(shumway) Redirects on policy files should be disallowed

RESOLVED INCOMPLETE

Status

Firefox Graveyard
Shumway
--
major
RESOLVED INCOMPLETE
4 years ago
2 years ago

People

(Reporter: mwobensmith, Unassigned)

Tracking

32 Branch
Dependency tree / graph

Details

This pertains to content that loads data via flash.net.URLLoader, but likely affects all Flash data-loading APIs.

Currently, Shumway supports master policy files named crossdomain.xml that are located in the root directory of a web server. However, if the file is redirected, the policy file at the final URL is honored. This should be disallowed.

Policy file spec:
http://www.senocular.com/pub/adobe/crossdomain/policyfiles.html
(Reporter)

Updated

4 years ago
Blocks: 1029228
(Reporter)

Updated

4 years ago
Severity: normal → major
Blocks: 1037580
Rephrased, this is a security issue. A malicious SWF could retrieve a permissive policy file from a domain it controls, and the domain could redirect to a 3rd party and/or intranet site, to perform CSRF.
(Assignee)

Updated

2 years ago
Product: Firefox → Firefox Graveyard
Status: NEW → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.