Commit Graph

315 Commits

Author SHA1 Message Date
David Keeler
d26e95be10 bug 1257403 - don't bother verifying CA or email certificates when importing r=Cykesiopka
Incidentally, this means we can remove certificateUsageVerifyCA and
certificateUsageStatusResponder from CertVerifier, since we no longer use them.

MozReview-Commit-ID: Bbqn8fShfTm

--HG--
extra : rebase_source : 012cb08dcbe33fe889c9f6824959b1a02cd0bdc7
2017-09-22 15:42:20 -07:00
Chris Peterson
9f4c1f5278 Bug 870698 - Part 1: Replace Assign("") with AssignLiteral(""). r=erahm
MozReview-Commit-ID: A0u9PP49OW3

--HG--
extra : rebase_source : 7d5286959f510eb4b7df1b7e32d5b9b58719c48b
extra : intermediate-source : f552b4a78236c42bc09030b3eb008725a3edb9c8
extra : source : 26ac4a1014f6661a70e3bf9f552407e12c2c3981
2017-09-03 22:12:56 -07:00
David Keeler
bae8112f6b bug 1400913 - back out the functionality changes from bug 1364159 (but keep the test) r=jcj
Bug 1364159 introduced an optimization that attempted to avoid reading from the
user's cached certificate database as much as possible when building a verified
certificate chain. Unfortunately this had the side-effect of not preferring root
certificates in path building, which can result in unnecessarily long chains
(which rather defeats the purpose, since it means more signature verifications).
This patch reverts the functionality changes from that bug but keeps the test
that was added (the test didn't directly test the functionality changes - it's
more of a check that path building will query the cached certificate db when
necessary).

MozReview-Commit-ID: I56THTLUytH

--HG--
extra : rebase_source : 7db9597e25b98942450840519d707046cc660781
2017-09-18 10:28:58 -07:00
David Keeler
9f77404d3f bug 1398932 - add a preference for enabling the sqlite-backed NSS databases r=Cykesiopka,jcj
In the future, bug 1377940 will make the sqlite-backed databases the default,
but until we're sure this will stick we want to be able to control this with a
Firefox-only change. The use of a preference to configure which format to use
will hopefully allow us to restore the old behavior quickly and relatively
safely if necessary. Note that doing this should be done with care; any changes
made in the sqlite databases after upgrade migration will not be reflected if
we need to go back to the old database format. Thus, user data (imported CAs,
client certificates, and keys) can be lost.

MozReview-Commit-ID: tkovdiCU9v

--HG--
extra : rebase_source : e74358bd65afb5844fa8fc5b729eba2bbc5bb2db
2017-09-06 14:31:27 -07:00
Kris Maglione
6bad4f8ef7 Bug 1366511: Part 3 - Add mozilla::ToResult() to convert other result types to equivalent Result. r=nbp,ehsan
Also adds a mozilla/ResultExtensions.h header to define the appropriate
conversion functions for nsresult and PRResult. This is in a separate header
since those types are not available in Spidermonkey, and this is the pattern
other *Extensions.h headers follow.

Also removes equivalent NS_TRY macros and WrapNSResult inlines that served the
same purpose in existing code, and are no longer necessary.

MozReview-Commit-ID: A85PCAeyWhx

--HG--
extra : rebase_source : a5988ff770888f901dd0798e7717bcf6254460cd
2017-08-29 21:28:31 -07:00
Stephanie Ouillon
73e9f686e8 Bug 1343202 - Utility function for decoding an InclusionProof structure; r=ckerschb,keeler
MozReview-Commit-ID: 1x2Cwan8nLL

--HG--
extra : rebase_source : 079a8945f4d04be06dd99b776246d9b96930613a
2017-08-18 09:50:49 +02:00
Stephanie Ouillon
3bac94ec4a Bug 1343202 - Move Buffer definition into its own file; r=keeler,rbarnes
MozReview-Commit-ID: JHAXllvfG3x

--HG--
extra : rebase_source : 4c18c882bea0f1d4f507baa47910672d80d73c72
2017-08-17 09:23:29 +02:00
David Keeler
d11da41c16 bug 1389664 - centralize on-demand empty pin initialization of the user's NSS database r=Cykesiopka,jcj
The sqlite-backed NSS database implementation requires explicitly setting some
kind of pin (password, really). To maintain behavior compatibility with the old
database implementation, we set the pin to the empty string as necessary.
Previously this would only happen on Android (NSS_DISABLE_DBM builds), but
because we're moving towards using the sqlite-backed implementation on all
platforms, we should enable this code everywhere and move it to a more central
location.

