Backed out 2 changesets (bug 1558915) for causing bustages. CLOSED TREE
authorMihai Alexandru Michis <malexandru@mozilla.com>
Fri, 02 Aug 2019 12:17:42 +0300
changeset 546398 418858fa823396ccc16c9cefb1b482228d7da747
parent 546397 e44c9fd81e5b0455f608127e09e98a51a5a49253
child 546399 6d27ca6d890f0195e7b01271243416d07824b182
push id11848
push userffxbld-merge
push dateMon, 26 Aug 2019 19:26:25 +0000
treeherdermozilla-beta@9b31bfdfac10 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
bugs1558915
milestone70.0a1
backs oute44c9fd81e5b0455f608127e09e98a51a5a49253
3da6e9e86be4a4a9eeaceec222398475b6679193
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Backed out 2 changesets (bug 1558915) for causing bustages. CLOSED TREE Backed out changeset e44c9fd81e5b (bug 1558915) Backed out changeset 3da6e9e86be4 (bug 1558915)
dom/canvas/CanvasUtils.cpp
dom/file/uri/FontTableURIProtocolHandler.h
dom/geolocation/nsGeolocation.cpp
dom/html/HTMLFormElement.cpp
dom/html/HTMLFormSubmission.cpp
dom/html/nsHTMLDNSPrefetch.cpp
dom/html/nsHTMLDocument.cpp
dom/indexedDB/IDBFactory.cpp
dom/ipc/ContentParent.cpp
dom/media/MediaManager.cpp
dom/notification/Notification.cpp
dom/performance/PerformanceTiming.cpp
dom/plugins/base/nsNPAPIPlugin.cpp
dom/script/ScriptLoadRequest.cpp
dom/script/ScriptLoader.cpp
dom/serviceworkers/ServiceWorkerUtils.cpp
dom/storage/StorageUtils.cpp
dom/url/URL.cpp
dom/webauthn/WebAuthnUtil.cpp
dom/websocket/WebSocket.cpp
dom/workers/ScriptLoader.cpp
dom/xbl/nsXBLContentSink.cpp
dom/xbl/nsXBLService.cpp
dom/xhr/XMLHttpRequestMainThread.cpp
dom/xml/XMLDocument.cpp
dom/xslt/xslt/txMozillaStylesheetCompiler.cpp
dom/xul/nsXULElement.cpp
toolkit/components/antitracking/AntiTrackingCommon.cpp
toolkit/components/antitracking/StorageAccess.cpp
toolkit/components/places/nsNavBookmarks.cpp
toolkit/components/url-classifier/nsUrlClassifierStreamUpdater.cpp
toolkit/components/windowwatcher/nsWindowWatcher.cpp
toolkit/mozapps/extensions/AddonContentPolicy.cpp
toolkit/mozapps/extensions/AddonManagerWebAPI.cpp
toolkit/system/unixproxy/nsUnixSystemProxySettings.cpp
toolkit/xre/nsAppRunner.cpp
--- a/dom/canvas/CanvasUtils.cpp
+++ b/dom/canvas/CanvasUtils.cpp
@@ -71,17 +71,18 @@ bool IsImageExtractionAllowed(Document* 
   }
 
   // Get the document URI and its spec.
   nsIURI* docURI = aDocument->GetDocumentURI();
   nsCString docURISpec;
   docURI->GetSpec(docURISpec);
 
   // Allow local files to extract canvas data.
-  if (docURI->SchemeIs("file")) {
+  bool isFileURL;
+  if (NS_SUCCEEDED(docURI->SchemeIs("file", &isFileURL)) && isFileURL) {
     return true;
   }
 
   // Don't show canvas prompt for PDF.js
   JS::AutoFilename scriptFile;
   if (JS::DescribeScriptedCaller(aCx, &scriptFile) && scriptFile.get() &&
       strcmp(scriptFile.get(), "resource://pdf.js/build/pdf.js") == 0) {
     return true;
--- a/dom/file/uri/FontTableURIProtocolHandler.h
+++ b/dom/file/uri/FontTableURIProtocolHandler.h
@@ -29,15 +29,16 @@ class FontTableURIProtocolHandler final
 
   static nsresult GenerateURIString(nsACString& aUri);
 
  protected:
   virtual ~FontTableURIProtocolHandler();
 };
 
 inline bool IsFontTableURI(nsIURI* aUri) {
-  return aUri->SchemeIs(FONTTABLEURI_SCHEME);
+  bool isFont;
+  return NS_SUCCEEDED(aUri->SchemeIs(FONTTABLEURI_SCHEME, &isFont)) && isFont;
 }
 
 }  // namespace dom
 }  // namespace mozilla
 
 #endif /* FontTableURIProtocolHandler_h */
--- a/dom/geolocation/nsGeolocation.cpp
+++ b/dom/geolocation/nsGeolocation.cpp
@@ -831,20 +831,28 @@ nsresult Geolocation::Init(nsPIDOMWindow
 
     mPrincipal = doc->NodePrincipal();
 
     nsCOMPtr<nsIURI> uri;
     nsresult rv = mPrincipal->GetURI(getter_AddRefs(uri));
     NS_ENSURE_SUCCESS(rv, rv);
 
     if (uri) {
+      bool isHttp;
+      rv = uri->SchemeIs("http", &isHttp);
+      NS_ENSURE_SUCCESS(rv, rv);
+
+      bool isHttps;
+      rv = uri->SchemeIs("https", &isHttps);
+      NS_ENSURE_SUCCESS(rv, rv);
+
       // Store the protocol to send via telemetry later.
-      if (uri->SchemeIs("http")) {
+      if (isHttp) {
         mProtocolType = ProtocolType::HTTP;
-      } else if (uri->SchemeIs("https")) {
+      } else if (isHttps) {
         mProtocolType = ProtocolType::HTTPS;
       }
     }
   }
 
   // If no aContentDom was passed into us, we are being used
   // by chrome/c++ and have no mOwner, no mPrincipal, and no need
   // to prompt.
--- a/dom/html/HTMLFormElement.cpp
+++ b/dom/html/HTMLFormElement.cpp
@@ -646,18 +646,19 @@ nsresult HTMLFormElement::SubmitSubmissi
   // Note that any other URI types that are of equivalent type should also be
   // added here.
   // XXXbz this is a mess.  The real issue here is that nsJSChannel sets the
   // LOAD_BACKGROUND flag, so doesn't notify us, compounded by the fact that
   // the JS executes before we forget the submission in OnStateChange on
   // STATE_STOP.  As a result, we have to make sure that we simply pretend
   // we're not submitting when submitting to a JS URL.  That's kinda bogus, but
   // there we are.
-  bool schemeIsJavaScript = actionURI->SchemeIs("javascript");
-  if (schemeIsJavaScript) {
+  bool schemeIsJavaScript = false;
+  if (NS_SUCCEEDED(actionURI->SchemeIs("javascript", &schemeIsJavaScript)) &&
+      schemeIsJavaScript) {
     mIsSubmitting = false;
   }
 
