Closed Bug 1494458 Opened 6 years ago Closed 5 years ago

PAsmJSCacheEntry can be constructed with fraudulent principal, origin, private browsing id

Tracking

()

Status:

RESOLVED DUPLICATE of bug 1520931

People

(Reporter: tjr, Unassigned)

References

(Depends on 1 open bug, Blocks 1 open bug)

Details

Tom Ritter [:tjr] (Back 9/5)

Reporter

Description

•

6 years ago

In PBackground.ipdl, PAsmJSCacheEntry accepts a principal and uses it to construct actors which contains those values as members. A Rogue Content Process could supply fraudulent values to these Actor Constructor and operate on another origin's data. The supplied principal should be checked to ensure that the supplied data is valid for this content process.

Luke Wagner [:luke]

Comment 1

•

6 years ago

Makes sense. FWIW, after bug 1487113, I'd like to remove dom/asmjscache entirely.

Lars T Hansen [:lth]

Updated

•

5 years ago

Depends on: 1487113

Priority: -- → P2

Luke Wagner [:luke]

Comment 2

•

5 years ago

Fixed by dom/asmjscache removal in bug 1520931.

Status: NEW → RESOLVED

Closed: 5 years ago

Resolution: --- → DUPLICATE

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

PAsmJSCacheEntry can be constructed with fraudulent principal, origin, private browsing id

Categories

(Core :: JavaScript: WebAssembly, enhancement, P2)

Tracking

()

People

(Reporter: tjr, Unassigned)

References

(Depends on 1 open bug, Blocks 1 open bug)

Details

Crash Data

Security

(public)

User Story

Description

Comment 1

Updated

Comment 2