Bug#959805: libproxy1-plugin-mozjs: Passes invalid/corrupted strings to FindProxyForURL()

Simon McVittie smcv at debian.org
Tue May 5 15:29:41 BST 2020


Package: libproxy1-plugin-mozjs
Version: 0.4.15-13
Severity: important
Tags: patch upstream
Forwarded: https://github.com/libproxy/libproxy/issues/119

I made the mistake of trying to add an autopkgtest to
libproxy1-plugin-mozjs, which revealed that it does not, in fact, work.
At least when compiled with recent toolchains, the URL and host passed
to FindProxyForURL() are corrupted due to a use-after-free, which makes
the JavaScript proxy autoconfiguration unable to express anything that
couldn't be done in a much simpler way with static proxy configuration.

I sent a patch upstream.

However, this plugin has a popcon of 108 installations (compared with 27K
for its webkit counterpart), wasn't shipped in buster, and I don't think
we consider mozjs68 to be safe for use with untrusted content (although
PAC is probably at least semi-trusted in any reasonable threat model);
so perhaps it should just be removed instead?

    smcv



More information about the pkg-gnome-maintainers mailing list