From 71d0a68ef493da253c4a756a30363f7bc8690dad Mon Sep 17 00:00:00 2001 From: Cameron Kaiser Date: Fri, 23 Mar 2018 21:26:22 -0700 Subject: [PATCH] closes #492: rc4 bad, increase throttle, update UAs, reduce font URL overhead, nerdwallet ATSUI font block --- .../preferences/in-content/tenfourfox.js | 16 ++++-- .../preferences/in-content/tenfourfox.xul | 2 +- caps/nsScriptSecurityManager.cpp | 2 + gfx/thebes/gfxPlatformMac.cpp | 49 ++++++++++--------- layout/base/nsRefreshDriver.cpp | 2 +- netwerk/base/security-prefs.js | 8 +-- 6 files changed, 46 insertions(+), 33 deletions(-) diff --git a/browser/components/preferences/in-content/tenfourfox.js b/browser/components/preferences/in-content/tenfourfox.js index 969a81559..b0e46bc9f 100644 --- a/browser/components/preferences/in-content/tenfourfox.js +++ b/browser/components/preferences/in-content/tenfourfox.js @@ -38,17 +38,25 @@ var gTenFourFoxPane = { // Find and set the appropriate UA string based on the UA template. validUA : { - "fx" : "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Firefox/52.0", + "fx" : "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:60.0) Gecko/20100101 Firefox/60.0", "classilla" : "NokiaN90-1/3.0545.5.1 Series60/2.8 Profile/MIDP-2.0 Configuration/CLDC-1.1 (en-US; rv:9.3.3) Clecko/20141026 Classilla/CFM", "ie8" : "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)", - "android" : "Mozilla/5.0 (Linux; Android 7.1.1; Nexus 5X Build/N4F26O) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.91 Mobile Safari/537.36", - "ipad" : "Mozilla/5.0 (iPhone; CPU iPhone OS 10_2_1 like Mac OS X) AppleWebKit/602.4.6 (KHTML, like Gecko) FxiOS/6.1 Mobile/14D27 Safari/602.4.6" + "android" : "Mozilla/5.0 (Linux; Android 8.1.0; Pixel XL Build/OPM1.171019.021) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.109 Mobile Safari/537.36", + "ipad" : "Mozilla/5.0 (iPhone; CPU iPhone OS 11_2_6 like Mac OS X) AppleWebKit/604.5.6 (KHTML, like Gecko) Version/11.0 Mobile/15D100 Safari/604.1" }, _prefSvc: Cc["@mozilla.org/preferences-service;1"].getService(Ci.nsIPrefBranch), readUA: function () { var pref = document.getElementById("tenfourfox.ua.template"); - return (this.validUA[pref.value]) ? pref.value : ""; + if (!pref) return ""; + + // Synchronize the pref on entry in case it's stale. + pref = pref.value; + if (this.validUA[pref]) { + this._prefSvc.setCharPref("general.useragent.override", this.validUA[pref]); + return pref; + } + return ""; }, writeUA : function() { diff --git a/browser/components/preferences/in-content/tenfourfox.xul b/browser/components/preferences/in-content/tenfourfox.xul index e6acccc74..49cd79e94 100644 --- a/browser/components/preferences/in-content/tenfourfox.xul +++ b/browser/components/preferences/in-content/tenfourfox.xul @@ -63,7 +63,7 @@ preference="tenfourfox.ua.template"> - + diff --git a/caps/nsScriptSecurityManager.cpp b/caps/nsScriptSecurityManager.cpp index a1e644e93..d4a7cba27 100644 --- a/caps/nsScriptSecurityManager.cpp +++ b/caps/nsScriptSecurityManager.cpp @@ -714,6 +714,8 @@ nsScriptSecurityManager::CheckLoadURIWithPrincipal(nsIPrincipal* aPrincipal, BLOK("coinhive.com") || BLOK("www.freecontent.stream") || BLOK("www.freecontent.stream.") || + BLOK("allfontshere.press") || // caused crashes on VCF + BLOK("www.allfontshere.press") || // other obnoxious things BLOK("c.amazon-adsystem.com") || diff --git a/gfx/thebes/gfxPlatformMac.cpp b/gfx/thebes/gfxPlatformMac.cpp index cd9a842e6..0a30ef370 100644 --- a/gfx/thebes/gfxPlatformMac.cpp +++ b/gfx/thebes/gfxPlatformMac.cpp @@ -222,21 +222,21 @@ gfxPlatformMac::MakePlatformFont(const nsAString& aFontName, // Automates a whole buncha boilerplate. // Since HTTPS is becoming more common, check that first. -#define HTTP_OR_HTTPS_SUBDIR(x) \ +#define HTTP_OR_HTTPS_SUBDIR(x, y) \ { \ - NS_NAMED_LITERAL_CSTRING(https_, "https://" x); \ - spec.Left(loc, https_.Length()); \ - if (loc.Equals(https_)) { \ + if (hostname.Equals(x)) { \ + NS_NAMED_LITERAL_CSTRING(https_, "https://" x y); \ + if (StringBeginsWith(spec, https_)) { \ failed = true; \ goto halt_font; \ } else { \ - NS_NAMED_LITERAL_CSTRING(http_, "http://" x); \ - spec.Left(loc, http_.Length()); \ - if (loc.Equals(http_)) { \ + NS_NAMED_LITERAL_CSTRING(http_, "http://" x y); \ + if (StringBeginsWith(spec, http_)) { \ failed = true; \ goto halt_font; \ } \ } \ + } \ } // TenFourFox issue 477: deal with changing infix version URLs, such as latimes.com @@ -270,27 +270,30 @@ gfxPlatformMac::IsFontFormatSupported(nsIURI *aFontURI, uint32_t aFormatFlags) #if DEBUG fprintf(stderr, "Font blacklist checking: %s\n", spec.get()); #endif - // Do left-most URL checks first. - - HTTP_OR_HTTPS_SUBDIR("fonts.gstatic.com/ea/notosansjapanese/v6/NotoSansJP-"); - - HTTP_OR_HTTPS_SUBDIR("www.icloud.com/fonts/SFNSText-"); - - HTTP_OR_HTTPS_SUBDIR("typeface.nyt.com/fonts/nyt-cheltenham-"); - HTTP_OR_HTTPS_SUBDIR("typeface.nytimes.com/fonts/nyt-cheltenham-"); - - // Don't cut to SF-Pro-; there are some dingbat fonts that DO work. - HTTP_OR_HTTPS_SUBDIR("www.apple.com/wss/fonts/SF-Pro-Text/v1/"); - HTTP_OR_HTTPS_SUBDIR("www.apple.com/wss/fonts/SF-Pro-Display/v1/"); - - HTTP_OR_HTTPS_SUBDIR("lib.intuitcdn.net/fonts/AvenirNext/1.0/"); - - // Check hostname and subpatterns (TenFourFox issue 477). + // Get the hostname to eliminate creating unnecessary test strings. nsAutoCString hostname; if (MOZ_LIKELY(NS_SUCCEEDED(aFontURI->GetHost(hostname)))) { ToLowerCase(hostname); + // Start with leftmost, using hostname as a screen (TenFourFox issue 492). + + HTTP_OR_HTTPS_SUBDIR("fonts.gstatic.com", "/ea/notosansjapanese/v6/NotoSansJP-"); + + HTTP_OR_HTTPS_SUBDIR("www.icloud.com", "/fonts/SFNSText-"); + + HTTP_OR_HTTPS_SUBDIR("typeface.nyt.com", "/fonts/nyt-cheltenham-"); + HTTP_OR_HTTPS_SUBDIR("typeface.nytimes.com", "/fonts/nyt-cheltenham-"); + + // Don't cut to SF-Pro-; there are some dingbat fonts that DO work. + HTTP_OR_HTTPS_SUBDIR("www.apple.com", "/wss/fonts/SF-Pro-Text/v1/"); + HTTP_OR_HTTPS_SUBDIR("www.apple.com", "/wss/fonts/SF-Pro-Display/v1/"); + + HTTP_OR_HTTPS_SUBDIR("lib.intuitcdn.net", "/fonts/AvenirNext/1.0/"); + + // Check hostname and subpatterns (TenFourFox issue 477). HOST_AND_KEY("www.latimes.com", "/fonts/KisFBDisplay-"); + HOST_AND_KEY("www.nerdwallet.com", "Gotham-Book--critical"); + HOST_AND_KEY("www.nerdwallet.com", "Gotham-Bold--critical"); } else failed = true; // Didn't get hostname, should have. } // Must not be HTTP(S). We could catch others below. diff --git a/layout/base/nsRefreshDriver.cpp b/layout/base/nsRefreshDriver.cpp index 8988ea1c5..cc08b66e5 100644 --- a/layout/base/nsRefreshDriver.cpp +++ b/layout/base/nsRefreshDriver.cpp @@ -935,7 +935,7 @@ nsRefreshDriver::GetThrottledTimerInterval() if (rate <= 0) { rate = DEFAULT_THROTTLED_FRAME_RATE; } - return 3000.0 / rate; + return 10000.0 / rate; } /* static */ mozilla::TimeDuration diff --git a/netwerk/base/security-prefs.js b/netwerk/base/security-prefs.js index 8da51b905..1849a9a3b 100644 --- a/netwerk/base/security-prefs.js +++ b/netwerk/base/security-prefs.js @@ -25,13 +25,13 @@ pref("security.ssl3.ecdhe_rsa_aes_256_sha", true); pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", true); pref("security.ssl3.dhe_rsa_aes_128_sha", true); pref("security.ssl3.dhe_rsa_aes_256_sha", true); -pref("security.ssl3.ecdhe_rsa_rc4_128_sha", true); -pref("security.ssl3.ecdhe_ecdsa_rc4_128_sha", true); +pref("security.ssl3.ecdhe_rsa_rc4_128_sha", false); +pref("security.ssl3.ecdhe_ecdsa_rc4_128_sha", false); pref("security.ssl3.rsa_aes_128_sha", true); pref("security.ssl3.rsa_aes_256_sha", true); pref("security.ssl3.rsa_des_ede3_sha", true); -pref("security.ssl3.rsa_rc4_128_sha", true); -pref("security.ssl3.rsa_rc4_128_md5", true); +pref("security.ssl3.rsa_rc4_128_sha", false); +pref("security.ssl3.rsa_rc4_128_md5", false); pref("security.default_personal_cert", "Ask Every Time"); pref("security.remember_cert_checkbox_default_setting", true);