Closed Bug 1258188 Opened 6 years ago Closed 6 years ago
XSS in the 'history' parameter of about/sessionrestore
Why is a powerful page like about:sessionrestore even callable by external content? iOS needs to implement an equivalent of CheckMayLoad() and only allow "web" schemes to be loaded from web content or external apps.
Agreed about sec-high. Filed https://bugzilla.mozilla.org/show_bug.cgi?id=1263627 to get this fixed.
Depends on: 1263627
I think the fix here will be to check the source frame and the request in decidePolicyForNavigationAction. I'll try to get a fix uplifted for 4.0.
Fixed by bug 1263627.
Status: ASSIGNED → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Setting the fxios fixed flags based on bug 1263627
You need to log in before you can comment on or make changes to this bug.