been reported as serving unwanted software and has been blocked based on your security preferences. deceptiveBlocked=This web page at %S has been reported as a deceptive site and has been blocked based on your security preferences. cspBlocked=This page has a content security policy that prevents it from being loaded in this way. corruptedContentErrorv2=The site at %S has experienced a network protocol violation that cannot be repaired. remoteXUL=This page uses an unsupported technology that is no longer available by default in Firefox. ## LOCALIZATION NOTE (sslv3Used) - Do not translate "%S". sslv3Used=Firefox cannot guarantee the safety of your data on %S because it uses SSLv3, a broken security protocol. -## LOCALIZATION NOTE (weakCryptoUsed) - Do not translate "%S". -weakCryptoUsed=The owner of %S has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website. inadequateSecurityError=The website tried to negotiate an inadequate level of security.
--- a/browser/locales/en-US/chrome/overrides/netError.dtd +++ b/browser/locales/en-US/chrome/overrides/netError.dtd @@ -184,24 +184,16 @@ was trying to connect. --> <!ENTITY remoteXUL.title "Remote XUL"> <!ENTITY remoteXUL.longDesc "<p><ul><li>Please contact the website owners to inform them of this problem.</li></ul></p>"> <!ENTITY sslv3Used.title "Unable to Connect Securely"> <!-- LOCALIZATION NOTE (sslv3Used.longDesc2) - Do not translate "SSL_ERROR_UNSUPPORTED_VERSION". --> <!ENTITY sslv3Used.longDesc2 "Advanced info: SSL_ERROR_UNSUPPORTED_VERSION"> -<!ENTITY weakCryptoUsed.title "Your connection is not secure"> -<!-- LOCALIZATION NOTE (weakCryptoUsed.longDesc2) - Do not translate - "SSL_ERROR_NO_CYPHER_OVERLAP". --> -<!ENTITY weakCryptoUsed.longDesc2 "Advanced info: SSL_ERROR_NO_CYPHER_OVERLAP"> -<!ENTITY weakCryptoAdvanced.title "Advanced"> -<!ENTITY weakCryptoAdvanced.longDesc "<span class='hostname'></span> uses security technology that is outdated and vulnerable to attack. An attacker could easily reveal information which you thought to be safe."> -<!ENTITY weakCryptoAdvanced.override "(Not secure) Try loading <span class='hostname'></span> using outdated security"> - <!-- LOCALIZATION NOTE (certerror.wrongSystemTime2, certerror.wrongSystemTimeWithoutReference) - The <span id='..' /> tags will be injected with actual values, please leave them unchanged. --> <!ENTITY certerror.wrongSystemTime2 "<p> &brandShortName; did not connect to <span id='wrongSystemTime_URL'/> because your computer’s clock appears to show the wrong time and this is preventing a secure connection.</p> <p>Your computer is set to <span id='wrongSystemTime_systemDate'/>, when it should be <span id='wrongSystemTime_actualDate'/>. To fix this problem, change your date and time settings to match the correct time.</p>"> <!ENTITY certerror.wrongSystemTimeWithoutReference "<p>&brandShortName; did not connect to <span id='wrongSystemTimeWithoutReference_URL'/> because your computer’s clock appears to show the wrong time and this is preventing a secure connection.</p> <p>Your computer is set to <span id='wrongSystemTimeWithoutReference_systemDate'/>. To fix this problem, change your date and time settings to match the correct time.</p>"> <!ENTITY certerror.pagetitle1 "Insecure Connection"> <!ENTITY certerror.whatShouldIDo.badStsCertExplanation "This site uses HTTP