Missing check before merging stored optional ExtensionPermissions with active permissions
Categories
(WebExtensions :: General, defect, P2)
Tracking
(Not tracked)
People
(Reporter: robwu, Unassigned)
References
(Blocks 1 open bug)
Details
(Whiteboard: [addons-jira])
ExtensionPermissions.jsm provides the backend to save optional extension permissions after granting them.
When an extension is installed (or started after a browser upgrade), the permissions are read from the backend, but without verifying that the extension is supposed to have the permission, at https://searchfox.org/mozilla-central/rev/86c98c486f03b598d0f80356b69163fd400ec8aa/toolkit/components/extensions/Extension.jsm#1251-1258.
This is a problem, because the storage of ExtensionPermissions could contain items that are not supposed to be part of the extension. Examples:
- In the past, bug 1522918 did not remove permissions upon uninstall.
- Bug 1766913, due to missing checks of
permissions.request()
- Removed optional permissions aren't removed from the storage when an item is removed from
optional_permissions
(orhost_permissions
?) - https://searchfox.org/mozilla-central/rev/86c98c486f03b598d0f80356b69163fd400ec8aa/toolkit/components/extensions/Extension.jsm#974-978 - The storage could have been modified externally.
In short, there can be multiple reasons for ExtensionPermissions to contain too many values, so we should filter the retrieved permissions before use (cross-check whether it's part of the manifest).
Updated•2 years ago
|
Updated•2 years ago
|
Reporter | ||
Updated•2 years ago
|
Description
•