Closed Bug 1029262 Opened 10 years ago Closed 9 years ago

(shumway) Reject disallowed MIME types for policy files

Tracking

(Not tracked)

Status:

RESOLVED INCOMPLETE

People

(Reporter: mwobensmith, Unassigned)

References

Details

(Whiteboard: [shumway])

Matt Wobensmith [:mwobensmith][:matt:]

Reporter

Description

•

10 years ago

This pertains to content that loads data via flash.net.URLLoader, but likely affects all Flash data-loading APIs. Policy files are currently accepted in arbitrary MIME types ("foo/bar") but may only be deployed with the following: text/x-cross-domain-policy text/* application/xml application/xhtml+xml Policy file spec: http://www.adobe.com/devnet-docs/acrobatetk/tools/AppSec/CrossDomain_PolicyFile_Specification.pdf

Matt Wobensmith [:mwobensmith][:matt:]

Reporter

Updated

•

10 years ago

Blocks: 1029228

Whiteboard: [shumway]

Chris Peterson [:cpeterson]

Updated

•

10 years ago

Blocks: shumway-m4

Nobody; OK to take it and work on it

Assignee

Updated

•

9 years ago

Product: Firefox → Firefox Graveyard

Emma Humphries ☕️🎸🧞‍♀️✨ (she/they) [:emceeaich] (Pacific Time) use needinfo

Updated

•

9 years ago

Status: NEW → RESOLVED

Closed: 9 years ago

Resolution: --- → INCOMPLETE

You need to log in before you can comment on or make changes to this bug.

Bugzilla

(shumway) Reject disallowed MIME types for policy files

Categories

(Firefox Graveyard :: Shumway, defect)

Tracking

(Not tracked)

People

(Reporter: mwobensmith, Unassigned)

References

Details

(Whiteboard: [shumway])

Crash Data

Security

(public)

User Story

Description

Updated

Updated

Updated

Updated