ma1 pushed to branch tor-browser-115.27.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: f89188bd by Tom Schuster at 2025-08-18T17:22:37+02:00 Bug 672618 - Don't execute javascript: URLs on CTRL+click, middle-click etc. r=dao Differential Revision: https://phabricator.services.mozilla.com/D256648 BB 44100: cherry-picked except tests - - - - - 85feb19a by Steve Fink at 2025-08-18T17:22:42+02:00 Bug 1977130 - Error-check pthread_getattr_np. r=glandium,spidermonkey-reviewers,jandem, a=RyanVM Differential Revision: https://phabricator.services.mozilla.com/D258648 - - - - - 3239846a by Kershaw Chang at 2025-08-18T17:22:43+02:00 Bug 1979955 - ensure transaction is alive (for ESR140), a=RyanVM Differential Revision: https://phabricator.services.mozilla.com/D260484 - - - - - 5 changed files: - browser/actors/ClickHandlerChild.sys.mjs - browser/app/profile/firefox.js - js/src/util/NativeStack.cpp - mozglue/misc/StackWalk.cpp - netwerk/protocol/http/nsHttpConnection.cpp Changes: ===================================== browser/actors/ClickHandlerChild.sys.mjs ===================================== @@ -12,12 +12,26 @@ ChromeUtils.defineESModuleGetters(lazy, { E10SUtils: "resource://gre/modules/E10SUtils.sys.mjs", }); +XPCOMUtils.defineLazyPreferenceGetter( + lazy, + "autoscrollEnabled", + "general.autoScroll", + true +); + +XPCOMUtils.defineLazyPreferenceGetter( + lazy, + "blockJavascript", + "browser.link.alternative_click.block_javascript", + true +); + export class MiddleMousePasteHandlerChild extends JSWindowActorChild { handleEvent(clickEvent) { if ( clickEvent.defaultPrevented || clickEvent.button != 1 || - MiddleMousePasteHandlerChild.autoscrollEnabled + lazy.autoscrollEnabled ) { return; } @@ -34,13 +48,6 @@ export class MiddleMousePasteHandlerChild extends JSWindowActorChild { } } -XPCOMUtils.defineLazyPreferenceGetter( - MiddleMousePasteHandlerChild, - "autoscrollEnabled", - "general.autoScroll", - true -); - export class ClickHandlerChild extends JSWindowActorChild { handleEvent(wrapperEvent) { this.handleClickEvent(wrapperEvent.sourceEvent); @@ -112,6 +119,14 @@ export class ClickHandlerChild extends JSWindowActorChild { }; if (href && !isFromMiddleMousePasteHandler) { + if ( + lazy.blockJavascript && + Services.io.extractScheme(href) == "javascript" + ) { + // We don't want to open new tabs or windows for javascript: links. + return; + } + try { Services.scriptSecurityManager.checkLoadURIStrWithPrincipal( principal, ===================================== browser/app/profile/firefox.js ===================================== @@ -759,6 +759,9 @@ pref("browser.link.open_newwindow.restriction", 2); pref("browser.link.open_newwindow.disabled_in_fullscreen", false); #endif +// If true, opening javscript: URLs using middle-click, CTRL+click etc. are blocked. +pref("browser.link.alternative_click.block_javascript", true); + // Tabbed browser pref("browser.tabs.closeTabByDblclick", false); pref("browser.tabs.closeWindowWithLastTab", true); ===================================== js/src/util/NativeStack.cpp ===================================== @@ -95,17 +95,16 @@ void* js::GetNativeStackBaseImpl() { pthread_t thread = pthread_self(); pthread_attr_t sattr; pthread_attr_init(&sattr); - pthread_getattr_np(thread, &sattr); + int rc = pthread_getattr_np(thread, &sattr); + MOZ_RELEASE_ASSERT(rc == 0, "pthread_getattr_np failed"); // stackBase will be the *lowest* address on all architectures. void* stackBase = nullptr; size_t