Clicking on search result gives 'File Not Found' error in firefox


#1

Sometimes, when clicking on search results for the new search feature instead of taking me to the webpage for the login as expected it throws up a ‘Problem loading page’ tab with the message:

File not found

Firefox can’t find the file at moz-extension://1815baeb-9ab5-452b-938e-ad55491b6e85/popup/www.<cut>.com.

    Check the file name for capitalization or other typing errors.
    Check to see if the file was moved, renamed or deleted.

It appears that this happens for entries without ‘https://’ at the start of the webpage URL. If I add that prefix to the entry it starts working. Can Kee be updated to allow for urls without ‘https://’?


#2

Technically, without http or https at the start of the string, it is not a URL. It’s possible that we can make this work somehow though, assuming it can be done without introducing any security risk resulting from the inaccurate data.

In the short term, I can only recommend updating the text in your KeePass entries URL fields to be valid URLs.

In the longer term, either we can add support for this category of invalid URL or make large-scale fixing of such URLs easy.


#3

I certainly understand the technicality, but, for better or worse, I think that in this case Kee should be following the behavior of KeePass in allowing and gracefully handling URLs without the ‘http[s]://’ designator. There doesn’t seem to be any additional security risk over using the ‘Open URL’ function in KeePass. Is there a difference between that and what Kee is doing?


#4

The two are not really related at all. KeePass will invoke a variety of specialised system calls and pass parameters to Firefox, probably via the operating system, in order to then get Firefox to open the URL. Kee is directly asking Firefox to open a URL using data it supplies.

I don’t know if there is a high likelihood of bugs in this part of Kee introducing a real security risk, and in fact I’d suspect the overall risk is lower than the far more complex and higher-privileged operation that KeePass undertakes but the end result of a page showing in the browser is pretty much the only thing the two pieces of code will have in common so it would be unsafe to make inferences from one to the other.