   //
   // Notify observers of submit
   //
   bool cancelSubmit = false;
   if (mNotifiedObservers) {
@@ -752,17 +753,22 @@ nsresult HTMLFormElement::DoSecureToInse
   nsCOMPtr<nsIURI> principalURI;
   nsresult rv = principal->GetURI(getter_AddRefs(principalURI));
   if (NS_FAILED(rv)) {
     return rv;
   }
   if (!principalURI) {
     principalURI = OwnerDoc()->GetDocumentURI();
   }
-  bool formIsHTTPS = principalURI->SchemeIs("https");
+  bool formIsHTTPS;
+  rv = principalURI->SchemeIs("https", &formIsHTTPS);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
   if (!formIsHTTPS) {
     return NS_OK;
   }
 
   if (nsMixedContentBlocker::IsPotentiallyTrustworthyLoopbackURL(aActionURL)) {
     return NS_OK;
   }
 
@@ -1497,17 +1503,19 @@ nsresult HTMLFormElement::GetActionURL(n
       nsContentUtils::GetSecurityManager();
   rv = securityManager->CheckLoadURIWithPrincipal(
       NodePrincipal(), actionURL, nsIScriptSecurityManager::STANDARD);
   NS_ENSURE_SUCCESS(rv, rv);
 
   // Potentially the page uses the CSP directive 'upgrade-insecure-requests'. In
   // such a case we have to upgrade the action url from http:// to https://.
   // If the actionURL is not http, then there is nothing to do.
-  bool isHttpScheme = actionURL->SchemeIs("http");
+  bool isHttpScheme = false;
+  rv = actionURL->SchemeIs("http", &isHttpScheme);
+  NS_ENSURE_SUCCESS(rv, rv);
   if (isHttpScheme && document->GetUpgradeInsecureRequests(false)) {
     // let's use the old specification before the upgrade for logging
     AutoTArray<nsString, 2> params;
     nsAutoCString spec;
     rv = actionURL->GetSpec(spec);
     NS_ENSURE_SUCCESS(rv, rv);
     CopyUTF8toUTF16(spec, *params.AppendElement());
 
--- a/dom/html/HTMLFormSubmission.cpp
+++ b/dom/html/HTMLFormSubmission.cpp
@@ -240,17 +240,19 @@ nsresult FSURLEncoded::GetEncodedSubmiss
                                             nsIInputStream** aPostDataStream,
                                             nsCOMPtr<nsIURI>& aOutURI) {
   nsresult rv = NS_OK;
   aOutURI = aURI;
 
   *aPostDataStream = nullptr;
 
   if (mMethod == NS_FORM_METHOD_POST) {
-    if (aURI->SchemeIs("mailto")) {
+    bool isMailto = false;
+    aURI->SchemeIs("mailto", &isMailto);
+    if (isMailto) {
       nsAutoCString path;
       rv = aURI->GetPathQueryRef(path);
       NS_ENSURE_SUCCESS(rv, rv);
 
       HandleMailtoSubject(path);
 
       // Append the body to and force-plain-text args to the mailto line
       nsAutoCString escapedBody;
@@ -276,17 +278,20 @@ nsresult FSURLEncoded::GetEncodedSubmiss
                             "application/x-www-form-urlencoded");
       mimeStream->SetData(dataStream);
 
       mimeStream.forget(aPostDataStream);
     }
 
   } else {
     // Get the full query string
-    if (aURI->SchemeIs("javascript")) {
+    bool schemeIsJavaScript;
+    rv = aURI->SchemeIs("javascript", &schemeIsJavaScript);
+    NS_ENSURE_SUCCESS(rv, rv);
+    if (schemeIsJavaScript) {
       return NS_OK;
     }
 
     nsCOMPtr<nsIURL> url = do_QueryInterface(aURI);
     if (url) {
       rv = NS_MutateURI(aURI).SetQuery(mQueryString).Finalize(aOutURI);
     } else {
       nsAutoCString path;
@@ -656,17 +661,19 @@ nsresult FSTextPlain::GetEncodedSubmissi
   nsresult rv = NS_OK;
   aOutURI = aURI;
 
   *aPostDataStream = nullptr;
 
   // XXX HACK We are using the standard URL mechanism to give the body to the
   // mailer instead of passing the post data stream to it, since that sounds
   // hard.
-  if (aURI->SchemeIs("mailto")) {
+  bool isMailto = false;
+  aURI->SchemeIs("mailto", &isMailto);
+  if (isMailto) {
     nsAutoCString path;
     rv = aURI->GetPathQueryRef(path);
     NS_ENSURE_SUCCESS(rv, rv);
 
     HandleMailtoSubject(path);
 
     // Append the body to and force-plain-text args to the mailto line
     nsAutoCString escapedBody;
--- a/dom/html/nsHTMLDNSPrefetch.cpp
+++ b/dom/html/nsHTMLDNSPrefetch.cpp
@@ -351,17 +351,18 @@ void nsHTMLDNSPrefetch::nsDeferrals::Sub
 
         hostName.Truncate();
         bool isHttps = false;
         if (hrefURI) {
           hrefURI->GetAsciiHost(hostName);
           rv = NS_URIChainHasFlags(hrefURI,
                                    nsIProtocolHandler::URI_IS_LOCAL_RESOURCE,
                                    &isLocalResource);
-          isHttps = hrefURI->SchemeIs("https");
+
+          hrefURI->SchemeIs("https", &isHttps);
         }
 
         if (!hostName.IsEmpty() && NS_SUCCEEDED(rv) && !isLocalResource &&
             element) {
           if (IsNeckoChild()) {
             // during shutdown gNeckoChild might be null
             if (gNeckoChild) {
               gNeckoChild->SendHTMLDNSPrefetch(
--- a/dom/html/nsHTMLDocument.cpp
+++ b/dom/html/nsHTMLDocument.cpp
@@ -471,17 +471,18 @@ nsresult nsHTMLDocument::StartDocumentLo
 
   // TODO: Proper about:blank treatment is bug 543435
   if (loadAsHtml5 && view) {
     // mDocumentURI hasn't been set, yet, so get the URI from the channel
     nsCOMPtr<nsIURI> uri;
     aChannel->GetOriginalURI(getter_AddRefs(uri));
     // Adapted from nsDocShell:
     // GetSpec can be expensive for some URIs, so check the scheme first.
-    if (uri && uri->SchemeIs("about")) {
+    bool isAbout = false;
+    if (uri && NS_SUCCEEDED(uri->SchemeIs("about", &isAbout)) && isAbout) {
       if (uri->GetSpecOrDefault().EqualsLiteral("about:blank")) {
         loadAsHtml5 = false;
       }
     }
   }
 
   nsresult rv = Document::StartDocumentLoad(aCommand, aChannel, aLoadGroup,
                                             aContainer, aDocListener, aReset);
@@ -810,17 +811,19 @@ bool nsHTMLDocument::WillIgnoreCharsetOv
     return true;
   }
   if (!mCharacterSet->IsAsciiCompatible() &&
       mCharacterSet != ISO_2022_JP_ENCODING) {
     return true;
   }
   nsIURI* uri = GetOriginalURI();
   if (uri) {
-    if (uri->SchemeIs("about")) {
+    bool schemeIs = false;
+    uri->SchemeIs("about", &schemeIs);
+    if (schemeIs) {
       return true;
     }
     bool isResource;
     nsresult rv = NS_URIChainHasFlags(
         uri, nsIProtocolHandler::URI_IS_UI_RESOURCE, &isResource);
     if (NS_FAILED(rv) || isResource) {
       return true;
     }
--- a/dom/indexedDB/IDBFactory.cpp
+++ b/dom/indexedDB/IDBFactory.cpp
@@ -325,17 +325,20 @@ nsresult IDBFactory::AllowedForWindowInt
   }
 
