Bug 1137179 - Add wildcard support to the static fallback list. r=keeler, a=lsblakk
authorMasatoshi Kimura <VYV03354@nifty.ne.jp>
Wed, 04 Mar 2015 05:55:00 -0500
changeset 250235 70d3a14eab61
parent 250234 1f4073c76b2b
child 250236 729cf69ef43f
push id4523
push userryanvm@gmail.com
push date2015-03-04 17:35 +0000
treeherdermozilla-beta@729cf69ef43f [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerskeeler, lsblakk
bugs1137179
milestone37.0
Bug 1137179 - Add wildcard support to the static fallback list. r=keeler, a=lsblakk
security/manager/ssl/src/IntolerantFallbackList.inc
security/manager/ssl/src/nsNSSIOLayer.cpp
security/manager/ssl/tests/gtest/TLSIntoleranceTest.cpp
--- a/security/manager/ssl/src/IntolerantFallbackList.inc
+++ b/security/manager/ssl/src/IntolerantFallbackList.inc
@@ -4,61 +4,58 @@
 
 ///////////////////////////////////////////////////////////////////////////////
 // This is an automatically generated file. If you're not
 // nsNSSIOLayer.cpp, you shouldn't be #including it.
 ///////////////////////////////////////////////////////////////////////////////
 
 static const char* const kIntolerantFallbackList[] =
 {
+  "23andme.com", // bug 1136376
+  "a127-jobs.nyc.gov", // bug 1134709
   "aacoprod.aacounty.org",
   "access.uwstout.edu",
   "account.61.com.tw",
   "acs.sia.eu", // RC4
   "actiononline.stpete.org",
   "actu.reunion.fr",
   "ad401k.sbisec.co.jp",
   "adman.you.gr",
-  "adsearch.kuronekoyamato.co.jp", // bug 1128366
   "affiliatewalla.com",
   "airportwifi.com", // bug 1116891
   "allyours.virginmedia.com",
   "amss.mobilicity.ca",
   "ap.meitetsuunyu.co.jp",
   "apps.amerch.com",
   "apps.fpcu.org",
   "apps.sasken.com",
   "apps.state.or.us", // bug 1130472
   "appsrv.restat.com",
   "arts.ac.uk",
   "ascii.jp",
   "asiaenglish.visitkorea.or.kr",
   "asiointi.hel.fi",
   "asknow.com",
-  "auction.kuronekoyamato.co.jp", // bug 1128366
   "b2b.feib.com.tw",
   "bcccbookstore.bccc.edu",
   "bedrijfsprofiel.graydon.nl",
   "beehive.miit.ru",
   "bettertrades.com",
   "bianmin.chinapay.com",
   "big5chinese.visitkorea.or.kr",
   "bigflix.com",
   "blackboard.tru.ca",
   "blogwatcher.co.jp",
   "blueportal.vanmarcke.be",
-  "bmypage.kuronekoyamato.co.jp", // bug 1128366
-  "bmypageapi.kuronekoyamato.co.jp", // bug 1128366
-  "books.spec.whatwg.org", // RC4
+  "bonds.euronext.com", // bug 1136091
   "books.wwnorton.com", // bug 1116891
   "bookstore.alma.edu",
   "bookstore.assumption.edu",
   "bookstore.bsc.edu",
   "bookstore.calbaptist.edu",
-  "bookstore.cleary.edu",
   "bookstore.doane.edu",
   "bookstore.drury.edu",
   "bookstore.grinnell.edu",
   "bookstore.hacc.edu",
   "bookstore.hancockcollege.edu",
   "bookstore.icc.edu",
   "bookstore.northern.edu",
   "bookstore.ntc.edu",
@@ -68,137 +65,117 @@ static const char* const kIntolerantFall
   "bookstore.smc.edu",
   "bookstore.snu.edu",
   "bookstore.sunyjefferson.edu",
   "bookstore.tridenttech.edu",
   "bookstore.wbu.edu",
   "bookstore.wscc.edu",
   "bursar.ou.edu",
   "buttons.verticalresponse.com",
-  "buy.liker.com.tw",
-  "c2.kuronekoyamato.co.jp", // bug 1128366
   "c2g.jupiter.fl.us",
-  "carcraft.co.uk",
+  "canadaca.geotrust.com", // bug 1137677
