Open
Bug 1487520
Opened 6 years ago
Updated 2 years ago
Performance Info Forgery from Content Process
Categories
(Core :: DOM: Core & HTML, enhancement, P3)
Core
DOM: Core & HTML
Tracking
()
NEW
Fission Milestone | Future |
People
(Reporter: tjr, Unassigned)
References
(Depends on 1 open bug, Blocks 1 open bug)
Details
(Keywords: sec-want)
(Admittedly this is a pretty low priority, but it's an illustrative example so I want to get it on file.)
The AddPerformanceMetrics method on PContent (https://searchfox.org/mozilla-central/rev/2fe43133dbc774dda668d4597174d73e3969181a/dom/ipc/PContent.ipdl#1160 ) receives an array of PerformanceInfo's, one of which members is the host the performance entry is for. (It also supplies a pid and windowId.)
There is no validation on this data before it is aggregated, allowing a rogue content process to send fraudulent values to the Parent Process.
Updated•6 years ago
|
Priority: -- → P3
Reporter | ||
Updated•6 years ago
|
Depends on: fission-ipc-map
Assignee | ||
Updated•6 years ago
|
Component: DOM → DOM: Core & HTML
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•