Closed
Bug 1029244
Opened 10 years ago
Closed 8 years ago
(shumway) Asterisk should not be allowed in top-level domain token
Categories
(Firefox Graveyard :: Shumway, defect)
Tracking
(Not tracked)
RESOLVED
INCOMPLETE
People
(Reporter: mwobensmith, Assigned: yury)
References
Details
(Whiteboard: [shumway])
This pertains to content that loads data via flash.net.URLLoader, but likely affects all Flash data-loading APIs. Consider the case of content on http://foo.com accessing the site http://foo.org with this policy file: <cross-domain-policy> <allow-access-from domain="foo.*" /> </cross-domain-policy> Expected: Should not load - wildcard not allowed in TLD Actual: Data loads Policy file spec - see Appendix - Domain matching: http://www.senocular.com/pub/adobe/crossdomain/policyfiles.html
Updated•10 years ago
|
Blocks: shumway-m4
Comment 1•9 years ago
|
||
Till recommends that Yury look into these security issues.
Assignee: nobody → ydelendik
Updated•8 years ago
|
Product: Firefox → Firefox Graveyard
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → INCOMPLETE
You need to log in
before you can comment on or make changes to this bug.
Description
•