   "cart.pcpitstop.com", // bug 1116891
   "cbsfilms.epk.tv",
   "cbsfnotes1.blood.org.tw",
   "central.acadiau.ca",
   "chinese.visitkorea.or.kr",
-  "chintai.mibucorp.co.jp",
   "click2gov.alpharetta.ga.us",
   "click2gov.sanangelotexas.us",
   "clientes.chilectra.cl",
   "club.guosen.com.cn",
-  "cmypage.kuronekoyamato.co.jp", // bug 1112110
   "coagov.aurora-il.org",
   "codem.codemasters.com",
   "collegestore.hfcc.edu",
   "comune.milano.it",
-  "contact-us.kuronekoyamato.co.jp", // bug 1128366
   "corporate.webfg.com",
   "corporbank.nbcb.com.cn",
   "coursecatalog.harvard.edu",
   "courtapps.utcourts.gov",
   "crm.et2008.com",
   "crossroads.schneider.com",
   "crypticstudios.com",
   "cs.tokai-tv.com",
   "cualerts.dupaco.com", // bug 1116892
   "cwu.edu",
   "dbank.hxb.com.cn",
   "dealer.autobytel.com",
   "dealer.autoc-one.jp",
   "developer.fsmoffice.net",
   "developer.palm.com",
-  "developers.whatwg.org", // RC4
   "dheb.delavska-hranilnica.si",
   "digibet.com",
   "dinsmore.fsmoffice.net",
   "direct-teleshop.jp",
   "direct.graydon.nl",
-  "docrecycle.kuronekoyamato.co.jp", // bug 1128366
-  "domparsing.spec.whatwg.org",
   "dream-prize.com",
   "dwwsyw.bjgjj.gov.cn",
   "e-mediador.fiatc.es",
   "e-profesional.fiatc.es",
   "eagleslanding.lamission.edu",
   "eatm.scsb.com.tw",
   "ebank-public.hzbank.com.cn",
   "ebank.accessbankplc.com",
   "ebank.hxb.com.cn",
   "ebank.hzbank.com.cn",
   "ebpp.airtel.lk",
   "ec-line.cn",
-  "ec.kotoha.co.jp",
   "echo.com",
   "echotrak.com",
   "ecourses.uthscsa.edu",
   "egov.leaguecity.com",
   "emaildvla.direct.gov.uk", // bug 1116891
-  "encoding.spec.whatwg.org", // RC4
   "english.visitkorea.or.kr",
   "epk.tv",
   "epolicija.lt",
   "eservices.palomar.edu",
   "etimebanker.bankofthewest.com", // bug 1127204
   "etrade.ftft.com.tw",
   "eu.static.mega.co.nz", // bug 1133496
   "event.kasite.net",
   "extra.ytk.fi",
   "extranet.eurocontrol.int",
   "ez.cityofchesapeake.net",
   "ezpay.com.tw",
   "fallback.test", // Used by gtest
   "fastlane.echo.com",
-  "fetch.spec.whatwg.org", // RC4
   "fhbonline.fhb.com",
-  "figures.spec.whatwg.org", // RC4
   "finance.car.com",
   "followupfactory.fsmoffice.net",
-  "form.kuronekoyamato.co.jp", // bug 1128366
   "french.visitkorea.or.kr",
   "friends.freshandeasy.com",
   "fsmoffice.net",
   "ftisystem.fsmoffice.net",
   "fubar.com",
-  "fullscreen.spec.whatwg.org", // RC4
   "gateway.halton.gov.uk",
   "gbe-bund.de",
   "german.visitkorea.or.kr",
   "gestion.urjc.es",
   "giftcertificates.com",
-  "golfsearch.kuronekoyamato.co.jp", // bug 1128366
   "gosignmeup.com", // bug 1116891
   "gotimeforce.com",
   "hb.posted.co.rs",
   "hercle.com",
   "hikkoshi.homes.co.jp",
-  "hollowayusa.com",
   "home.hi-ho.ne.jp",
   "hoosierlottery.com",
   "household.endsleigh.co.uk",
   "hpshop.gr",
   "hr.templehealth.org",
-  "html.spec.whatwg.org", // RC4
   "identity.virginmedia.com", // bug 1129887
   "iezukuri.homes.co.jp",
   "ifueltech.fsmoffice.net",
   "ifund.allianzglobalinvestors.com.tw",
   "ihr.suburbanpropane.com",
   "images.bankofthewest.com", // bug 1127204
   "inquire.homes.co.jp",
   "inside.i-med.ac.at",
   "its.bocmacau.com",
   "ividmail.fsmoffice.net",