This also fixes some now-unnecessary test behavior.

MozReview-Commit-ID: KKtxmvOZt78

--HG--
extra : rebase_source : 0de061928bf63b62386a4e244b326610d32cd122
2017-07-18 15:05:58 -07:00
David Keeler
8b85837b61 bug 1372656 - load loadable roots on a background thread r=Cykesiopka,jcj
In a profile, loading the loadable roots PKCS#11 module (i.e. the built-in root
CA module) accounted for about 60% of the time to initialize PSM/NSS. Since we
only need the roots module loaded when we're actually looking for an issuing
certificate or querying a certificate's trust, we can do the load
asynchronously (where it hopefully finishes before we actually need it, because
otherwise we'll have to wait anyway).

MozReview-Commit-ID: JyY6NtpQAUj

--HG--
extra : rebase_source : f63a697b18a409dd042289afa2b727b09f81f19f
2017-06-08 16:10:00 -07:00
David Keeler
f60f796fb1 bug 1356623 - remove now-unnecessary CNNIC certificate whitelist r=jcj
As a result of CNNIC issuing an unconstrained intermediate certificate that
misissued an end-entity certificate for google.com (see bug 1146026 and
bug 1177209), we implemented a system that would in theory enable Firefox to
continue to trust certificates that were valid at the time but not newly issued
certificates. This consisted of a whitelist added in bug 1151512. The CNNIC
roots have since been removed from NSS in bug 1380868. We can now remove the
whitelist in Firefox.

MozReview-Commit-ID: 7VXOuvwzbct

--HG--
extra : rebase_source : 20e6e39c40417a9b7f2962e06cf9de85e3e08ee8
2017-08-03 16:17:11 -07:00
Kate McKinley
a85cfefb59 Bug 1380872 remove EV treatment for "China Internet Network Information Center EV Certificates Root" r=keeler
Disable EV treatment in preparation for removing the CNNIC root certificates
from NSS.

MozReview-Commit-ID: Anz1vXqABUM

--HG--
extra : rebase_source : 694d8321b9f5994fe57e81cb3169681c5e491910
2017-07-18 11:18:47 -07:00
Kate McKinley
67464ef73c Bug 1380821 remove EV treatment for UTN-USERFirst-Hardware r=keeler
The CA, Comodo, has requested that we remove the UTN-USERFirst-Hardware
root certificate from NSS. First remove EV treatment.

MozReview-Commit-ID: 8OTsevYOuKq

--HG--
extra : rebase_source : aabb219bcbee1c667bae29df618449df4b50d548
2017-07-18 11:28:26 -07:00
Nicholas Nethercote
3e439bb4f8 Bug 1376638 - Minimize uses of prmem.h. r=glandium.
It's silly to use prmem.h within Firefox code given that in our configuration
its functions are just wrappers for malloc() et al. (Indeed, in some places we
mix PR_Malloc() with free(), or malloc() with PR_Free().)

This patch removes all uses, except for the places where we need to use
PR_Free() to free something allocated by another NSPR function; in those cases
I've added a comment explaining which function did the allocation.

--HG--
extra : rebase_source : 0f781bca68b5bf3c4c191e09e277dfc8becffa09
2017-06-30 19:05:41 -07:00
Cykesiopka
0adca03a5d Bug 1368107 - Remove TransportSecurityInfo::GetHostNameRaw(). r=keeler
GetHostNameRaw() returns a char* string, which is less safe and ergonomic
compared to the Mozilla string classes. GetHostName() can be used instead.

MozReview-Commit-ID: GYvTnISNN35

--HG--
extra : rebase_source : da257f5fba2c26cd92d932c3d1d363458b84a65b
2017-06-03 13:35:51 +08:00
David Keeler
3e029fa5c8 bug 1359514 - remove EV treatment for "Swisscom Root EV CA 2" r=kmckinley
The "Swisscom Root EV CA 2" root is no longer in use and will be removed from
the built-in root CA list. However, we have to remove its EV treatment first.