   // About URIs shouldn't be able to access IndexedDB unless they have the
   // nsIAboutModule::ENABLE_INDEXED_DB flag set on them.
   nsCOMPtr<nsIURI> uri;
   MOZ_ALWAYS_SUCCEEDS(principal->GetURI(getter_AddRefs(uri)));
   MOZ_ASSERT(uri);
 
-  if (uri->SchemeIs("about")) {
+  bool isAbout = false;
+  MOZ_ALWAYS_SUCCEEDS(uri->SchemeIs("about", &isAbout));
+
+  if (isAbout) {
     nsCOMPtr<nsIAboutModule> module;
     if (NS_SUCCEEDED(NS_GetAboutModule(uri, getter_AddRefs(module)))) {
       uint32_t flags;
       if (NS_SUCCEEDED(module->GetURIFlags(uri, &flags))) {
         if (!(flags & nsIAboutModule::ENABLE_INDEXED_DB)) {
           return NS_ERROR_DOM_NOT_SUPPORTED_ERR;
         }
       } else {
--- a/dom/ipc/ContentParent.cpp
+++ b/dom/ipc/ContentParent.cpp
@@ -2855,18 +2855,20 @@ mozilla::ipc::IPCResult ContentParent::R
   MOZ_ASSERT(aTypes);
   DataTransfer::GetExternalClipboardFormats(aWhichClipboard, aPlainTextOnly,
                                             aTypes);
   return IPC_OK();
 }
 
 mozilla::ipc::IPCResult ContentParent::RecvPlaySound(const URIParams& aURI) {
   nsCOMPtr<nsIURI> soundURI = DeserializeURI(aURI);
+  bool isChrome = false;
   // If the check here fails, it can only mean that this message was spoofed.
-  if (!soundURI || !soundURI->SchemeIs("chrome")) {
+  if (!soundURI || NS_FAILED(soundURI->SchemeIs("chrome", &isChrome)) ||
+      !isChrome) {
     // PlaySound only accepts a valid chrome URI.
     return IPC_FAIL_NO_REASON(this);
   }
   nsCOMPtr<nsIURL> soundURL(do_QueryInterface(soundURI));
   if (!soundURL) {
     return IPC_OK();
   }
 
--- a/dom/media/MediaManager.cpp
+++ b/dom/media/MediaManager.cpp
@@ -2343,19 +2343,28 @@ RefPtr<MediaManager::StreamPromise> Medi
     return StreamPromise::CreateAndReject(
         MakeRefPtr<MediaMgrError>(MediaMgrError::Name::AbortError), __func__);
   }
   bool isChrome = (aCallerType == CallerType::System);
   bool privileged =
       isChrome ||
       Preferences::GetBool("media.navigator.permission.disabled", false);
   bool isSecure = aWindow->IsSecureContext();
+  // Note: isHTTPS is for legacy telemetry only! Use isSecure for security, as
+  // it handles things like https iframes in http pages correctly.
+  bool isHTTPS = false;
   bool isHandlingUserInput = EventStateManager::IsHandlingUserInput();
+  docURI->SchemeIs("https", &isHTTPS);
   nsCString host;
   nsresult rv = docURI->GetHost(host);
+  // Test for some other schemes that ServiceWorker recognizes
+  bool isFile;
+  docURI->SchemeIs("file", &isFile);
+  bool isApp;
+  docURI->SchemeIs("app", &isApp);
 
   nsCOMPtr<nsIPrincipal> principal =
       nsGlobalWindowInner::Cast(aWindow)->GetPrincipal();
   if (NS_WARN_IF(!principal)) {
     return StreamPromise::CreateAndReject(
         MakeRefPtr<MediaMgrError>(MediaMgrError::Name::SecurityError),
         __func__);
   }
--- a/dom/notification/Notification.cpp
+++ b/dom/notification/Notification.cpp
@@ -472,20 +472,26 @@ NS_IMETHODIMP
 NotificationPermissionRequest::Run() {
   if (nsContentUtils::IsSystemPrincipal(mPrincipal)) {
     mPermission = NotificationPermission::Granted;
   } else {
     // File are automatically granted permission.
     nsCOMPtr<nsIURI> uri;
     mPrincipal->GetURI(getter_AddRefs(uri));
 
-    if (uri && uri->SchemeIs("file")) {
-      mPermission = NotificationPermission::Granted;
-    } else if (!StaticPrefs::dom_webnotifications_allowinsecure() &&
-               !mWindow->IsSecureContext()) {
+    bool isFile = false;
+    if (uri) {
+      uri->SchemeIs("file", &isFile);
+      if (isFile) {
+        mPermission = NotificationPermission::Granted;
+      }
+    }
+
+    if (!isFile && !StaticPrefs::dom_webnotifications_allowinsecure() &&
+        !mWindow->IsSecureContext()) {
       mPermission = NotificationPermission::Denied;
       nsCOMPtr<Document> doc = mWindow->GetExtantDoc();
       if (doc) {
         nsContentUtils::ReportToConsole(
             nsIScriptError::errorFlag, NS_LITERAL_CSTRING("DOM"), doc,
             nsContentUtils::eDOM_PROPERTIES,
             "NotificationsInsecureRequestIsForbidden");
       }
@@ -1612,18 +1618,22 @@ NotificationPermission Notification::Get
   MOZ_ASSERT(aPrincipal);
 
   if (nsContentUtils::IsSystemPrincipal(aPrincipal)) {
     return NotificationPermission::Granted;
   } else {
     // Allow files to show notifications by default.
     nsCOMPtr<nsIURI> uri;
     aPrincipal->GetURI(getter_AddRefs(uri));
-    if (uri && uri->SchemeIs("file")) {
-      return NotificationPermission::Granted;
+    if (uri) {
+      bool isFile;
+      uri->SchemeIs("file", &isFile);
+      if (isFile) {
+        return NotificationPermission::Granted;
+      }
     }
   }
 
   // We also allow notifications is they are pref'ed on.
   if (Preferences::GetBool("notification.prompt.testing", false)) {
     if (Preferences::GetBool("notification.prompt.testing.allow", true)) {
       return NotificationPermission::Granted;
     } else {
--- a/dom/performance/PerformanceTiming.cpp
+++ b/dom/performance/PerformanceTiming.cpp
@@ -125,17 +125,20 @@ PerformanceTimingData::PerformanceTiming
   } else {
     nsCOMPtr<nsIHttpChannel> httpChannel = do_QueryInterface(aChannel);
     if (httpChannel) {
       httpChannel->GetURI(getter_AddRefs(uri));
     }
   }
 
   if (uri) {
-    mSecureConnection = uri->SchemeIs("https");
+    nsresult rv = uri->SchemeIs("https", &mSecureConnection);
+    if (NS_FAILED(rv)) {
+      mSecureConnection = false;
+    }
   }
 
   if (aChannel) {
     aChannel->GetAsyncOpen(&mAsyncOpen);
     aChannel->GetAllRedirectsSameOrigin(&mAllRedirectsSameOrigin);
     aChannel->GetRedirectCount(&mRedirectCount);
     aChannel->GetRedirectStart(&mRedirectStart);
     aChannel->GetRedirectEnd(&mRedirectEnd);
--- a/dom/plugins/base/nsNPAPIPlugin.cpp
+++ b/dom/plugins/base/nsNPAPIPlugin.cpp
@@ -960,17 +960,19 @@ bool _evaluate(NPP npp, NPObject* npobj,
     // document URI is a chrome:// URI, pass that in as the URI of the
     // script, else pass in null for the filename as there's no way to
     // know where this document really came from. Passing in null here
     // also means that the script gets treated by XPConnect as if it
     // needs additional protection, which is what we want for unknown
     // chrome code anyways.
 
