Closed Bug 1029253 Opened 10 years ago Closed 9 years ago

(shumway) Redirects on policy files should be disallowed

Categories

(Firefox Graveyard :: Shumway, defect)

32 Branch
defect
Not set
major

Tracking

(Not tracked)

RESOLVED INCOMPLETE

People

(Reporter: mwobensmith, Unassigned)

References

Details

This pertains to content that loads data via flash.net.URLLoader, but likely affects all Flash data-loading APIs. Currently, Shumway supports master policy files named crossdomain.xml that are located in the root directory of a web server. However, if the file is redirected, the policy file at the final URL is honored. This should be disallowed. Policy file spec: http://www.senocular.com/pub/adobe/crossdomain/policyfiles.html
Blocks: 1029228
Severity: normal → major
Rephrased, this is a security issue. A malicious SWF could retrieve a permissive policy file from a domain it controls, and the domain could redirect to a 3rd party and/or intranet site, to perform CSRF.
Product: Firefox → Firefox Graveyard
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.