Closed Bug 1500586 Opened 6 years ago Closed 3 years ago

Application Cache can be poisoned via POfflineCacheUpdate by a Rogue Content Process

Tracking

()

Status:

RESOLVED INACTIVE

Project Flags:

Fission Milestone

Future

People

(Reporter: tjr, Unassigned)

References

(Depends on 1 open bug, Blocks 1 open bug)

Details

Tom Ritter [:tjr] (Back 9/5)

Reporter

Description

•

6 years ago

In PContent, POfflineCacheUpdate allows a content process to supply URIs and a principal for an offline application cache update. It seems like a rogue content process could forge the principal and possible the URIs and inject another origin's Application Cache.  

We should validate the principal and origin of the originating Content Process and ensure they are valid values.

Andrew Overholt [:overholt]

Updated

•

6 years ago

Priority: -- → P3

Nobody; OK to take it and work on it

Assignee

Updated

•

6 years ago

Component: DOM → DOM: Core & HTML

Jonathan Kingston [:jkt] he/him

Updated

•

5 years ago

Depends on: 1237782

Jonathan Kingston [:jkt] he/him

Updated

•

5 years ago

Depends on: 1584984

Chris Peterson [:cpeterson]

Comment 1

•

5 years ago

This bug is not a Fission MVP blocker.

Fission Milestone: --- → Future

Daniel Veditz [:dveditz]

Updated

•

5 years ago

Depends on: 1619673

Valentin Gosu [:valentin] (he/him)

Comment 2

•

3 years ago

Appcache was removed.

Status: NEW → RESOLVED

Closed: 3 years ago

Resolution: --- → INACTIVE

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

Application Cache can be poisoned via POfflineCacheUpdate by a Rogue Content Process

Categories

(Core :: DOM: Core & HTML, enhancement, P3)

Tracking

()

People

(Reporter: tjr, Unassigned)

References

(Depends on 1 open bug, Blocks 1 open bug)

Details

Crash Data

Security

(public)

User Story

Description

Updated

Updated

Updated

Updated

Comment 1

Updated

Comment 2