Closed Bug 1265115 Opened 9 years ago Closed 9 years ago

Pages with internal links can bypass privilege restrictions in reader mode

Categories

(Firefox for iOS :: Browser, defect)

Product:
Firefox for iOS
Component:
Browser
Platform:
All
iOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1263627

People

(Reporter: bnicholson, Unassigned)

Details

Bug 1263627 creates a PrivilegedRequest class that we must use whenever we want to load pages from the local web server. With that fix, requests can be loaded if any of the following are true: 1. The request is not for a local resource. 2. The request is privileged. 3. The request is coming from a local page. Given #3, a site could exploit reader mode to link to SessionRestore.html with malicious JS. PoC: https://people.mozilla.org/~bnicholson/test/reader.html
Bug 1263627 isn't ready yet, so I'll just make sure this bug is fixed there.
Status: NEW → RESOLVED
Closed: 9 years ago
tracking-fxios: ? → ---
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.