     uri = doc->GetDocumentURI();
-    if (uri && uri->SchemeIs("chrome")) {
+    bool isChrome = false;
+
+    if (uri && NS_SUCCEEDED(uri->SchemeIs("chrome", &isChrome)) && isChrome) {
       uri->GetSpec(specStr);
       spec = specStr.get();
     } else {
       spec = nullptr;
     }
   }
 
   NPN_PLUGIN_LOG(PLUGIN_LOG_NOISY,
--- a/dom/script/ScriptLoadRequest.cpp
+++ b/dom/script/ScriptLoadRequest.cpp
@@ -193,17 +193,22 @@ void ScriptLoadRequest::SetBytecode() {
   MOZ_ASSERT(IsUnknownDataType());
   mDataType = DataType::eBytecode;
 }
 
 bool ScriptLoadRequest::ShouldAcceptBinASTEncoding() const {
 #ifdef JS_BUILD_BINAST
   // We accept the BinAST encoding if we're using a secure connection.
 
-  if (!mURI->SchemeIs("https")) {
+  bool isHTTPS = false;
+  nsresult rv = mURI->SchemeIs("https", &isHTTPS);
+  MOZ_ASSERT(NS_SUCCEEDED(rv));
+  Unused << rv;
+
+  if (!isHTTPS) {
     return false;
   }
 
   if (StaticPrefs::dom_script_loader_binast_encoding_domain_restrict()) {
     if (!nsContentUtils::IsURIInPrefList(
             mURI, "dom.script_loader.binast_encoding.domain.restrict.list")) {
       return false;
     }
--- a/dom/script/ScriptLoader.cpp
+++ b/dom/script/ScriptLoader.cpp
@@ -353,17 +353,19 @@ bool ScriptLoader::IsAboutPageLoadingChr
   }
 
   // if the triggering uri is not of scheme about:, there is nothing to do
   nsCOMPtr<nsIURI> triggeringURI;
   nsresult rv =
       aRequest->TriggeringPrincipal()->GetURI(getter_AddRefs(triggeringURI));
   NS_ENSURE_SUCCESS(rv, false);
 
-  if (!triggeringURI->SchemeIs("about")) {
+  bool isAbout =
+      (NS_SUCCEEDED(triggeringURI->SchemeIs("about", &isAbout)) && isAbout);
+  if (!isAbout) {
     return false;
   }
 
   // if the about: page is linkable from content, there is nothing to do
   nsCOMPtr<nsIAboutModule> aboutMod;
   rv = NS_GetAboutModule(triggeringURI, getter_AddRefs(aboutMod));
   NS_ENSURE_SUCCESS(rv, false);
 
@@ -371,17 +373,19 @@ bool ScriptLoader::IsAboutPageLoadingChr
   rv = aboutMod->GetURIFlags(triggeringURI, &aboutModuleFlags);
   NS_ENSURE_SUCCESS(rv, false);
 
   if (aboutModuleFlags & nsIAboutModule::MAKE_LINKABLE) {
     return false;
   }
 
   // if the uri to be loaded is not of scheme chrome:, there is nothing to do.
-  if (!aRequest->mURI->SchemeIs("chrome")) {
+  bool isChrome =
+      (NS_SUCCEEDED(aRequest->mURI->SchemeIs("chrome", &isChrome)) && isChrome);
+  if (!isChrome) {
     return false;
   }
 
   // seems like an about page wants to load a chrome URI.
   return true;
 }
 
 bool ScriptLoader::ModuleMapContainsURL(nsIURI* aURL) const {
@@ -3520,18 +3524,32 @@ uint32_t ScriptLoader::NumberOfProcessor
   if (mNumberOfProcessors > 0) return mNumberOfProcessors;
 
   int32_t numProcs = PR_GetNumberOfProcessors();
   if (numProcs > 0) mNumberOfProcessors = numProcs;
   return mNumberOfProcessors;
 }
 
 static bool IsInternalURIScheme(nsIURI* uri) {
-  return uri->SchemeIs("moz-extension") || uri->SchemeIs("resource") ||
-         uri->SchemeIs("chrome");
+  bool isWebExt;
+  if (NS_SUCCEEDED(uri->SchemeIs("moz-extension", &isWebExt)) && isWebExt) {
+    return true;
+  }
+
+  bool isResource;
+  if (NS_SUCCEEDED(uri->SchemeIs("resource", &isResource)) && isResource) {
+    return true;
+  }
+
+  bool isChrome;
+  if (NS_SUCCEEDED(uri->SchemeIs("chrome", &isChrome)) && isChrome) {
+    return true;
+  }
+
+  return false;
 }
 
 nsresult ScriptLoader::PrepareLoadedRequest(ScriptLoadRequest* aRequest,
                                             nsIIncrementalStreamLoader* aLoader,
                                             nsresult aStatus) {
   if (NS_FAILED(aStatus)) {
     return aStatus;
   }
--- a/dom/serviceworkers/ServiceWorkerUtils.cpp
+++ b/dom/serviceworkers/ServiceWorkerUtils.cpp
@@ -64,18 +64,20 @@ nsresult ServiceWorkerScopeAndScriptAreV
                                              nsIURI* aScopeURI,
                                              nsIURI* aScriptURI) {
   MOZ_DIAGNOSTIC_ASSERT(aScopeURI);
   MOZ_DIAGNOSTIC_ASSERT(aScriptURI);
 
   nsCOMPtr<nsIPrincipal> principal = aClientInfo.GetPrincipal();
   NS_ENSURE_TRUE(principal, NS_ERROR_DOM_INVALID_STATE_ERR);
 
-  bool isHttp = aScriptURI->SchemeIs("http");
-  bool isHttps = aScriptURI->SchemeIs("https");
+  bool isHttp = false;
+  bool isHttps = false;
+  Unused << aScriptURI->SchemeIs("http", &isHttp);
+  Unused << aScriptURI->SchemeIs("https", &isHttps);
   NS_ENSURE_TRUE(isHttp || isHttps, NS_ERROR_DOM_SECURITY_ERR);
 
   nsresult rv = CheckForSlashEscapedCharsInPath(aScopeURI);
   NS_ENSURE_SUCCESS(rv, rv);
 
   rv = CheckForSlashEscapedCharsInPath(aScriptURI);
   NS_ENSURE_SUCCESS(rv, rv);
 
