Closed Bug 1195555 Opened 9 years ago Closed 6 years ago

Potential security issues with "Save Link As"

Categories

(Firefox :: Security, defect)

Product:
Firefox
Component:
Security
Version:
42 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: tanvi, Unassigned)

References

(Blocks 1 open bug)

Details

I'm filing this bug as follow from bug 1136055. Relevant comments: https://bugzilla.mozilla.org/show_bug.cgi?id=1136055#c47 https://bugzilla.mozilla.org/show_bug.cgi?id=1136055#c57 Potential issues: > * should save link as go through any security checks? Should we be calling > the Content Policy API? > * should we be passing the doc principal or system principal to loadInfo. > * save-link-as and urlSecurityCheck save-link-as goes through urlSecurityCheck. But if save-link-as goes through a redirect, urlSecurityCheck won't get called on it and we could potentially let something through we shouldn't. Gijs and I both tried testing this and have thankfully had no luck. But its something to look closer at. When we move security checks, we should set appropriate flags on LoadInfo to make sure a redirect goes through the same security checks that the original link went through for save-link-as. https://people.mozilla.org/~tvyas/https_302_chrome.html
Depends on: 1136055
Depends on: 1398229

We're now using the appropriate triggering principals here so we should be OK.

Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.