stackSize = 0; - int rc = pthread_attr_getstack(&sattr, &stackBase, &stackSize); - if (rc) { - MOZ_CRASH( - "call to pthread_attr_getstack failed, unable to setup stack range for " - "JS"); - } + rc = pthread_attr_getstack(&sattr, &stackBase, &stackSize); + MOZ_RELEASE_ASSERT(rc == 0, + "call to pthread_attr_getstack failed, unable to setup " + "stack range for JS"); MOZ_RELEASE_ASSERT(stackBase, "invalid stack base, unable to setup stack range for JS"); pthread_attr_destroy(&sattr); @@ -148,7 +147,8 @@ void* js::GetNativeStackBaseImpl() { * FIXME: this function is non-portable; * other POSIX systems may have different np alternatives */ - pthread_getattr_np(thread, &sattr); + MOZ_RELEASE_ASSERT(pthread_getattr_np(thread, &sattr) == 0, + "pthread_getattr_np failed"); # endif void* stackBase = 0; ===================================== mozglue/misc/StackWalk.cpp ===================================== @@ -695,7 +695,8 @@ MFBT_API void MozStackWalk(MozWalkStackCallback aCallback, # elif defined(ANDROID) pthread_attr_t sattr; pthread_attr_init(&sattr); - pthread_getattr_np(pthread_self(), &sattr); + int rc = pthread_getattr_np(pthread_self(), &sattr); + MOZ_RELEASE_ASSERT(rc == 0, "pthread_getattr_np failed"); void* stackBase = stackEnd = nullptr; size_t stackSize = 0; if (gettid() != getpid()) { ===================================== netwerk/protocol/http/nsHttpConnection.cpp ===================================== @@ -1635,9 +1635,10 @@ nsresult nsHttpConnection::OnSocketWritable() { } LOG((" writing transaction request stream\n")); - rv = mTransaction->ReadSegmentsAgain(this, - nsIOService::gDefaultSegmentSize, - &transactionBytes, &again); + RefPtr<nsAHttpTransaction> transaction = mTransaction; + rv = transaction->ReadSegmentsAgain(this, + nsIOService::gDefaultSegmentSize, + &transactionBytes, &again); if (mTlsHandshaker->EarlyDataUsed()) { mContentBytesWritten0RTT += transactionBytes; if (NS_FAILED(rv) && rv != NS_BASE_STREAM_WOULD_BLOCK) { @@ -1660,7 +1661,8 @@ nsresult nsHttpConnection::OnSocketWritable() { static_cast<uint32_t>(mSocketOutCondition), again)); // XXX some streams return NS_BASE_STREAM_CLOSED to indicate EOF. - if (rv == NS_BASE_STREAM_CLOSED && !mTransaction->IsDone()) { + if (rv == NS_BASE_STREAM_CLOSED && + (mTransaction && !mTransaction->IsDone())) { rv = NS_OK; transactionBytes = 0; } @@ -1703,7 +1705,8 @@ nsresult nsHttpConnection::OnSocketWritable() { // When Spdy tunnel is used we need to explicitly set when a request is // done. if ((mState != HttpConnectionState::SETTING_UP_TUNNEL) && !mSpdySession) { - nsHttpTransaction* trans = mTransaction->QueryHttpTransaction(); + nsHttpTransaction* trans = + mTransaction ? mTransaction->QueryHttpTransaction() : nullptr; // needed for websocket over h2 (direct) if (!trans || !trans->IsWebsocketUpgrade()) { mRequestDone = true; @@ -1806,7 +1809,8 @@ nsresult nsHttpConnection::OnSocketReadable() { rv = NS_ERROR_FAILURE; LOG((" No Transaction In OnSocketWritable\n")); } else { - rv = mTransaction->WriteSegmentsAgain( + RefPtr<nsAHttpTransaction> transaction = mTransaction; + rv = transaction->WriteSegmentsAgain( this, nsIOService::gDefaultSegmentSize, &n, &again); } LOG(("nsHttpConnection::OnSocketReadable %p trans->ws rv=%" PRIx32 View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/667d6de... -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/667d6de... You're receiving this email because of your account on gitlab.torproject.org.