MozReview-Commit-ID: 2TZRt5px7bl

--HG--
extra : rebase_source : 68902555ffe62a973cfaac3af531e96aa288a339
2017-05-25 13:55:15 -07:00
David Keeler
3ddfb3c1ce bug 1364159 - potentially avoid calling CERT_CreateSubjectCertList in NSSCertDBTrustDomain::FindIssuer r=Cykesiopka,jcj
CERT_CreateSubjectCertList is not an inexpensive function call, since it
enumerates the certificate database (i.e. reads from disk a lot). If we're
verifying for a TLS handshake, however, we should already have in memory a
certificate chain sent by the peer (there are some cases where we won't, such as
session resumption (see bug 731478)). If we can, we should use those
certificates before falling back to calling CERT_CreateSubjectCertList.

MozReview-Commit-ID: ASjVGsELb1O

--HG--
extra : rebase_source : 1efc635d4a98079c87f77ef3794e4b2f20eec59f
2017-05-11 16:41:12 -07:00
Cykesiopka
7b21c27198 Bug 1308143 - Clean up ExtendedValidation.cpp. r=keeler
In general, the changes here attempt to:
1. Fix up the style to match modern PSM style.
2. Shorten unnecessarily long code.
3. Reduce global scope pollution.

MozReview-Commit-ID: GFyqFgV0RLD

--HG--
extra : source : 8cb5ee464e42ff07324922abeffef00c7cb1fb1b
2017-05-09 00:53:21 +08:00
Cykesiopka
a05d6a925c Bug 1361750 - Disable various MSVC 2017 warnings in PSM to unbreak --enable-warnings-as-errors builds. r=keeler
MSVC 2017 headers aren't warning free at the -Wall level.
Since PSM enables -Wall in some moz.build files, this breaks
--enable-warnings-as-errors builds.
As a temporary measure, disable enough warnings to get working builds.

MozReview-Commit-ID: G0oUsAYYct2

--HG--
extra : rebase_source : dc37783c89e66a54510c9940f9eaa5a4340ef43e
2017-05-05 00:41:33 +08:00
David Keeler
c138b8d0b6 bug 1349312 - part 1/2: patch CT implementation to include debug-only test logs r=Cykesiopka,jcj
MozReview-Commit-ID: Gay4bliuiDc

This modifies getCTKnownLogs.py to inject 3 debug-only Certificate Transparency
log keys and 2 organizations ("Mozilla Test Org 1" and "2") for use with
integration tests. Also updates CTKnownLogs.h as generated by the python script.

The debug logs use the "default", "secp256r1", and "alternate" keys that are
already present in our testing infrastructure (see pykey.py).

--HG--
extra : rebase_source : 3d4fc736f840cd080fab6b8c6c5b53cc9361abf2
2017-04-19 14:02:26 -07:00
David Keeler
455ab646d3 bug 1337950 - work around failing to load a FIPS PKCS#11 module DB in NSS initialization r=Cykesiopka,jcj
Firefox essentially does not support running NSS in FIPS mode any longer. This
has always been the case on Android from what I can tell and it has been the
case on OS X since at least version 34 (see bug 1047584). It became the case on
Windows as of version 53 (see bug 1295937). Unfortunately, before this patch,
if a user attempted to run an affected version of Firefox using a profile
directory containing an NSS database collection that had FIPS enabled, NSS
initialization would fail and fall back to running in no DB mode, which had the
side-effect of making any saved passwords and certificates unavailable. This
patch attempts to detect and work around this failure mode by moving the
PKCS#11 module DB (which is where the FIPS bit is set) to a backup location and
basically running with a fresh, non-FIPS module DB. This allows Firefox to
initialize NSS with the preexisting key and certificate databases available.

MozReview-Commit-ID: 1E4u1ngZyRv

--HG--
rename : security/manager/ssl/tests/unit/test_sdr_preexisting.js => security/manager/ssl/tests/unit/test_broken_fips.js
rename : security/manager/ssl/tests/unit/test_sdr_preexisting/key3.db => security/manager/ssl/tests/unit/test_broken_fips/key3.db
extra : rebase_source : 887f457e998d6e57c6536573fbe3cb10547fe154
2017-04-20 10:31:22 -07:00
David Keeler
af0ce9fbd6 bug 1357226 - work around a library inefficiency with EC keys when verifying ECDSA signatures r=fkiefer,jcj
Calling VFY_VerifyDigestDirect causes the provided SECKEYPublicKey to be
reimported to the softoken regardless of if it already exists on it. EC keys
must be verified upon import (to see if the point is on the curve to avoid some
small subgroup attacks), and so repeatedly doing this with a static key (say,
for example, a key corresponding to a built-in certificate transparency log) is
inefficient. This patch alters the certificate transparency implementation to
import these keys each once and then use PK11_Verify for ECDSA signature
verification, which doesn't have the same drawback.