   "japanese.visitkorea.or.kr",
-  "javascript.spec.whatwg.org", // RC4
-  "jhct.co.jp",
   "jifenpay.com",
-  "jizen.kuronekoyamato.co.jp", // bug 1128366
   "jookey.jp",
   "juror.fairfaxcounty.gov",
   "kaigo.homes.co.jp",
   "kc.uthscsa.edu",
   "keirin.jp",
   "kfeducation.com",
   "kjp.keinet.ne.jp",
   "kjp.oo.kawai-juku.ac.jp",
@@ -208,222 +185,191 @@ static const char* const kIntolerantFall
   "korean.visitkorea.or.kr",
   "learn.ou.edu",
   "learn.swosu.edu",
   "library.indigo.ca",
   "lm-order.de",
   "login.chicagopolice.org",
   "login.ermis.gov.gr",
   "lsc.okb.co.jp",
-  "ltr.kotoha.co.jp",
   "m.cacu.com",
   "m.e-hon.ne.jp",
-  "m.getawaytoday.com", // bug 1116891
   "maakoalifestyle.fsmoffice.net",
   "mail.izhnet.ru",
   "mailoffer.merrickbank.com",
   "map.infonavit.org.mx",
-  "maplink.kuronekoyamato.co.jp", // bug 1128366
   "marketday.com", // bug 1092998
   "mbrapp.fpcu.org",
   "mccbookstore.mchenry.edu",
   "mecsumai.com",
-  "meiji-jisho.com",
   "member.edenredticket.com",
   "membres.fdj.fr",
   "merchant.edenredticket.com",
   "merrickbank.com",
   "meta-ehealth.com",
   "mijn.graydon.nl",
-  "mimesniff.spec.whatwg.org", // RC4
   "miportal.urjc.es",
   "mobile.dream-prize.com",
-  "mobile.kuronekoyamato.co.jp", // bug 1128366
-  "mobileotodoke.kuronekoyamato.co.jp", // bug 1128366
   "mon-ulb.ulb.ac.be",
   "mwed.jp",
   "my.arts.ac.uk",
   "my.csmd.edu",
   "my.csudh.edu",
   "my.kyivstar.ua",
   "my.miit.ru",
   "my.officef5.com",
   "myaccount.boostmobile.com", // bug 1112178
   "mybank.nbcb.com.cn",
   "mybanner.gvsu.edu",
   "myhancock.hancockcollege.edu",
-  "myhomest.co.jp",
   "myntc.ntc.edu",
   "mypage.homes.co.jp",
-  "mytoi.kuronekoyamato.co.jp", // bug 1128366
   "myuws.uws.edu.au",
   "nbank.hxb.com.cn",
   "nbc.epk.tv",
   "netbolsa.bpinet.pt", // bug 1132399
   "niche.endsleigh.co.uk",
   "nmsmp.alsok.co.jp",
   "no1.nipponrentacar.co.jp",
-  "notifications.spec.whatwg.org", // RC4
   "obos1.obos.no",
   "officevp.fsmoffice.net",
-  "okurijyoinji.kuronekoyamato.co.jp", // bug 1128366
   "online.informs.org",
-  "online.nawbo.org",
   "online.newindia.co.in",
   "online.sainsburysbank.co.uk",
   "opi.emersonclimate.com",
   "opus.pinellascounty.org",
   "orix-realestate.co.jp",
-  "otodoke.kuronekoyamato.co.jp", // bug 1128366
   "ow2.orderwave.com",
   "owa.byui.edu",
   "ozone.ou.edu",
   "parents.ou.edu",
   "parionsweb.fdj.fr",
   "parionsweb.fr",
   "pay3.chinabank.com.cn",
   "payment.safepass.cn",
   "paymentshq.achfederal.com",
   "paysys.gooooal.com",
   "peoples.com",
   "poezd.rw.by",
   "portal.eztec.com.br",
   "portal.questonline.gr",
   "portal.uem.es",
-  "products.geotrust.com",
-  "products.thawte.com",
   "profiles.uthscsa.edu",
   "pts.club-g-po.jp",
   "publicacionesoficiales.boe.es",
   "publicjobs.ie",
   "publicrecords.com",
-  "quirks.spec.whatwg.org", // RC4
   "rakuraku-market.com",
-  "rcp.kotoha.co.jp",
   "realestate.homes.co.jp",
   "recruit.nurse-senka.com",
   "reform.homes.co.jp",
   "registration.o2.co.uk",
   "relativitymedia.epk.tv",
   "renewals.cipd.co.uk",
   "repair.kuroneko-kadendr.jp", // bug 1128366
   "repairmb.kuroneko-kadendr.jp", // bug 1128366
   "reputation.com",