--- a/dom/storage/StorageUtils.cpp
+++ b/dom/storage/StorageUtils.cpp
@@ -27,17 +27,18 @@ nsresult GenerateOriginKey(nsIPrincipal*
   }
 
   nsAutoCString domainOrigin;
   rv = uri->GetAsciiHost(domainOrigin);
   NS_ENSURE_SUCCESS(rv, rv);
 
   if (domainOrigin.IsEmpty()) {
     // For the file:/// protocol use the exact directory as domain.
-    if (uri->SchemeIs("file")) {
+    bool isScheme = false;
+    if (NS_SUCCEEDED(uri->SchemeIs("file", &isScheme)) && isScheme) {
       nsCOMPtr<nsIURL> url = do_QueryInterface(uri, &rv);
       NS_ENSURE_SUCCESS(rv, rv);
       rv = url->GetDirectory(domainOrigin);
       NS_ENSURE_SUCCESS(rv, rv);
     }
   }
 
   // Append reversed domain
--- a/dom/url/URL.cpp
+++ b/dom/url/URL.cpp
@@ -110,17 +110,21 @@ bool URL::IsValidURL(const GlobalObject&
   return URLWorker::IsValidURL(aGlobal, aURL, aRv);
 }
 
 URLSearchParams* URL::SearchParams() {
   CreateSearchParamsIfNeeded();
   return mSearchParams;
 }
 
-bool IsChromeURI(nsIURI* aURI) { return aURI->SchemeIs("chrome"); }
+bool IsChromeURI(nsIURI* aURI) {
+  bool isChrome = false;
+  if (NS_SUCCEEDED(aURI->SchemeIs("chrome", &isChrome))) return isChrome;
+  return false;
+}
 
 void URL::CreateSearchParamsIfNeeded() {
   if (!mSearchParams) {
     mSearchParams = new URLSearchParams(mParent, this);
     UpdateURLSearchParams();
   }
 }
 
--- a/dom/webauthn/WebAuthnUtil.cpp
+++ b/dom/webauthn/WebAuthnUtil.cpp
@@ -27,17 +27,18 @@ bool EvaluateAppID(nsPIDOMWindowInner* a
   // Facet is the specification's way of referring to the web origin.
   nsAutoCString facetString = NS_ConvertUTF16toUTF8(aOrigin);
   nsCOMPtr<nsIURI> facetUri;
   if (NS_FAILED(NS_NewURI(getter_AddRefs(facetUri), facetString))) {
     return false;
   }
 
   // If the facetId (origin) is not HTTPS, reject
-  if (!facetUri->SchemeIs("https")) {
+  bool facetIsHttps = false;
+  if (NS_FAILED(facetUri->SchemeIs("https", &facetIsHttps)) || !facetIsHttps) {
     return false;
   }
 
   // If the appId is empty or null, overwrite it with the facetId and accept
   if (aAppId.IsEmpty() || aAppId.EqualsLiteral("null")) {
     aAppId.Assign(aOrigin);
     return true;
   }
@@ -45,17 +46,18 @@ bool EvaluateAppID(nsPIDOMWindowInner* a
   // AppID is user-supplied. It's quite possible for this parse to fail.
   nsAutoCString appIdString = NS_ConvertUTF16toUTF8(aAppId);
   nsCOMPtr<nsIURI> appIdUri;
   if (NS_FAILED(NS_NewURI(getter_AddRefs(appIdUri), appIdString))) {
     return false;
   }
 
   // if the appId URL is not HTTPS, reject.
-  if (!appIdUri->SchemeIs("https")) {
+  bool appIdIsHttps = false;
+  if (NS_FAILED(appIdUri->SchemeIs("https", &appIdIsHttps)) || !appIdIsHttps) {
     return false;
   }
 
   nsAutoCString appIdHost;
   if (NS_FAILED(appIdUri->GetAsciiHost(appIdHost))) {
     return false;
   }
 
--- a/dom/websocket/WebSocket.cpp
+++ b/dom/websocket/WebSocket.cpp
@@ -1642,18 +1642,24 @@ nsresult WebSocketImpl::Init(JSContext* 
   if (!mIsServerSide && !mSecure &&
       !Preferences::GetBool("network.websocket.allowInsecureFromHTTPS",
                             false)) {
     nsCOMPtr<nsIURI> originURI;
     if (aLoadingPrincipal) {
       aLoadingPrincipal->GetURI(getter_AddRefs(originURI));
     }
 
-    if (originURI && originURI->SchemeIs("https")) {
-      return NS_ERROR_DOM_SECURITY_ERR;
+    if (originURI) {
+      bool originIsHttps = false;
+      rv = originURI->SchemeIs("https", &originIsHttps);
+      NS_ENSURE_SUCCESS(rv, rv);
+
+      if (originIsHttps) {
+        return NS_ERROR_DOM_SECURITY_ERR;
+      }
     }
   }
 
   // Assign the sub protocol list and scan it for illegal values
   for (uint32_t index = 0; index < aProtocolArray.Length(); ++index) {
     for (uint32_t i = 0; i < aProtocolArray[index].Length(); ++i) {
       if (aProtocolArray[index][i] < static_cast<char16_t>(0x0021) ||
           aProtocolArray[index][i] > static_cast<char16_t>(0x007E)) {
--- a/dom/workers/ScriptLoader.cpp
+++ b/dom/workers/ScriptLoader.cpp
@@ -153,17 +153,20 @@ nsresult ChannelFromScriptURL(
   uint32_t secFlags = aIsMainScript
                           ? nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_DATA_IS_BLOCKED
                           : nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS;
 
   bool inheritAttrs = nsContentUtils::ChannelShouldInheritPrincipal(
       principal, uri, true /* aInheritForAboutBlank */,
       false /* aForceInherit */);
 
-  bool isData = uri->SchemeIs("data");
+  bool isData = false;
+  rv = uri->SchemeIs("data", &isData);
+  NS_ENSURE_SUCCESS(rv, rv);
+
   bool isURIUniqueOrigin =
       net::nsIOService::IsDataURIUniqueOpaqueOrigin() && isData;
   if (inheritAttrs && !isURIUniqueOrigin) {
     secFlags |= nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL;
   }
 
   if (aWorkerScriptType == DebuggerScript) {
     // A DebuggerScript needs to be a local resource like chrome: or resource:
--- a/dom/xbl/nsXBLContentSink.cpp
+++ b/dom/xbl/nsXBLContentSink.cpp
@@ -340,17 +340,22 @@ bool nsXBLContentSink::OnOpenContainer(c
       mState = eXBL_Error;
       return true;
     }
 
     mDocument->BindingManager()->PutXBLDocumentInfo(mDocInfo);
 
     nsIURI* uri = mDocument->GetDocumentURI();
 
-    mIsChromeOrResource = uri->SchemeIs("chrome") || uri->SchemeIs("resource");
+    bool isChrome = false;
+    bool isRes = false;
+
+    uri->SchemeIs("chrome", &isChrome);
+    uri->SchemeIs("resource", &isRes);
+    mIsChromeOrResource = isChrome || isRes;
 
     mState = eXBL_InBindings;
   } else if (aTagName == nsGkAtoms::binding) {
     ENSURE_XBL_STATE(mState == eXBL_InBindings);
     mState = eXBL_InBinding;
   } else if (aTagName == nsGkAtoms::handlers) {
     ENSURE_XBL_STATE(mState == eXBL_InBinding && mBinding);
     mState = eXBL_InHandlers;
--- a/dom/xbl/nsXBLService.cpp
+++ b/dom/xbl/nsXBLService.cpp
@@ -336,17 +336,22 @@ void nsXBLService::Init() {
 
