Bugzilla

EncryptingOutputStream can write random contents of memory to its base stream. This can happen when original data is smaller than 4K. The stream encrypts only actual payload, but data is written to the base stream in whole 4K blocks. EncryptingOutputStream is used by IndexedDB and CacheAPI to store data on disk for private browsing, so the base stream in that case is quota::FileOutputStream, so random contents of memory can end up being stored on disk.

We have a fix for this which fills unused payload with random values.

We suggest to treat this as sec-other since Cache API in private browsing is still gated by a pref and it' still disabled by default. The issue is more serious in the Cache API case, because files stored on disk are fundamental part of the implementation. IndexedDB stores data in separate files only to support storing of DOM Blobs/Files which is not use so often.

IndexedDB in private browsing shipped in FF 115, so the fix might need to be uplifted even to ESR 115.

EncryptingOutputStream can write random contents of memory to its base stream. This can happen when original data is smaller than 4K. The stream encrypts only actual payload, but data is written to the base stream in whole 4K blocks. EncryptingOutputStream is used by IndexedDB and CacheAPI to store data on disk for private browsing, so the base stream in that case is quota::FileOutputStream, so random contents of memory can end up being stored on disk.

We have a fix for this which fills unused payload with random values.

We suggest to treat this as sec-other since Cache API in private browsing is still gated by a pref and it' still disabled by default. The issue is more serious in the Cache API case, because files stored on disk are fundamental part of the implementation. IndexedDB stores data in separate files only to support storing of DOM Blobs/Files which is not used so often.

IndexedDB in private browsing shipped in FF 115, so the fix might need to be uplifted even to ESR 115.