Open
Bug 1277597
Opened 8 years ago
Updated 2 years ago
COM security hardening in sandboxed content
Categories
(Core :: Security: Process Sandboxing, defect, P3)
Tracking
()
NEW
| Tracking | Status | |
|---|---|---|
| firefox49 | --- | affected |
People
(Reporter: bugzilla, Unassigned)
Details
We do not want sandboxed content to be able to instantiate COM objects. There are ACL rights pertaining to this stuff. 1) The sandbox should have deny access to that; 2) The COM runtime should probably not have access to the registry keys that are required to do such things; 3) Content is still calling CoCreateInstance for stuff, so we need to find those instances and remote them; 4) We still need COM to work for a11y and maybe a few other instances where we implement COM servers, though they don't call CoCreateInstance or anything. Any COM activations that we need to remote should be attached as dependencies to this bug.
|
||
Updated•8 years ago
|
Whiteboard: sbwc2 → sbwc3
|
Reporter | |
Updated•7 years ago
|
Assignee: aklotz → nobody
|
|
||
Updated•7 years ago
|
Keywords: meta
Summary: Investigate COM security in sandboxed content → [meta] COM security hardening in sandboxed content
Whiteboard: sbwc3
|
||
Comment 1•6 years ago
|
||
The meta keyword is there, the bug doesn't depend on other bugs and there is no activity for 12 months. :jimm, maybe it's time to close this bug?
Flags: needinfo?(jmathies)
|
|
||
Updated•6 years ago
|
|
|
||
Updated•6 years ago
|
Summary: [meta] COM security hardening in sandboxed content → COM security hardening in sandboxed content
|
||
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•