 // Constructors/Destructors
 nsXBLService::nsXBLService(void) {}
 
 nsXBLService::~nsXBLService(void) {}
 
 // static
 bool nsXBLService::IsChromeOrResourceURI(nsIURI* aURI) {
-  return aURI->SchemeIs("chrome") || aURI->SchemeIs("resource");
+  bool isChrome = false;
+  bool isResource = false;
+  if (NS_SUCCEEDED(aURI->SchemeIs("chrome", &isChrome)) &&
+      NS_SUCCEEDED(aURI->SchemeIs("resource", &isResource)))
+    return (isChrome || isResource);
+  return false;
 }
 
 // Servo avoids wasting work styling subtrees of elements with XBL bindings by
 // default, so whenever we leave LoadBindings in a way that doesn't guarantee
 // that the subtree is styled we need to take care of doing it manually.
 static void EnsureSubtreeStyled(Element* aElement) {
   if (!aElement->HasServoData()) {
     return;
@@ -418,17 +423,18 @@ static bool IsSystemOrChromeURLPrincipal
   if (nsContentUtils::IsSystemPrincipal(aPrincipal)) {
     return true;
   }
 
   nsCOMPtr<nsIURI> uri;
   aPrincipal->GetURI(getter_AddRefs(uri));
   NS_ENSURE_TRUE(uri, false);
 
-  return uri->SchemeIs("chrome");
+  bool isChrome = false;
+  return NS_SUCCEEDED(uri->SchemeIs("chrome", &isChrome)) && isChrome;
 }
 
 // This function loads a particular XBL file and installs all of the bindings
 // onto the element.
 nsresult nsXBLService::LoadBindings(Element* aElement, nsIURI* aURL,
                                     nsIPrincipal* aOriginPrincipal,
                                     nsXBLBinding** aBinding) {
   MOZ_ASSERT(aOriginPrincipal, "Must have an origin principal");
@@ -672,17 +678,20 @@ static bool MayBindToContent(nsXBLProtot
     return true;
   }
 
   // One last special case: we need to watch out for in-document data: URI
   // bindings from remote-XUL-whitelisted domains (especially tests), because
   // they end up with a null principal (rather than inheriting the document's
   // principal), which causes them to fail the check above.
   if (nsContentUtils::AllowXULXBLForPrincipal(aBoundElement->NodePrincipal())) {
-    if (aURI->SchemeIs("data")) {
+    bool isDataURI = false;
+    nsresult rv = aURI->SchemeIs("data", &isDataURI);
+    NS_ENSURE_SUCCESS(rv, false);
+    if (isDataURI) {
       return true;
     }
   }
 
   // Disallow.
   return false;
 }
 
@@ -899,19 +908,19 @@ nsresult nsXBLService::LoadBindingDocume
   }
 #endif
 
   if (!info) {
     // Finally, if all lines of defense fail, we go and fetch the binding
     // document.
 
     // Always load chrome synchronously
-    if (documentURI->SchemeIs("chrome")) {
+    bool chrome;
+    if (NS_SUCCEEDED(documentURI->SchemeIs("chrome", &chrome)) && chrome)
       aForceSyncLoad = true;
-    }
 
     nsCOMPtr<Document> document;
     rv = FetchBindingDocument(aBoundElement, aBoundDocument, documentURI,
                               aBindingURI, aOriginPrincipal, aForceSyncLoad,
                               getter_AddRefs(document));
     NS_ENSURE_SUCCESS(rv, rv);
 
     if (document) {
--- a/dom/xhr/XMLHttpRequestMainThread.cpp
+++ b/dom/xhr/XMLHttpRequestMainThread.cpp
@@ -1082,18 +1082,19 @@ void XMLHttpRequestMainThread::GetAllRes
       aResponseHeaders.AppendLiteral(";charset=");
       aResponseHeaders.Append(value);
     }
     aResponseHeaders.AppendLiteral("\r\n");
   }
 
   // Don't provide Content-Length for data URIs
   nsCOMPtr<nsIURI> uri;
+  bool isDataURI;
   if (NS_FAILED(mChannel->GetURI(getter_AddRefs(uri))) ||
-      !uri->SchemeIs("data")) {
+      NS_FAILED(uri->SchemeIs("data", &isDataURI)) || !isDataURI) {
     int64_t length;
     if (NS_SUCCEEDED(mChannel->GetContentLength(&length))) {
       aResponseHeaders.AppendLiteral("Content-Length: ");
       aResponseHeaders.AppendInt(length);
       aResponseHeaders.AppendLiteral("\r\n");
     }
   }
 }
--- a/dom/xml/XMLDocument.cpp
+++ b/dom/xml/XMLDocument.cpp
@@ -312,17 +312,18 @@ bool XMLDocument::Load(const nsAString& 
     aRv.Throw(rv);
     return false;
   }
 
   if (nsContentUtils::IsSystemPrincipal(principal)) {
     // We're called from chrome, check to make sure the URI we're
     // about to load is also chrome.
 
-    if (!uri->SchemeIs("chrome")) {
+    bool isChrome = false;
+    if (NS_FAILED(uri->SchemeIs("chrome", &isChrome)) || !isChrome) {
       nsAutoString error;
       error.AssignLiteral(
           "Cross site loading using document.load is no "
           "longer supported. Use XMLHttpRequest instead.");
       nsCOMPtr<nsIScriptError> errorObject =
           do_CreateInstance(NS_SCRIPTERROR_CONTRACTID, &rv);
       if (NS_FAILED(rv)) {
         aRv.Throw(rv);
--- a/dom/xslt/xslt/txMozillaStylesheetCompiler.cpp
+++ b/dom/xslt/xslt/txMozillaStylesheetCompiler.cpp
@@ -244,17 +244,18 @@ txStylesheetSink::OnStartRequest(nsIRequ
 
   nsAutoCString contentType;
   channel->GetContentType(contentType);
 
