Open
Bug 1791915
Opened 2 years ago
Updated 2 years ago
Ensure ORB can successfully block requests from compromised content process
Categories
(Core :: DOM: Networking, enhancement, P2)
Core
DOM: Networking
Tracking
()
NEW
People
(Reporter: sefeng, Unassigned)
References
(Blocks 1 open bug)
Details
(Whiteboard: [necko-triaged][orb:m2])
ORB implementation doesn't block requests with system principle, however it's possible to have a requests with system principle in compromised content processes. We need to make sure ORB can still block requests in this case.
|
Reporter | |
Updated•2 years ago
|
|
||
Comment 1•2 years ago
|
||
We did a similar thing in bug 1426353.
We can mark channels loaded from a content process, and for those we could run ORB even if they have a system principal.
Sean, do you plan to work on this?
Severity: -- → S3
Priority: -- → P2
Whiteboard: [necko-triaged]
|
|
Reporter | |
Comment 2•2 years ago
|
||
Thanks! I do plan to work on this, after bug 1785331.
|
||
Updated•2 years ago
|
Whiteboard: [necko-triaged] → [necko-triaged][orb:m?]
|
|
||
Updated•2 years ago
|
Whiteboard: [necko-triaged][orb:m?] → [necko-triaged][orb:m2]
|
||
Updated•2 years ago
|
Whiteboard: [necko-triaged][orb:m2] → [necko-triaged][orb:m2][sp3]
|
||
Updated•2 years ago
|
See Also: → https://mozilla-hub.atlassian.net/browse/SP3-182
|
|
||
Updated•2 years ago
|
See Also: https://mozilla-hub.atlassian.net/browse/SP3-182 →
Whiteboard: [necko-triaged][orb:m2][sp3] → [necko-triaged][orb:m2]
You need to log in
before you can comment on or make changes to this bug.
Description
•