Closed Bug 1028766 Opened 10 years ago Closed 7 years ago

FxA's HTTP client should validate blobs originating from the server

Tracking

()

Status:

RESOLVED WONTFIX

People

(Reporter: spenrose, Unassigned)

References

Details

Sam Penrose

Reporter

Description

•

10 years ago

To defend against compromised server connections, FxAccountsHTTPClient should validate the character set of blobs coming from the server. E.g. for hex blobs, any data containing values outside [0-9][a-f][A-F] should be rejected.

Christiane Ruetten [INACTIVE]

Updated

•

10 years ago

Blocks: 997361

Julie McCracken (:julie)

Updated

•

7 years ago

Status: NEW → RESOLVED

Closed: 7 years ago

Resolution: --- → WONTFIX

BMO Automation

Updated

•

7 years ago

Product: Core → Firefox

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

FxA's HTTP client should validate blobs originating from the server

Categories

(Firefox :: Firefox Accounts, defect)

Tracking

()

People

(Reporter: spenrose, Unassigned)

References

Details

Crash Data

Security

(public)

User Story

Description

Updated

Updated

Updated