Closed Bug 1319881 Opened 4 years ago Closed 3 months ago
47 bytes, text/x-phabricator-request
|Details | Review|
Currently UsingNeckoIPCSecurity is false or not used on all our tier-1 platforms. This flag makes check that, for example, a content process that's only used for private browsing doesn't access your non-private browsing cookies. Since the flag is disabled, the code that checks it is pretty much dead (GetValidatedOriginAttributes for example). I think we probably want to be able to enable UsingNeckoIPCSecurity at some point. However, we've seen that it causes crashes even when it's only partially enabled (bug 1317611 and bug 1289001). So if we want to turn it on we'll have to resolve those. I think we'll need to turn this flag on if we're serious about sandboxing content processes. But it's going to take a bit of investment to make it work.
Bulk change to priority: https://bugzilla.mozilla.org/show_bug.cgi?id=1399258
Priority: -- → P2
Moving to p3 because no activity for at least 1 year(s). See https://github.com/mozilla/bug-handling/blob/master/policy/triage-bugzilla.md#how-do-you-triage for more information
Priority: P2 → P3
Summary: Figure out what to do about UsingNeckoIPCSecurity → Remove UsingNeckoIPCSecurity
Pushed by firstname.lastname@example.org: https://hg.mozilla.org/integration/autoland/rev/62baa75c6241 Remove UsingNeckoIPCSecurity r=valentin,necko-reviewers
3 months ago
Depends on: 1322254
You need to log in before you can comment on or make changes to this bug.