Closed
Bug 1028766
Opened 10 years ago
Closed 7 years ago
FxA's HTTP client should validate blobs originating from the server
Categories
(Firefox :: Firefox Accounts, defect)
Firefox
Firefox Accounts
Tracking
()
RESOLVED
WONTFIX
People
(Reporter: spenrose, Unassigned)
References
Details
To defend against compromised server connections, FxAccountsHTTPClient should validate the character set of blobs coming from the server. E.g. for hex blobs, any data containing values outside [0-9][a-f][A-F] should be rejected.
Updated•7 years ago
|
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → WONTFIX
Updated•7 years ago
|
Product: Core → Firefox
You need to log in
before you can comment on or make changes to this bug.
Description
•