Since this change causes CertVerifier to hold an NSS resource (via its
MultiLogCTVerifier having a list of CTLogVerifier, each of which now has a
SECKEYPublicKey), nsNSSComponent has to make sure it goes away before shutting
down NSS. This patch ensures this happens in nsNSSComponent::ShutdownNSS().

MozReview-Commit-ID: 6VSmz7S53y2

--HG--
extra : rebase_source : 4994db9de80a6c1aec3d7e322ff30d040140ce92
2017-04-11 14:11:28 -07:00
David Keeler
07f34ebd2f bug 1352262 - make OCSP timeout values configurable r=Cykesiopka,jcj
The default OCSP timeout for soft-fail DV is still 2 seconds. This patch makes
it configurable on the interval (0, 5] seconds.

The default OCSP timeout for EV and hard-fail DV is still 10 seconds. This patch
makes it configurable on the interval (0, 20] seconds.

MozReview-Commit-ID: CPd8pwYrJhj

--HG--
extra : rebase_source : 45bd7d06ea013f0a776ea18be9408dedb18271d8
2017-03-31 15:21:40 -07:00
Adam Velebil
69da80395b Bug 1308100 - Replace PL_strlen/PL_strnlen with strlen/strnlen;r=erahm
MozReview-Commit-ID: CGnzomkIsi5
***
Bug 1308100 - Replace PL_strlen/PL_strnlen with strlen/strnlen;r?erahm

--HG--
extra : rebase_source : a14b1538ed91848ecd02fb4607bce4cb9b2ab7c4
2017-04-13 20:47:00 +02:00
David Keeler
47263aefb3 bug 1349762 - handle two GlobalSign EV root transfers r=Cykesiopka,jcj
(adapted from bug 1349762 comment 0)
Google Trust Services (GTS) recently purchased two roots from GlobalSign that
are both enabled for EV treatment: "GlobalSign Root CA - R2" and "GlobalSign ECC
Root CA - R4".

However, GTS does not have an EV audit, so we are going to turn off EV treatment
for both of those root certificates.

But "GlobalSign Root CA - R2" has intermediate cert "GlobalSign Extended
Validation CA - SHA256 - G2" that continues to be controlled by GlobalSign, to
be used to migrate their customers off dependence on that root.

This patch removes EV treatment for "GlobalSign ECC Root CA - R4". It also
removes EV treatment for all chains rooted in "GlobalSign Root CA - R2" unless
the "GlobalSign Extended Validation CA - SHA256 - G2" intermediate is in the
chain.

MozReview-Commit-ID: Ej9L9zTwoPN

--HG--
extra : rebase_source : 575f1a48646cf728d879d0cf53c888654e4a32ad
2017-04-03 17:17:38 -07:00
Cykesiopka
7995951109 Bug 1338897 - Avoid using NSS Base64 functions in PSM. r=keeler
The NSS Base64 functions are less safe and convenient to use than the XPCOM ones.
They're also an unnecessary dependency on NSS.

The NSS Base64 functions behave slightly differently than the XPCOM ones:
1. ATOB_ConvertAsciiToItem() / NSSBase64_DecodeBuffer() silently ignore invalid
   characters like CRLF, space and so on. Base64Decode() will return an error
   if these characters are encountered.
2. BTOA_DataToAscii() will produce output that has CRLF inserted every 64
   characters. Base64Encode() doesn't do this.

For the reasons listed below, no unexpected compatibility issues should arise:
1. AppSignatureVerification.cpp already filters out CRLF and spaces for Manifest
   and Signature values before decoding.
2. ExtendedValidation.cpp is only given what should be valid hard-coded input to
   decode.
3. ContentSignatureVerifier.cpp already splits on CRLF for when it needs to
   decode PEM certs. Spaces shouldn't be likely.
   For Content-Signature header verification, examination of real input to a
   running instance of Firefox suggests CRLF and spaces will not be present in
   the header to decode.
4. nsCryptoHash.cpp encode is affected, but we actually don't want the CRLF
   behaviour.
5. nsDataSignatureVerifier.cpp decode is affected, but we add whitespace
   stripping to maintain backwards compatibility.
6. nsKeygenHandler.cpp encode is affected, but the previous CRLF behaviour was
   arguably a bug, since neither WHATWG or W3C specs specified this.

