Closed
Bug 2010919
Opened 18 days ago
Closed 18 days ago
WebAuthn calls with unsupported mediation requirements should be rejected
Categories
(Core :: DOM: Web Authentication, defect, P2)
Core
DOM: Web Authentication
Tracking
()
RESOLVED
FIXED
149 Branch
People
(Reporter: jschanck, Assigned: jschanck)
Details
Attachments
(4 files)
|
48 bytes,
text/x-phabricator-request
|
Details | Review | |
|
48 bytes,
text/x-phabricator-request
|
phab-bot
:
approval-mozilla-beta+
|
Details | Review |
|
48 bytes,
text/x-phabricator-request
|
phab-bot
:
approval-mozilla-esr140+
|
Details | Review |
|
48 bytes,
text/x-phabricator-request
|
phab-bot
:
approval-mozilla-release+
|
Details | Review |
No description provided.
|
Assignee | |
Comment 1•18 days ago
|
||
Pushed by jschanck@mozilla.com:
https://github.com/mozilla-firefox/firefox/commit/c22e6a7a15f4
https://hg.mozilla.org/integration/autoland/rev/4ec475428644
reject unsupported webauthn mediation requirements. r=keeler,webidl,smaug
|
||
Comment 3•18 days ago
|
||
| bugherder | ||
Status: ASSIGNED → RESOLVED
Closed: 18 days ago
status-firefox149:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 149 Branch
|
||
Comment 4•14 days ago
|
||
firefox-beta Uplift Approval Request
- User impact if declined: Unexpected WebAuthn prompts on sites that are using the new "conditional create" WebAuthn feature (https://github.com/w3c/webauthn/wiki/Explainer:-Conditional-Create).
- Code covered by automated testing: yes
- Fix verified in Nightly: yes
- Needs manual QE test: no
- Steps to reproduce for manual QE testing:
- Risk associated with taking this patch: low
- Explanation of risk level: Prior to this patch we were completely ignoring the
mediationoption to navigator.credentials.create. With this patch we allow-list the values of themediationoption that we support and explicitly return aNotSupportederror for values that we do not. - String changes made/needed: none
- Is Android affected?: yes
Attachment #9538905 -
Flags: approval-mozilla-beta?
|
|
Assignee | |
Comment 5•14 days ago
|
||
Original Revision: https://phabricator.services.mozilla.com/D279361
|
|
||
Comment 6•14 days ago
|
||
firefox-esr140 Uplift Approval Request
- User impact if declined: Unexpected WebAuthn prompts on sites that are using the new "conditional create" WebAuthn feature (https://github.com/w3c/webauthn/wiki/Explainer:-Conditional-Create).
- Code covered by automated testing: yes
- Fix verified in Nightly: yes
- Needs manual QE test: no
- Steps to reproduce for manual QE testing:
- Risk associated with taking this patch: low
- Explanation of risk level: Prior to this patch we were completely ignoring the
mediationoption to navigator.credentials.create. With this patch we allow-list the values of themediationoption that we support and explicitly return aNotSupportederror for values that we do not. - String changes made/needed: none
- Is Android affected?: yes
Attachment #9538907 -
Flags: approval-mozilla-esr140?
|
|
Assignee | |
Comment 7•14 days ago
|
||
Original Revision: https://phabricator.services.mozilla.com/D279361
|
|
||
Comment 8•14 days ago
|
||
firefox-release Uplift Approval Request
- User impact if declined: Unexpected WebAuthn prompts on sites that are using the new "conditional create" WebAuthn feature (https://github.com/w3c/webauthn/wiki/Explainer:-Conditional-Create).
- Code covered by automated testing: yes
- Fix verified in Nightly: yes
- Needs manual QE test: no
- Steps to reproduce for manual QE testing:
- Risk associated with taking this patch: low
- Explanation of risk level: Prior to this patch we were completely ignoring the
mediationoption to navigator.credentials.create. With this patch we allow-list the values of themediationoption that we support and explicitly return aNotSupportederror for values that we do not. - String changes made/needed: none
- Is Android affected?: yes
Attachment #9538908 -
Flags: approval-mozilla-release?
|
|
Assignee | |
Comment 9•14 days ago
|
||
Original Revision: https://phabricator.services.mozilla.com/D279361
|
|
||
Updated•14 days ago
|
Attachment #9538905 -
Flags: approval-mozilla-beta? → approval-mozilla-beta+
|
||
Updated•14 days ago
|
status-firefox148:
--- → fixed
|
||
Comment 10•14 days ago
|
||
| uplift | ||
|
|
||
Updated•12 days ago
|
Attachment #9538908 -
Flags: approval-mozilla-release? → approval-mozilla-release+
|
|
||
Updated•12 days ago
|
status-firefox147:
--- → fixed
|
|
||
Comment 11•12 days ago
|
||
| uplift | ||
|
|
||
Updated•11 days ago
|
Attachment #9538907 -
Flags: approval-mozilla-esr140? → approval-mozilla-esr140+
|
|
||
Updated•11 days ago
|
status-firefox-esr140:
--- → fixed
|
|
||
Comment 12•11 days ago
|
||
| uplift | ||
You need to log in
before you can comment on or make changes to this bug.
Description
•