   "research-report.uws.edu.au",
   "reserve.opas.jp",
-  "resources.whatwg.org", // RC4
-  "rpg.kotoha.co.jp",
   "russian.visitkorea.or.kr",
   "s.aiasahi.jp",
-  "sales.mibucorp.co.jp",
   "sales.newchinalife.com",
   "sbank.hxb.com.cn",
   "sboseweb.mcpsweb.org",
   "school.keystoneschoolonline.com",
   "schweser.com",
   "secure-checkout.t-mobile.com", // bug 1133648
   "secure.bg-mania.jp",
   "secure.fortisbc.com",
   "secure.missouristate.edu",
   "secure.smartcart.com",
   "securedcard.merrickbank.com",
   "secureonline.dwp.gov.uk",
   "sems.hrd.ccsd.net",
   "service.autoc-one.jp",
   "services.apvma.gov.au",
+  "services.geotrust.com", // bug 1137677
   "servizionline.infogroup.it",
-  "sgp.kotoha.co.jp",
   "shinchiku.homes.co.jp",
-  "ship-book.kuronekoyamato.co.jp", // bug 1128366
   "shop.autoc-one.jp",
   "shop.kagome.co.jp",
   "shop.lococom.jp",
   "shop.maxim-ic.com",
   "shop.nanairo.coop", // bug 1128318
   "sigeduweb.udesa.edu.ar",
   "sirius.ws.ryukoku.ac.jp",
   "sisweb.ucd.ie",
   "slovanet.sk",
   "smartcart.com",
-  "smarticon.geotrust.com",
-  "smp-cmypage.kuronekoyamato.co.jp", // bug 1128366
+  "smarticon.geotrust.com", // bug 1137677
+  "soeasy.sodexo.be", // bug 1117157
   "sony.epk.tv",
   "spanish.visitkorea.or.kr",
-  "spp.kotoha.co.jp",
   "ss2.sfcollege.edu",
   "ss5.sfcollege.edu",
-  "ssl.0634.co.jp",
   "ssl.safaribooksonline.com", // bug 1133940
   "startrekonline.com",
   "store.closetmaid.com",
   "store.morningside.edu",
   "store.moxa.com",
-  "streams.spec.whatwg.org", // RC4
   "stub.com",
   "stubpass.com",
   "sumai.homes.co.jp",
   "support.crypticstudios.com",
   "support.ticketseating.com",
   "support.ticketsupply.com",
   "svrch13.sugarlandtx.gov",
-  "syuhai.kuronekoyamato.co.jp", // bug 1128366
   "syzygy.co.uk",
-  "takuhai-locker.kuronekoyamato.co.jp", // bug 1128366
   "taxbill365.com",
   "tele2.hr",
-  "tenkyo-tenso.kuronekoyamato.co.jp", // bug 1128366
   "thebookstore.tru.ca",
   "ticketseating.com",
   "ticketsupply.com",
   "tienda.boe.es",
   "todentaminen.posti.fi",
   "toushi.homes.co.jp",
   "trade.hsfund.com",
   "trueblue.jetblue.com",
-  "tsuhanshokai.kuronekoyamato.co.jp", // bug 1128366
-  "uketori.kuronekoyamato.co.jp", // bug 1128366
   "universal.epk.tv",
-  "url.spec.whatwg.org", // RC4
   "userdoor.com",
   "uslugi.beeline.am",
   "uslugi.beeline.kz",
   "utahbar.org", // bug 1127611
   "utradehub.or.kr",
   "uxxiportal.upct.es",
   "verkkokauppa.posti.fi",
   "vod.skyperfectv.co.jp",
   "web3.secureinternetbank.com", // bug 1111354
   "webapps.ou.edu",
   "webatm.landbank.com.tw",
   "webctmt.lau.edu.lb",
   "webmail.iyte.edu.tr",
   "websiti.cnbv.gob.mx",
   "webtv.tv2.no",
   "whataburger.com",
-  "whatwg.org", // RC4
-  "wiki.whatwg.org", // RC4
+  "whatwg.org", // bug 1137079
   "wis.ntu.edu.sg",
   "world-family.co.jp",
   "wszg.nbcs.gov.cn",
   "www.3zai.com",
   "www.accessingram.com",
   "www.acgov.org",
+  "www.aeroplan.com", // bug 1137543
   "www.affiliatewalla.com",
   "www.allinpay.com",
   "www.alphashirt.com",
   "www.ancelutil.com.uy",
   "www.animate-onlineshop.jp", // bug 1126652
   "www.apeasternpower.com",
   "www.apita.co.jp",
   "www.applied.com",
   "www.araggroup.com",
