Closed Bug 1607673 Opened 5 years ago Closed 5 years ago

follow-up: Do not only assert but really disallow loading http(s) scripts into system privileged contexts

Tracking

()

Status:

RESOLVED DUPLICATE of bug 1543579

People

(Reporter: ckerschb, Assigned: freddy)

References

Details

(Whiteboard: [domsecurity-active])

Christoph Kerschbaumer [:ckerschb]

Reporter

Description

•

5 years ago

No description provided.

Christoph Kerschbaumer [:ckerschb]

Reporter

Updated

•

5 years ago

Type: defect → task

Christoph Kerschbaumer [:ckerschb]

Reporter

Updated

•

5 years ago

Whiteboard: [domsecurity-active]

Frederik Braun [:freddy]

Assignee

Updated

•

5 years ago

Assignee: ckerschb → fbraun

Frederik Braun [:freddy]

Assignee

Updated

•

5 years ago

Status: ASSIGNED → RESOLVED

Closed: 5 years ago

Resolution: --- → DUPLICATE

Frederik Braun [:freddy]

Assignee

Comment 2

•

5 years ago

Bug 1613609 will turn the deny-list approach (consisting of of HTTP/HTTPS/FTP) into a default allow-list

You need to log in before you can comment on or make changes to this bug.

Bugzilla

follow-up: Do not only assert but really disallow loading http(s) scripts into system privileged contexts

Categories

(Core :: DOM: Security, task, P3)

Tracking

()

People

(Reporter: ckerschb, Assigned: freddy)

References

Details

(Whiteboard: [domsecurity-active])

Crash Data

Security

(public)

User Story

Description

Updated

Updated

Updated

Updated

Comment 2