   // Time to sniff! Note: this should go away once file channels do
   // sniffing themselves.
   nsCOMPtr<nsIURI> uri;
   channel->GetURI(getter_AddRefs(uri));
-  if (uri->SchemeIs("file") &&
+  bool sniff;
+  if (NS_SUCCEEDED(uri->SchemeIs("file", &sniff)) && sniff &&
       contentType.EqualsLiteral(UNKNOWN_CONTENT_TYPE)) {
     nsresult rv;
     nsCOMPtr<nsIStreamConverterService> serv =
         do_GetService("@mozilla.org/streamConverters;1", &rv);
     if (NS_SUCCEEDED(rv)) {
       nsCOMPtr<nsIStreamListener> converter;
       rv = serv->AsyncConvertData(UNKNOWN_CONTENT_TYPE, "*/*", mListener,
                                   mParser, getter_AddRefs(converter));
--- a/dom/xul/nsXULElement.cpp
+++ b/dom/xul/nsXULElement.cpp
@@ -1896,19 +1896,22 @@ nsresult nsXULPrototypeScript::Serialize
   JSContext* cx = jsapi.cx();
   JS::Rooted<JSScript*> script(cx, mScriptObject);
   MOZ_ASSERT(xpc::CompilationScope() == JS::CurrentGlobalOrNull(cx));
   return nsContentUtils::XPConnect()->WriteScript(aStream, cx, script);
 }
 
 nsresult nsXULPrototypeScript::SerializeOutOfLine(
     nsIObjectOutputStream* aStream, nsXULPrototypeDocument* aProtoDoc) {
-  if (!mSrcURI->SchemeIs("chrome"))
+  nsresult rv = NS_ERROR_NOT_IMPLEMENTED;
+
+  bool isChrome = false;
+  if (NS_FAILED(mSrcURI->SchemeIs("chrome", &isChrome)) || !isChrome)
     // Don't cache scripts that don't come from chrome uris.
-    return NS_ERROR_NOT_IMPLEMENTED;
+    return rv;
 
   nsXULPrototypeCache* cache = nsXULPrototypeCache::GetInstance();
   if (!cache) return NS_ERROR_OUT_OF_MEMORY;
 
   NS_ASSERTION(cache->IsEnabled(),
                "writing to the cache file, but the XUL cache is off?");
   bool exists;
   cache->HasData(mSrcURI, &exists);
@@ -1916,17 +1919,17 @@ nsresult nsXULPrototypeScript::Serialize
   /* return will be NS_OK from GetAsciiSpec.
    * that makes no sense.
    * nor does returning NS_OK from HasMuxedDocument.
    * XXX return something meaningful.
    */
   if (exists) return NS_OK;
 
   nsCOMPtr<nsIObjectOutputStream> oos;
-  nsresult rv = cache->GetOutputStream(mSrcURI, getter_AddRefs(oos));
+  rv = cache->GetOutputStream(mSrcURI, getter_AddRefs(oos));
   NS_ENSURE_SUCCESS(rv, rv);
 
   nsresult tmp = Serialize(oos, aProtoDoc, nullptr);
   if (NS_FAILED(tmp)) {
     rv = tmp;
   }
   tmp = cache->FinishOutputStream(mSrcURI);
   if (NS_FAILED(tmp)) {
@@ -2006,19 +2009,23 @@ nsresult nsXULPrototypeScript::Deseriali
       // after any error, and that suffices to cause the script to
       // be reloaded (from the src= URI, if any) and recompiled.
       // We're better off slow-loading than bailing out due to a
       // error.
       if (NS_SUCCEEDED(rv))
         rv = Deserialize(objectInput, aProtoDoc, nullptr, nullptr);
 
       if (NS_SUCCEEDED(rv)) {
-        if (useXULCache && mSrcURI && mSrcURI->SchemeIs("chrome")) {
-          JS::Rooted<JSScript*> script(RootingCx(), GetScriptObject());
-          cache->PutScript(mSrcURI, script);
+        if (useXULCache && mSrcURI) {
+          bool isChrome = false;
+          mSrcURI->SchemeIs("chrome", &isChrome);
+          if (isChrome) {
+            JS::Rooted<JSScript*> script(RootingCx(), GetScriptObject());
+            cache->PutScript(mSrcURI, script);
+          }
         }
         cache->FinishInputStream(mSrcURI);
       } else {
         // If mSrcURI is not in the cache,
         // rv will be NS_ERROR_NOT_AVAILABLE and we'll try to
         // update the cache file to hold a serialization of
         // this script, once it has finished loading.
         if (rv != NS_ERROR_NOT_AVAILABLE) cache->AbortCaching();
--- a/toolkit/components/antitracking/AntiTrackingCommon.cpp
+++ b/toolkit/components/antitracking/AntiTrackingCommon.cpp
@@ -215,17 +215,20 @@ int32_t CookiesBehavior(nsILoadInfo* aLo
   // Bug 1537753.
   if (StaticPrefs::extensions_cookiesBehavior_overrideOnTopLevel() &&
       BasePrincipal::Cast(aTopLevelPrincipal)->AddonPolicy()) {
     return nsICookieService::BEHAVIOR_ACCEPT;
   }
 
   // WebExtensions 3rd party URI always get BEHAVIOR_ACCEPT as cookieBehavior,
   // this is semantically equivalent to the principal having a AddonPolicy().
-  if (a3rdPartyURI->SchemeIs("moz-extension")) {
+  bool is3rdPartyMozExt = false;
+  if (NS_SUCCEEDED(
+          a3rdPartyURI->SchemeIs("moz-extension", &is3rdPartyMozExt)) &&
+      is3rdPartyMozExt) {
     return nsICookieService::BEHAVIOR_ACCEPT;
   }
 
   nsCOMPtr<nsICookieSettings> cookieSettings;
   nsresult rv = aLoadInfo->GetCookieSettings(getter_AddRefs(cookieSettings));
   if (NS_WARN_IF(NS_FAILED(rv))) {
     return nsICookieService::BEHAVIOR_REJECT;
   }
--- a/toolkit/components/antitracking/StorageAccess.cpp
+++ b/toolkit/components/antitracking/StorageAccess.cpp
@@ -133,18 +133,22 @@ static StorageAccess InternalStorageAllo
   // This means that behavior for storage with internal about: URIs should not
   // be affected, which is desireable due to the lack of automated testing for
   // about: URIs with these preferences set, and the importance of the correct
   // functioning of these URIs even with custom preferences.
   nsCOMPtr<nsIURI> uri = aURI;
   if (!uri) {
     Unused << aPrincipal->GetURI(getter_AddRefs(uri));
   }
-  if (uri && uri->SchemeIs("about")) {
-    return access;
+  if (uri) {
+    bool isAbout = false;
+    MOZ_ALWAYS_SUCCEEDS(uri->SchemeIs("about", &isAbout));
+    if (isAbout) {
+      return access;
+    }
   }
 
   if (!StorageDisabledByAntiTracking(aWindow, aChannel, aPrincipal, aURI,
                                      aRejectedReason)) {
     return access;
   }
 
   // We want to have a partitioned storage only for trackers.
--- a/toolkit/components/places/nsNavBookmarks.cpp
+++ b/toolkit/components/places/nsNavBookmarks.cpp
@@ -1914,17 +1914,20 @@ nsNavBookmarks::OnPageChanged(nsIURI* aU
     NS_ENSURE_SUCCESS(rv, rv);
     changeData.property = NS_LITERAL_CSTRING("favicon");
     changeData.isAnnotation = false;
     changeData.newValue = NS_ConvertUTF16toUTF8(aNewValue);
     changeData.bookmark.lastModified = 0;
     changeData.bookmark.type = TYPE_BOOKMARK;
 