   "www.araglegalcenter.com",
   "www.arts.ac.uk",
   "www.asknow.com",
-  "www.augustasportswear.com",
   "www.auroragov.org",
   "www.bancocredichile.cl",
   "www.bancofrances.com.ar",
   "www.bankofthewest.com", // bug 1127204
   "www.bauschonline.com",
   "www.bbsfonline.com",
   "www.bettertrades.com",
   "www.bigflix.com",
@@ -432,27 +378,26 @@ static const char* const kIntolerantFall
   "www.bm-sms.co.jp",
   "www.bmfsfj.de",
   "www.boe.es",
   "www.bookstore.ccbcmd.edu",
   "www.bookstore.csi.edu",
   "www.bookstore.irsc.edu",
   "www.bookstore.mtu.edu",
   "www.bookstore.westga.edu",
-  "www.boostmobilesales.com", // 1112178
+  "www.boostmobilesales.com", // bug 1112178
   "www.borsaitaliana.it",
   "www.bottegaverde.es",
   "www.bottegaverde.it",
   "www.bottegaverde.pt",
   "www.bpionline.pt",
   "www.brb.com.br",
   "www.bundespruefstelle.de",
   "www.businessdirect.bt.com",
   "www.cafedumonde.jp",
-  "www.carcraft.co.uk",
   "www.care-mane.com",
   "www.careers.asio.gov.au",
   "www.chinapay.com",
   "www.cihi.ca",
   "www.cipd.co.uk",
   "www.club-animate.jp",
   "www.cngcorp.com",
   "www.coastcapitalsavings.com", // bug 1132540
@@ -484,27 +429,27 @@ static const char* const kIntolerantFall
   "www.econda-monitor.de",
   "www.emihub.com",
   "www.epk.tv",
   "www.epolicija.lt",
   "www.ermis.gov.gr",
   "www.erneuerbare-energien.de",
   "www.esadealumni.net",
   "www.esavingsaccount.co.uk",
+  "www.euronext.com", // bug 1136091
   "www.everyd.com",
   "www.expogrupo.com",
   "www.expohotelbarcelona.com",
   "www.ezpay.com.tw",
   "www.familien-wegweiser.de",
   "www.fdj.fr",
   "www.fj96336.com",
   "www.fn-neon.de",
   "www.foerderdatenbank.de",
   "www.fontainebleau.com",
-  "www.fora.se",
   "www.foundersc.com",
   "www.fsmoffice.net",
   "www.fubar.com",
   "www.fundsupermart.co.in",
   "www.gamers-onlineshop.jp", // bug 1126654
   "www.gbe-bund.de",
   "www.gestion.urjc.es",
   "www.giftcertificates.com",
@@ -512,72 +457,66 @@ static const char* const kIntolerantFall
   "www.gosignmeup.com", // bug 1116891
   "www.gotimeforce.com",
   "www.gtja.com",
   "www.hankyu-club.com",
   "www.haynes.co.uk",
   "www.hctmall.com.tw",
   "www.hercle.com",
   "www.hitachi-ies.co.jp",
-  "www.hollowayusa.com",
   "www.hoosierlottery.com",
   "www.hotel-story.ne.jp",
   "www.hpshop.gr",
   "www.hsbank.cc",
   "www.htsec.com",
   "www.hx168.com.cn",
-  "www.i-misdo.com",
   "www.iezukuri-net.com",
   "www.ingramentertainment.com",
   "www.interpark.com",
   "www.jaf.or.jp",
-  "www.jhct.co.jp",
   "www.jifenpay.com",
   "www.kaigojob.com",
   "www.kasite.net",
   "www.kfeducation.com",
   "www.khan.co.kr",
   "www.komatsu-kenki.co.jp",
   "www.komatsu.co.jp",
   "www.komatsu.com",
-  "www.kotoha.co.jp",
   "www.kracie.co.jp",
   "www.kredodirect.com.ua", // bug 1095507
   "www.kyusai.co.jp",
   "www.law888.com.tw",
   "www.learndoj.gov",
   "www.lib.cwu.edu",
   "www.libraryvideo.com",
   "www.licadho-cambodia.org", // bug 1133312
   "www.lm-order.de",
   "www.lococom.jp",
   "www.londonstockexchange.com",
   "www.marenostrumresort.com",
   "www.marketday.com", // bug 1092998
   "www.matkahuolto.info",
   "www.matrics.or.jp",
   "www.mecsumai.com",
