tab crash on redirect to microsoft authentication
Categories
(Core :: DOM: Web Authentication, defect, P1)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox-esr115 | --- | unaffected |
| firefox120 | --- | unaffected |
| firefox121 | + | fixed |
| firefox122 | + | fixed |
People
(Reporter: cvandert, Assigned: jschanck)
References
(Regression)
Details
(Keywords: regression)
Attachments
(1 file)
|
48 bytes,
text/x-phabricator-request
|
RyanVM
:
approval-mozilla-beta+
|
Details | Review |
2023-11-24T16:26:53.178000: DEBUG : Found commit message:
Bug 1858799 - expose an nsIWebAuthnService on Windows. r=keeler
Differential Revision: https://phabricator.services.mozilla.com/D190978
2023-11-24T16:26:53.178000: DEBUG : Did not find a branch, checking all integration branches
2023-11-24T16:26:53.182000: INFO : The bisection is done.
2023-11-24T16:26:53.185000: INFO : Stopped
|
||
Updated•1 year ago
|
|
||
Comment 1•1 year ago
|
||
:jschanck, since you are the author of the regressor, bug 1858799, could you take a look? Also, could you set the severity field?
For more information, please visit BugBot documentation.
|
Assignee | |
Comment 2•1 year ago
|
||
Can you reproduce this on https://webauthn.io? Does it happen for some types of WebAuthn requests and not others?
I can reproduce this bug on https://webauthn.io with nightly on my work desktop, which is updated to the latest cumulative updates for windows. On my laptop the tab crash does not occur with nightly. But this is not updated to the latest windows update yet: 2023-10 Cumulative Update for Windows 10 Version 22H2 for x64-based Systems (KB5031356).
Hopefully this helps.
My desktop is updated to: Windows 10 Version 1809 for x64-based Systems (KB5032196)
|
||
Updated•1 year ago
|
|
||
Updated•1 year ago
|
|
|
Assignee | |
Comment 5•1 year ago
|
||
|
||
Updated•1 year ago
|
|
|
Assignee | |
Updated•1 year ago
|
|
||
Comment 7•1 year ago
|
||
| bugherder | ||
|
|
||
Comment 8•1 year ago
|
||
The patch landed in nightly and beta is affected.
:jschanck, is this bug important enough to require an uplift?
- If yes, please nominate the patch for beta approval.
- If no, please set
status-firefox121towontfix.
For more information, please visit BugBot documentation.
|
|
Assignee | |
Comment 9•1 year ago
|
||
Comment on attachment 9365667 [details]
Bug 1866614 - avoid reloading webauthn.dll if the library is not usable. r=keeler
Beta/Release Uplift Approval Request
- User impact if declined: A null pointer dereference crash upon loading webauthn.dll on some recent versions of Windows 10 (KB5032196 is the only confirmed affected version. I was not able to reproduce on KB5032189).
- Is this code covered by automated tests?: No
- Has the fix been verified in Nightly?: Yes
- Needs manual test from QE?: No
- If yes, steps to reproduce:
- List of other uplifts needed: None
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): The patch is simple. It clearly avoids the null pointer dereference in the affected case and does not change behavior for the unaffected case.
- String changes made/needed:
- Is Android affected?: No
|
|
||
Comment 10•1 year ago
|
||
Comment on attachment 9365667 [details]
Bug 1866614 - avoid reloading webauthn.dll if the library is not usable. r=keeler
Approved for 121.0b5.
|
||
Comment 11•1 year ago
|
||
| uplift | ||
|
|
||
Comment 12•1 year ago
|
||
Thanks for the report! This should be fixed in current Nightly builds and in tomorrow's 121.0b5 build. If you could re-test and confirm, that would be fantastic.
|
Reporter | |
Comment 13•1 year ago
|
||
Yes great, it works for me with nightly, but not yet for Firefox developer.
Description
•