Open
Bug 1490475
Opened 6 years ago
Updated 2 years ago
deviceIds can be obtained cross-origin by a rogue content process
Categories
(Core :: Audio/Video: Recording, enhancement, P3)
Core
Audio/Video: Recording
Tracking
()
NEW
Fission Milestone | Future |
People
(Reporter: tjr, Unassigned)
References
(Depends on 1 open bug, Blocks 1 open bug)
Details
In dom/media/systemservices/PMedia.ipdl, the GetPrincipalKey accepts a Principal and will return deviceIds based on that Principal.
A rogue Content Process could call this API with a fraudulent Principal and retrieve an identifier that would be able to link users cross-origin. We should validate that the principal provided by the content process is permissible by the Content Process that supplied it.
Updated•6 years ago
|
Priority: -- → P3
Reporter | ||
Updated•6 years ago
|
Depends on: fission-ipc-map
Comment 2•6 years ago
|
||
This appears to be part of a larger fission-ipc effort which will likely drive priority.
By itself, P3 seems appropriate, since the value of obtaining a different origin's deviceId seems very low, at least compared to related risks like our camera permission sandbox kludge which looks unchanged since bug 1177242 comment 8 and AFAICT still suffers from origin spoofing for users who have granted persistent permission to at least one site. It might benefit from bug 1491018. Tom, do we want a new bug on that?
Flags: needinfo?(jib) → needinfo?(tom)
Reporter | ||
Comment 3•6 years ago
|
||
(In reply to Jan-Ivar Bruaroey [:jib] (needinfo? me) from comment #2)
> This appears to be part of a larger fission-ipc effort which will likely
> drive priority.
> ...
> By itself, P3 seems appropriate
P3, yes.
> since the value of obtaining a different
> origin's deviceId seems very low, at least compared to related risks like
> our camera permission sandbox kludge which looks unchanged since bug 1177242
> comment 8 and AFAICT still suffers from origin spoofing for users who have
> granted persistent permission to at least one site. It might benefit from bug 1491018. Tom, do we want a new bug on that?
Yes, definetly. When we have more of Fission done, and Bug 1491018, we should be able to assertively validate the requesting origin for camera/mic access in the Parent, as well as prevent origin spoofing. I can file a bug if you like, but you'd probably be able to provide better details.
Flags: needinfo?(tom)
Comment 4•6 years ago
|
||
I think what you just said covers it, so if you could file it with the right blockers that would be great, thanks! :)
Reporter | ||
Updated•6 years ago
|
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•