-  "www.meiji-jisho.com",
   "www.mercatoneuno.com",
   "www.merrickbank.com",
   "www.meta-ehealth.com",
   "www.miracle-ear.com",
   "www.misterdonut.jp",
   "www.mizuno.jp",
   "www.mizunoshop.net",
   "www.monclick.fr",
   "www.monclick.it",
   "www.mopera.net",
   "www.mp2.aeroport.fr",
   "www.mpay.co.th",
   "www.mtsindia.in", // RC4
   "www.mwed.jp",
-  "www.my.airdo.jp",
+  "www.my.airdo.jp", // bug 1129773
   "www.mydress.com.tw",
-  "www.myhomest.co.jp",
   "www.mynpcdata.net",
   "www.nec-nexs.com",
   "www.neways.com",
   "www.newaysonline.com",
   "www.newchinalife.com",
   "www.nishi.or.jp",
   "www.nursejinzaibank.com",
   "www.orix-realestate.co.jp",
@@ -587,17 +526,16 @@ static const char* const kIntolerantFall
   "www.outlet01.com.tw",
   "www.oxendales.co.uk",
   "www.parionsweb.fr",
   "www.partnerandaffinitycards.co.uk", // RC4
   "www.pen-kanagawa.ed.jp",
   "www.peoples.com",
   "www.point-tactix.jp",
   "www.polla.cl",
-  "www.popehat.com", // RC4
   "www.priate.jp",
   "www.publicjobs.ie",
   "www.publicrecords.com",
   "www.purenurse.com",
   "www.pwcrecruiting.com",
   "www.razorgator.com",
   "www.renaultcredit.com.ar",
   "www.reputation.com",
@@ -605,16 +543,17 @@ static const char* const kIntolerantFall
   "www.rubriquefidelite.com",
   "www.s-book.net",
   "www.safepass.cn",
   "www.sandiegoimmunizationregistry.org",
   "www.schweser.com",
   "www.secure.missouristate.edu",
   "www.sendwordnow.com",
   "www.session.ne.jp",
+  "www.shadertoy.com", // bug 1137444
   "www.shanghaigm.com",
   "www.shiki.jp",
   "www.shinsei.e-aichi.jp",
   "www.shop.bt.com",
   "www.sihd-bk.jp",
   "www.sikatoru.com",
   "www.slovanet.sk",
   "www.smartcart.com",
@@ -646,33 +585,35 @@ static const char* const kIntolerantFall
   "www.ur-net.go.jp",
   "www.userdoor.com",
   "www.utahbar.org", // bug 1127611
   "www.utradehub.or.kr",
   "www.virgin.net",
   "www.visitkorea.or.kr",
   "www.wavecable.com",
   "www.whataburger.com",
-  "www.whatwg.org", // RC4
   "www.wingarc.com",
   "www.world-family.co.jp",
   "www.xm-l-tax.gov.cn",
   "www.yakult.co.kr",
   "www.yuuka.co.jp",
   "www.zenfolio.com",
   "www.zoominfo.com",
-  "www1.ibercajadirecto.com",
-  "www10.sim.edu.sg",
+  "www1.aeroplan.com", // bug 1137543
+  "www2.aeroplan.com", // bug 1137543
+  "www2.bancobrasil.com.br", // bug 1135966
   "www2.seibu.jp",
   "www2.shueisha.co.jp",
   "www2.sogo-gogo.com",
   "www2.wou.edu",
+  "www3.aeroplan.com", // bug 1137543
   "www3.econ.ne.jp",
   "www3.ibac.co.jp",
   "www3.taiheiyo-ferry.co.jp",
+  "www4.aeroplan.com", // bug 1137543
   "www4.econ.ne.jp",
+  "www41.bb.com.br", // bug 1135966
   "www5.econ.ne.jp",
   "wwws.kadokawa.co.jp",
-  "xhr.spec.whatwg.org", // RC4
   "yeswellnesspro.fsmoffice.net",
   "zenfolio.com",
   "zoominfo.com",
 };
--- a/security/manager/ssl/src/nsNSSIOLayer.cpp
+++ b/security/manager/ssl/src/nsNSSIOLayer.cpp
@@ -1880,26 +1880,44 @@ struct FallbackListComparator
   int operator()(const char* aVal) const {
     return strcmp(mTarget, aVal);
   }
 
 private:
   const char* mTarget;
 };
 
+static const char* const kFallbackWildcardList[] =
+{
+  ".kuronekoyamato.co.jp", // bug 1128366
+  ".userstorage.mega.co.nz", // bug 1133496
