Closed
Bug 1195555
Opened 9 years ago
Closed 6 years ago
Potential security issues with "Save Link As"
Categories
(Firefox :: Security, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: tanvi, Unassigned)
References
(Blocks 1 open bug)
Details
I'm filing this bug as follow from bug 1136055. Relevant comments:
https://bugzilla.mozilla.org/show_bug.cgi?id=1136055#c47
https://bugzilla.mozilla.org/show_bug.cgi?id=1136055#c57
Potential issues:
> * should save link as go through any security checks? Should we be calling
> the Content Policy API?
> * should we be passing the doc principal or system principal to loadInfo.
> * save-link-as and urlSecurityCheck
save-link-as goes through urlSecurityCheck. But if save-link-as goes through a redirect, urlSecurityCheck won't get called on it and we could potentially let something through we shouldn't. Gijs and I both tried testing this and have thankfully had no luck. But its something to look closer at. When we move security checks, we should set appropriate flags on LoadInfo to make sure a redirect goes through the same security checks that the original link went through for save-link-as.
https://people.mozilla.org/~tvyas/https_302_chrome.html
Comment 1•6 years ago
|
||
We're now using the appropriate triggering principals here so we should be OK.
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•