Closed Bug 1195555 Opened 5 years ago Closed 1 year ago

Potential security issues with "Save Link As"

Categories

(Firefox :: Security, defect)

42 Branch
defect
Not set
normal

Tracking

()

RESOLVED WORKSFORME

People

(Reporter: tanvi, Unassigned)

References

(Blocks 1 open bug)

Details

I'm filing this bug as follow from bug 1136055.  Relevant comments:

https://bugzilla.mozilla.org/show_bug.cgi?id=1136055#c47
https://bugzilla.mozilla.org/show_bug.cgi?id=1136055#c57

Potential issues:
> * should save link as go through any security checks?  Should we be calling
> the Content Policy API?
> * should we be passing the doc principal or system principal to loadInfo.
> * save-link-as and urlSecurityCheck
save-link-as goes through urlSecurityCheck.  But if save-link-as goes through a redirect, urlSecurityCheck won't get called on it and we could potentially let something through we shouldn't.  Gijs and I both tried testing this and have thankfully had no luck.  But its something to look closer at.  When we move security checks, we should set appropriate flags on LoadInfo to make sure a redirect goes through the same security checks that the original link went through for save-link-as.
https://people.mozilla.org/~tvyas/https_302_chrome.html
Depends on: 1136055
Depends on: 1398229

We're now using the appropriate triggering principals here so we should be OK.

Status: NEW → RESOLVED
Closed: 1 year ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.