Closed Bug 1029253 Opened 10 years ago Closed 8 years ago

(shumway) Redirects on policy files should be disallowed

Categories

(Firefox Graveyard :: Shumway, defect)

Product:
Firefox Graveyard
Component:
Shumway
Version:
32 Branch
Type:
defect
Priority:
Not set
Severity:
major

Tracking

(Not tracked)

Status:
RESOLVED INCOMPLETE

People

(Reporter: mwobensmith, Unassigned)

References

Details

This pertains to content that loads data via flash.net.URLLoader, but likely affects all Flash data-loading APIs.

Currently, Shumway supports master policy files named crossdomain.xml that are located in the root directory of a web server. However, if the file is redirected, the policy file at the final URL is honored. This should be disallowed.

Policy file spec:
http://www.senocular.com/pub/adobe/crossdomain/policyfiles.html
Blocks: 1029228
Severity: normal → major
Rephrased, this is a security issue. A malicious SWF could retrieve a permissive policy file from a domain it controls, and the domain could redirect to a 3rd party and/or intranet site, to perform CSRF.
Product: Firefox → Firefox Graveyard
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.