Open
Bug 1487526
Opened 6 years ago
Updated 2 years ago
Service Worker Removal Forgery through IPC
Categories
(Core :: DOM: Service Workers, enhancement, P3)
Core
DOM: Service Workers
Tracking
()
NEW
Fission Milestone | Future |
People
(Reporter: tjr, Unassigned)
References
(Depends on 1 open bug, Blocks 1 open bug)
Details
(Keywords: sec-want)
Many of the IPc methods in https://searchfox.org/mozilla-central/source/dom/serviceworkers/PServiceWorkerManager.ipdl take a Host or Origin from the child and will remove or otherwise act on Service Workers for that domain without validating the content process sending the message is authorized to act on that Service Worker.
We should validate the domain supplied from the Content Process to ensure that the message is authorized.
Updated•6 years ago
|
Priority: -- → P3
Reporter | ||
Updated•6 years ago
|
Depends on: fission-ipc-map
Reporter | ||
Updated•6 years ago
|
Updated•4 years ago
|
Summary: Service Work Removal Forgery through IPC → Service Worker Removal Forgery through IPC
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•