Closed
Bug 1490129
Opened 6 years ago
Closed 6 years ago
PWyciwygChannel.ipdl passes principals from Content Process
Categories
(Core :: Networking: Cache, enhancement, P3)
Core
Networking: Cache
Tracking
()
RESOLVED
FIXED
People
(Reporter: tjr, Unassigned)
References
(Depends on 1 open bug, Blocks 1 open bug)
Details
(Whiteboard: [necko-triaged])
In https://searchfox.org/mozilla-central/source/netwerk/protocol/wyciwyg/PWyciwygChannel.ipdl the Init, AsyncOpen, and AppData methods take Principals, URIs, and SerializedLoadContext from the Content Process.
A rogue Content Process could provide fraudulent values for these values. I've had difficulty tracking down what the exact impact of this could be.
But it seems likely that these values need to be validated to ensure the values provided by the Content Process are permitted to come from this particular Content Process.
|
Reporter | |
Updated•6 years ago
|
Depends on: fission-ipc-map
|
||
Updated•6 years ago
|
Priority: -- → P3
Whiteboard: [necko-triaged]
|
||
Comment 1•6 years ago
|
||
This is going away in bug 1489308.
Bug 835613 looks similar in at least spirit to this.
Depends on: 1489308
|
|
||
Comment 2•6 years ago
|
||
Fixed by bug 1489308.
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•