MozReview-Commit-ID: IWMFxqVZMeX

--HG--
extra : rebase_source : 4863b2e5eabef0555e8e1ebe39216d0d9393f3e9
2017-03-17 23:31:40 +08:00
David Major
ed12ea611f Bug 1346078: Remove nsAString_internal and just use the nsAString name directly. r=bsmedberg
MozReview-Commit-ID: DWDEDMIVKm7

--HG--
extra : rebase_source : 7fe8dc07c816dca234c67761e61cdee372a87e97
2017-03-10 15:17:23 +13:00
Joel Maher
41e6060a92 Bug 1344829 - add BUG_COMPONENT to security/* files. r=keeler
MozReview-Commit-ID: AS6e14FOqsb
2017-03-09 05:33:30 -05:00
Cykesiopka
0aa3a82f68 Bug 1310127 - Part 10: Handle netwerk/protocol/http MOZ_MUST_USE functions in PSM. r=wcpan
The only unhandled call updates nsHTTPListener::mHttpResponseContentType, but
nothing actually uses the value of mHttpResponseContentType.

MozReview-Commit-ID: FQXESvoO2ZN

--HG--
extra : rebase_source : 547158311de136054acff2539ea6a8bdbfb8227b
2016-12-28 16:25:22 +08:00
David Keeler
8fa9a9c682 bug 1294580 - prevent end-entity certificates from being their own trust anchors r=Cykesiopka
MozReview-Commit-ID: KaZaFG8AWwl

--HG--
extra : rebase_source : 8cba6d29febc73e65ff54bc754ab9d016e140d6f
2017-02-24 12:32:41 -08:00
Cykesiopka
90e8bc1b28 Bug 1026589 - Enable more GCC/Clang compiler warnings (-Wextra) for security/certverifier. r=keeler
Original patch by Camilo Viecco.

MozReview-Commit-ID: 4LWpueoyQHL

--HG--
extra : rebase_source : 85563711287ad851019c4031d97c1d309f066139
2017-02-23 23:19:55 +08:00
David Keeler
fca1830f46 bug 1341905 - double-check that uses of CERT_LIST_* are safe in PSM r=jcj
MozReview-Commit-ID: BhGHd9xUUbP

--HG--
extra : amend_source : b7f8260719a3d918867a8ed7cf092e2909193bb5
2017-02-22 15:07:05 -08:00
Jeff Walden
d5deea2a4f Bug 1338374 - Make Vector not use AlignedStorage for its inline element storage. r=froydnj, r=keeler
--HG--
extra : rebase_source : 81eb5278404b4843ed5a59819f6000f74200aa41
2017-01-30 15:56:05 -08:00
Kai Engert
fb7e5cbb5d Bug 1324096, PSM should check the roots module for a flag, that allows to distinguish between Mozilla-CA-Policy CAs and other CAs, r=dkeeler 2017-02-22 18:02:48 +01:00
Jonathan Hao
4489e44dc2 Bug 1323644 - Isolate the HSTS and HPKP storage by first party domain (PSM) r=Cykesiopka,keeler
MozReview-Commit-ID: HhFFqtpBNjO

--HG--
extra : rebase_source : 980dfd035efc4886a7ca393923c2c2783cc76a7d
2017-02-14 10:29:10 +08:00
Wes Kocher
8c4ce17711 Merge inbound to m-c a=merge
MozReview-Commit-ID: DCUf7VEDrTt
2017-02-17 13:38:51 -08:00
Vedant Sareen
7d4bd52fae Bug 1330907 - Rename Telemetry::ID to Telemetry::HistogramID. r=dexter
Changed |print("enum ID : uint32_t {", file=output)| to |print("enum HistogramID : uint32_t {", file=output)| at line 53 of the file |toolkit/components/telemetry/gen-histogram-enum.py|, and then replaced all the textual occurrences of |Telemetry::ID| to |Telemetry::HistogramID| and |ID| to |HistogramID| in 43 other files.
2017-02-16 00:45:15 +05:30
David Major
fff91cf0bf Bug 1335632 - Split out the const and mutable parts of myTrustedEVInfos. r=keeler
.rdata:    5536 bytes change
 .data:   -5760 bytes change