+  ".whatwg.org", // bug 1137079
+  ".wildcard.test",
+};
+
 bool
 nsSSLIOLayerHelpers::isInsecureFallbackSite(const nsACString& hostname)
 {
   size_t match;
-  if (mUseStaticFallbackList &&
-      BinarySearchIf(kIntolerantFallbackList, 0,
-        ArrayLength(kIntolerantFallbackList),
-        FallbackListComparator(PromiseFlatCString(hostname).get()),
-        &match)) {
-    return true;
+  if (mUseStaticFallbackList) {
+    const char* host = PromiseFlatCString(hostname).get();
+    if (BinarySearchIf(kIntolerantFallbackList, 0,
+          ArrayLength(kIntolerantFallbackList),
+          FallbackListComparator(host), &match)) {
+      return true;
+    }
+    for (size_t i = 0; i < ArrayLength(kFallbackWildcardList); ++i) {
+      size_t hostLen = hostname.Length();
+      const char* target = kFallbackWildcardList[i];
+      size_t targetLen = strlen(target);
+      if (hostLen > targetLen &&
+          !memcmp(host + hostLen - targetLen, target, targetLen)) {
+        return true;
+      }
+    }
   }
   MutexAutoLock lock(mutex);
   return mInsecureFallbackSites.Contains(hostname);
 }
 
 bool
 nsSSLIOLayerHelpers::isRenegoUnrestrictedSite(const nsCString& str)
 {
--- a/security/manager/ssl/tests/gtest/TLSIntoleranceTest.cpp
+++ b/security/manager/ssl/tests/gtest/TLSIntoleranceTest.cpp
@@ -596,37 +596,67 @@ TEST_F(TLSIntoleranceTest, TLS_Per_Site_
   ASSERT_TRUE(helpers.fallbackLimitReached(example_org, SSL_LIBRARY_VERSION_TLS_1_1));
   ASSERT_TRUE(helpers.fallbackLimitReached(example_org, SSL_LIBRARY_VERSION_TLS_1_0));
 }
 
 TEST_F(TLSIntoleranceTest, TLS_Static_Fallback_List)
 {
   NS_NAMED_LITERAL_CSTRING(fallback_test, "fallback.test");
   NS_NAMED_LITERAL_CSTRING(no_fallback_test, "no.fallback.test");
+  NS_NAMED_LITERAL_CSTRING(wildcard_test, "wildcard.test");
+  NS_NAMED_LITERAL_CSTRING(a_wildcard_test, "a.wildcard.test");
+  NS_NAMED_LITERAL_CSTRING(long_example_wildcard_test, "long.example.wildcard.test");
 
   helpers.mVersionFallbackLimit = SSL_LIBRARY_VERSION_TLS_1_0;
   helpers.mUseStaticFallbackList = false;
 
   ASSERT_FALSE(helpers.fallbackLimitReached(fallback_test, SSL_LIBRARY_VERSION_TLS_1_2));
   ASSERT_FALSE(helpers.fallbackLimitReached(fallback_test, SSL_LIBRARY_VERSION_TLS_1_1));
   ASSERT_TRUE(helpers.fallbackLimitReached(fallback_test, SSL_LIBRARY_VERSION_TLS_1_0));
   ASSERT_FALSE(helpers.fallbackLimitReached(no_fallback_test, SSL_LIBRARY_VERSION_TLS_1_2));
   ASSERT_FALSE(helpers.fallbackLimitReached(no_fallback_test, SSL_LIBRARY_VERSION_TLS_1_1));
   ASSERT_TRUE(helpers.fallbackLimitReached(no_fallback_test, SSL_LIBRARY_VERSION_TLS_1_0));
+  ASSERT_FALSE(helpers.fallbackLimitReached(wildcard_test, SSL_LIBRARY_VERSION_TLS_1_2));
+  ASSERT_FALSE(helpers.fallbackLimitReached(wildcard_test, SSL_LIBRARY_VERSION_TLS_1_1));
+  ASSERT_TRUE(helpers.fallbackLimitReached(wildcard_test, SSL_LIBRARY_VERSION_TLS_1_0));
+  ASSERT_FALSE(helpers.fallbackLimitReached(a_wildcard_test, SSL_LIBRARY_VERSION_TLS_1_2));
+  ASSERT_FALSE(helpers.fallbackLimitReached(a_wildcard_test, SSL_LIBRARY_VERSION_TLS_1_1));
+  ASSERT_TRUE(helpers.fallbackLimitReached(a_wildcard_test, SSL_LIBRARY_VERSION_TLS_1_0));
