Closed
Bug 1494458
Opened 6 years ago
Closed 5 years ago
PAsmJSCacheEntry can be constructed with fraudulent principal, origin, private browsing id
Categories
(Core :: JavaScript: WebAssembly, enhancement, P2)
Core
JavaScript: WebAssembly
Tracking
()
RESOLVED
DUPLICATE
of bug 1520931
People
(Reporter: tjr, Unassigned)
References
(Depends on 1 open bug, Blocks 1 open bug)
Details
In PBackground.ipdl, PAsmJSCacheEntry accepts a principal and uses it to construct actors which contains those values as members.
A Rogue Content Process could supply fraudulent values to these Actor Constructor and operate on another origin's data. The supplied principal should be checked to ensure that the supplied data is valid for this content process.
Comment 1•6 years ago
|
||
Makes sense. FWIW, after bug 1487113, I'd like to remove dom/asmjscache entirely.
Comment 2•5 years ago
|
||
Fixed by dom/asmjscache removal in bug 1520931.
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•