--HG--
extra : rebase_source : 2aa718f0744760cab5f5146d73139dace24a3225
2017-02-17 15:31:05 +13:00
David Keeler
2950b86660 bug 1339010 - ensure pinning and CT telemetry info has been initialized r=jcj
MozReview-Commit-ID: F7pOqCK145n

--HG--
extra : rebase_source : 7138aca9769f6719e35073f16b835159c7929684
2017-02-13 16:47:43 -08:00
Tom Tromey
5f8f360823 Bug 1060419 - make log_print use Printf.h, r=froydnj
MozReview-Commit-ID: BIZ1GQEZ1vs

--HG--
extra : rebase_source : 2f1f0aa12493c44f352d9a7e8683e7bb72d2d75b
2016-12-15 20:16:31 -07:00
Tom Tromey
f8ab4ddf02 Bug 1060419 - remove unneeded includes of prprf.h, r=froydnj
MozReview-Commit-ID: JifhpA3oOeH

--HG--
extra : rebase_source : 08460997dc3fd91f3065c718e17b41bb4acf8bae
2016-12-09 10:00:01 -10:00
David Major
66f98480ef Bug 1335294: Remove const from data tables under security/ for better codegen on Windows. r=keeler
MozReview-Commit-ID: 3k1Gpm0ugY2
2017-02-13 09:41:20 +13:00
David Keeler
31150dd09f bug 1335904 - disable EV treatment for TurkTrust H6 root certificate r=jcj
MozReview-Commit-ID: FzQsKAuuVcX

--HG--
extra : rebase_source : 424699fa3a680939ee047037b4f37fc48af1b680
2017-02-02 14:37:49 -08:00
David Keeler
9f9d96b6c8 bug 1307984 - enable "LuxTrust Global Root 2" for EV r=jcj
MozReview-Commit-ID: FVFHvydyb39

--HG--
extra : rebase_source : 4f12a04548b40bfac46bf97061108f5e1a978e74
2017-01-31 15:55:02 -08:00
Phil Ringnalda
0efec638f3 Merge m-c to a CLOSED TREE autoland 2017-02-01 20:42:06 -08:00
Phil Ringnalda
d20e4431d0 Backed out changeset b03c9f4ac1b0 (bug 1335294) for Windows PGO bustage
CLOSED TREE
2017-02-01 19:17:21 -08:00
David Major
369d1056a8 Bug 1335294: Add constexpr to data tables under security/ for better codegen on Windows. r=keeler
MozReview-Commit-ID: 3OMBGfLKP9I

--HG--
extra : rebase_source : 9422b385ce03ddef674167df41665224e4f9b6f3
2017-02-01 14:59:57 +13:00
Sergei Chernov
b3b80907d0 Bug 1320566 - Certificate Transparency - implement CT Policy. r=Dolske,keeler
MozReview-Commit-ID: LcMdKcgBStG

--HG--
extra : rebase_source : 38b2531e9abb8a84d32c437d13fab881f2c49f18
2017-01-09 08:22:28 +02:00
David Keeler
04becd07e6 bug 1303383 - enable 5 Amazon root CAs for EV r=jcj
MozReview-Commit-ID: JRs7CWwafSK

--HG--
extra : rebase_source : 710439bbd2814b8eddd04149172495adf0408131
2017-01-31 16:05:35 -08:00
Cykesiopka
df8dcae128 Bug 1330365 - Use mozilla::TimeStamp instead of NSPR's PRIntervalTime for OCSP timeout code. r=keeler
mozilla::TimeStamp is generally superior to PRIntervalTime, and switching lets
us get rid of yet another NSPR dependency.

This patch also:
 1. Gets rid of code in nsNSSHttpRequestSession::createFcn() that limits the
    max OCSP timeout. This is a relic from when NSS was used for OCSP requests,
    and is no longer necessary.
 2. Converts all uses of PR_NOT_REACHED() to MFBT asserts while we're nearby.

MozReview-Commit-ID: KvgOWWhP8Km

--HG--
extra : rebase_source : ea832a1acc4423cf6cfc98862af6b1c29a83ce56
2017-01-14 13:12:43 +08:00
Andrea Marchesini
359ae91eac Bug 1328653 - Merging all the various *OriginAttributes to just one, r=huseby 2017-01-12 17:38:48 +01:00