+  ASSERT_FALSE(helpers.fallbackLimitReached(long_example_wildcard_test, SSL_LIBRARY_VERSION_TLS_1_2));
+  ASSERT_FALSE(helpers.fallbackLimitReached(long_example_wildcard_test, SSL_LIBRARY_VERSION_TLS_1_1));
+  ASSERT_TRUE(helpers.fallbackLimitReached(long_example_wildcard_test, SSL_LIBRARY_VERSION_TLS_1_0));
 
   helpers.mVersionFallbackLimit = SSL_LIBRARY_VERSION_TLS_1_2;
 
   ASSERT_TRUE(helpers.fallbackLimitReached(fallback_test, SSL_LIBRARY_VERSION_TLS_1_2));
   ASSERT_TRUE(helpers.fallbackLimitReached(fallback_test, SSL_LIBRARY_VERSION_TLS_1_1));
   ASSERT_TRUE(helpers.fallbackLimitReached(fallback_test, SSL_LIBRARY_VERSION_TLS_1_0));
   ASSERT_TRUE(helpers.fallbackLimitReached(no_fallback_test, SSL_LIBRARY_VERSION_TLS_1_2));
   ASSERT_TRUE(helpers.fallbackLimitReached(no_fallback_test, SSL_LIBRARY_VERSION_TLS_1_1));
   ASSERT_TRUE(helpers.fallbackLimitReached(no_fallback_test, SSL_LIBRARY_VERSION_TLS_1_0));
+  ASSERT_TRUE(helpers.fallbackLimitReached(wildcard_test, SSL_LIBRARY_VERSION_TLS_1_2));
+  ASSERT_TRUE(helpers.fallbackLimitReached(wildcard_test, SSL_LIBRARY_VERSION_TLS_1_1));
+  ASSERT_TRUE(helpers.fallbackLimitReached(wildcard_test, SSL_LIBRARY_VERSION_TLS_1_0));
+  ASSERT_TRUE(helpers.fallbackLimitReached(a_wildcard_test, SSL_LIBRARY_VERSION_TLS_1_2));
+  ASSERT_TRUE(helpers.fallbackLimitReached(a_wildcard_test, SSL_LIBRARY_VERSION_TLS_1_1));
+  ASSERT_TRUE(helpers.fallbackLimitReached(a_wildcard_test, SSL_LIBRARY_VERSION_TLS_1_0));
+  ASSERT_TRUE(helpers.fallbackLimitReached(long_example_wildcard_test, SSL_LIBRARY_VERSION_TLS_1_2));
+  ASSERT_TRUE(helpers.fallbackLimitReached(long_example_wildcard_test, SSL_LIBRARY_VERSION_TLS_1_1));
+  ASSERT_TRUE(helpers.fallbackLimitReached(long_example_wildcard_test, SSL_LIBRARY_VERSION_TLS_1_0));
 
   helpers.mUseStaticFallbackList = true;
 
   ASSERT_FALSE(helpers.fallbackLimitReached(fallback_test, SSL_LIBRARY_VERSION_TLS_1_2));
   ASSERT_FALSE(helpers.fallbackLimitReached(fallback_test, SSL_LIBRARY_VERSION_TLS_1_1));
   ASSERT_TRUE(helpers.fallbackLimitReached(fallback_test, SSL_LIBRARY_VERSION_TLS_1_0));
   ASSERT_TRUE(helpers.fallbackLimitReached(no_fallback_test, SSL_LIBRARY_VERSION_TLS_1_2));
   ASSERT_TRUE(helpers.fallbackLimitReached(no_fallback_test, SSL_LIBRARY_VERSION_TLS_1_1));
   ASSERT_TRUE(helpers.fallbackLimitReached(no_fallback_test, SSL_LIBRARY_VERSION_TLS_1_0));
+  ASSERT_TRUE(helpers.fallbackLimitReached(wildcard_test, SSL_LIBRARY_VERSION_TLS_1_2));
+  ASSERT_TRUE(helpers.fallbackLimitReached(wildcard_test, SSL_LIBRARY_VERSION_TLS_1_1));
+  ASSERT_TRUE(helpers.fallbackLimitReached(wildcard_test, SSL_LIBRARY_VERSION_TLS_1_0));
+  ASSERT_FALSE(helpers.fallbackLimitReached(a_wildcard_test, SSL_LIBRARY_VERSION_TLS_1_2));
+  ASSERT_FALSE(helpers.fallbackLimitReached(a_wildcard_test, SSL_LIBRARY_VERSION_TLS_1_1));
+  ASSERT_TRUE(helpers.fallbackLimitReached(a_wildcard_test, SSL_LIBRARY_VERSION_TLS_1_0));
+  ASSERT_FALSE(helpers.fallbackLimitReached(long_example_wildcard_test, SSL_LIBRARY_VERSION_TLS_1_2));
+  ASSERT_FALSE(helpers.fallbackLimitReached(long_example_wildcard_test, SSL_LIBRARY_VERSION_TLS_1_1));
+  ASSERT_TRUE(helpers.fallbackLimitReached(long_example_wildcard_test, SSL_LIBRARY_VERSION_TLS_1_0));
 }