     // Favicons may be set to either pure URIs or to folder URIs
-    if (aURI->SchemeIs("place")) {
+    bool isPlaceURI;
+    rv = aURI->SchemeIs("place", &isPlaceURI);
+    NS_ENSURE_SUCCESS(rv, rv);
+    if (isPlaceURI) {
       nsNavHistory* history = nsNavHistory::GetHistoryService();
       NS_ENSURE_TRUE(history, NS_ERROR_OUT_OF_MEMORY);
 
       nsCOMPtr<nsINavHistoryQuery> query;
       nsCOMPtr<nsINavHistoryQueryOptions> options;
       rv = history->QueryStringToQuery(changeData.bookmark.url,
                                        getter_AddRefs(query),
                                        getter_AddRefs(options));
--- a/toolkit/components/url-classifier/nsUrlClassifierStreamUpdater.cpp
+++ b/toolkit/components/url-classifier/nsUrlClassifierStreamUpdater.cpp
@@ -173,17 +173,18 @@ nsresult nsUrlClassifierStreamUpdater::F
     rv = AddRequestBody(aRequestPayload);
     NS_ENSURE_SUCCESS(rv, rv);
   }
 
   // Set the appropriate content type for file/data URIs, for unit testing
   // purposes.
   // This is only used for testing and should be deleted.
   bool match;
-  if (aUpdateUrl->SchemeIs("file") || aUpdateUrl->SchemeIs("data")) {
+  if ((NS_SUCCEEDED(aUpdateUrl->SchemeIs("file", &match)) && match) ||
+      (NS_SUCCEEDED(aUpdateUrl->SchemeIs("data", &match)) && match)) {
     mChannel->SetContentType(
         NS_LITERAL_CSTRING("application/vnd.google.safebrowsing-update"));
   } else {
     // We assume everything else is an HTTP request.
 
     // Disable keepalive.
     nsCOMPtr<nsIHttpChannel> httpChannel = do_QueryInterface(mChannel, &rv);
     NS_ENSURE_SUCCESS(rv, rv);
--- a/toolkit/components/windowwatcher/nsWindowWatcher.cpp
+++ b/toolkit/components/windowwatcher/nsWindowWatcher.cpp
@@ -612,17 +612,17 @@ nsresult nsWindowWatcher::OpenWindowInte
   // We expect BrowserParent to have provided us the absolute URI of the window
   // we're to open, so there's no need to call URIfromURL (or more importantly,
   // to check for a chrome URI, which cannot be opened from a remote tab).
   if (aUrl) {
     rv = URIfromURL(aUrl, aParent, getter_AddRefs(uriToLoad));
     if (NS_FAILED(rv)) {
       return rv;
     }
-    uriToLoadIsChrome = uriToLoad->SchemeIs("chrome");
+    uriToLoad->SchemeIs("chrome", &uriToLoadIsChrome);
   }
 
   bool nameSpecified = false;
   if (aName) {
     CopyUTF8toUTF16(MakeStringSpan(aName), name);
     nameSpecified = true;
   } else {
     name.SetIsVoid(true);
--- a/toolkit/mozapps/extensions/AddonContentPolicy.cpp
+++ b/toolkit/mozapps/extensions/AddonContentPolicy.cpp
@@ -107,18 +107,20 @@ AddonContentPolicy::ShouldLoad(nsIURI* a
 
   if (!requestOrigin) {
     return NS_OK;
   }
 
   // Only apply this policy to requests from documents loaded from
   // moz-extension URLs, or to resources being loaded from moz-extension URLs.
   bool equals;
-  if (!(aContentLocation->SchemeIs("moz-extension") ||
-        requestOrigin->SchemeIs("moz-extension"))) {
+  if (!((NS_SUCCEEDED(aContentLocation->SchemeIs("moz-extension", &equals)) &&
+         equals) ||
+        (NS_SUCCEEDED(requestOrigin->SchemeIs("moz-extension", &equals)) &&
+         equals))) {
     return NS_OK;
   }
 
   if (contentType == nsIContentPolicy::TYPE_SCRIPT) {
     NS_ConvertUTF8toUTF16 typeString(aMimeTypeGuess);
     nsContentTypeParser mimeParser(typeString);
 
     // Reject attempts to load JavaScript scripts with a non-default version.
--- a/toolkit/mozapps/extensions/AddonManagerWebAPI.cpp
+++ b/toolkit/mozapps/extensions/AddonManagerWebAPI.cpp
@@ -50,17 +50,19 @@ static bool IsValidHost(const nsACString
 
 // Checks if the given uri is secure and matches one of the hosts allowed to
 // access the API.
 bool AddonManagerWebAPI::IsValidSite(nsIURI* uri) {
   if (!uri) {
     return false;
   }
 
-  if (!uri->SchemeIs("https")) {
+  bool isSecure;
+  nsresult rv = uri->SchemeIs("https", &isSecure);
+  if (NS_FAILED(rv) || !isSecure) {
     if (!(xpc::IsInAutomation() &&
           Preferences::GetBool("extensions.webapi.testing.http", false))) {
       return false;
     }
   }
 
   nsAutoCString host;
   rv = uri->GetHost(host);
--- a/toolkit/system/unixproxy/nsUnixSystemProxySettings.cpp
+++ b/toolkit/system/unixproxy/nsUnixSystemProxySettings.cpp
@@ -170,17 +170,20 @@ static nsresult GetProxyFromEnvironment(
 
   // Use our URI parser to crack the proxy URI
   nsCOMPtr<nsIURI> proxyURI;
   nsresult rv = NS_NewURI(getter_AddRefs(proxyURI), proxyVal);
   NS_ENSURE_SUCCESS(rv, rv);
 
   // Is there a way to specify "socks://" or something in these environment
   // variables? I can't find any documentation.
-  if (!proxyURI->SchemeIs("http")) return NS_ERROR_UNKNOWN_PROTOCOL;
+  bool isHTTP;
+  rv = proxyURI->SchemeIs("http", &isHTTP);
+  NS_ENSURE_SUCCESS(rv, rv);
+  if (!isHTTP) return NS_ERROR_UNKNOWN_PROTOCOL;
 
   nsAutoCString proxyHost;
   rv = proxyURI->GetHost(proxyHost);
   NS_ENSURE_SUCCESS(rv, rv);
 
   int32_t proxyPort;
   rv = proxyURI->GetPort(&proxyPort);
   NS_ENSURE_SUCCESS(rv, rv);
--- a/toolkit/xre/nsAppRunner.cpp
+++ b/toolkit/xre/nsAppRunner.cpp
@@ -996,21 +996,26 @@ nsXULAppInfo::GetServerURL(nsIURL** aSer
   url = do_QueryInterface(uri);
   NS_ADDREF(*aServerURL = url);
 
   return NS_OK;
 }
 
 NS_IMETHODIMP
 nsXULAppInfo::SetServerURL(nsIURL* aServerURL) {
-  // Only allow https or http URLs
-  if (!aServerURL->SchemeIs("http") && !aServerURL->SchemeIs("https")) {
-    return NS_ERROR_INVALID_ARG;
-  }
-
+  bool schemeOk;
+  // only allow https or http URLs
+  nsresult rv = aServerURL->SchemeIs("https", &schemeOk);
+  NS_ENSURE_SUCCESS(rv, rv);
+  if (!schemeOk) {
+    rv = aServerURL->SchemeIs("http", &schemeOk);
+    NS_ENSURE_SUCCESS(rv, rv);
+
+    if (!schemeOk) return NS_ERROR_INVALID_ARG;
+  }
   nsAutoCString spec;
   rv = aServerURL->GetSpec(spec);
   NS_ENSURE_SUCCESS(rv, rv);
 
   return CrashReporter::SetServerURL(spec);
 }
 
 NS_IMETHODIMP