Open Bug 1359284 Opened 7 years ago Updated 2 years ago

Web pages are not allowed to access/load images from browser, but sometimes they load them

Categories

(Core :: DOM: Security, defect, P3)

52 Branch
defect

Tracking

()

People

(Reporter: 684sigma, Unassigned)

References

Details

(Keywords: regression, Whiteboard: [domsecurity-backlog1])

Attachments

(2 files)

When testing Bug 1359282, I noticed an issue in Firefox Beta 52. It also happens in Firefox Beta 53, Nightly 55. Doesn't happen in ESR 45. Local pages are not allowed to access/load images from extensions, but sometimes they load them. Here's how to reproduce the bug. 1. Install panorama 2. Start browser with e10s disabled 3. Open attached .html page. Cancel loading of the page. 4. Ctrl+Click on the reload button in address bar Result: The page show images from extension Expected: The page should always show images, or should always hide them Each time the page doesn't show images, browser console displays this error: Security Error: Content at file:///C:/.../tabview.html may not load or link to chrome://tabgroups/skin/edit-light.png.
Has STR: --- → yes
Keywords: regression
Component: Untriaged → Extension Compatibility
1. Install panorama. 2. Start browser with e10s disabled. Open, then close tab groups frame. 3. Open attached .html page. Cancel loading of the page. 4. Ctrl+Click on the reload button in address bar Result: The page show images from extension Expected: The page should always show images, or should always hide them Mozregression-gui generaged this regression range: https://hg.mozilla.org/integration/mozilla-inbound/pushloghtml?fromchange=632811bf4b6e96b54709d125c298493d30576eb8&tochange=bf69c3219b5ef75454640e9eaf087a2650c0c0eb -> 1206961 – Use channel->AsyncOpen2() in image/imgLoader.cpp https://bugzilla.mozilla.org/show_bug.cgi?id=1206961
Blocks: 1206961
Has Regression Range: --- → yes
Flags: needinfo?(ckerschb)
Summary: Local pages are not allowed to access/load images from extensions, but sometimes they load them → Web pages are not allowed to access/load images from extensions, but sometimes they load them
1. Start browser with e10s disabled. 2. Open this url, then loading of the page - data:text/html,<div style="width: 48px;height: 48px;background-image: url('chrome://mozapps/skin/plugins/contentPluginBlocked.png');"></div> 3. Ctrl+Click on the reload button in address bar Result: The page show images from browser Expected: The page should always show images, or should always hide them
Component: Extension Compatibility → Untriaged
Summary: Web pages are not allowed to access/load images from extensions, but sometimes they load them → Web pages are not allowed to access/load images from browser, but sometimes they load them
Correction: in all scenarios it's necessary to load image at least once. So completely accurate scenarios are described in Comment #1, Comment #3. 1. Start browser with e10s disabled. 2. Open this url - chrome://mozapps/skin/plugins/contentPluginBlocked.png 3. Open this url, then cancel loading of the page - data:text/html,<div style="width: 48px;height: 48px;background-image: url('chrome://mozapps/skin/plugins/contentPluginBlocked.png');"></div> 4. Ctrl+Click on the reload button in address bar Result: The page show images from extension Expected: The page should always show images, or should always hide them Mozregression-gui generaged this regression range: https://hg.mozilla.org/integration/mozilla-inbound/pushloghtml?fromchange=632811bf4b6e96b54709d125c298493d30576eb8&tochange=bf69c3219b5ef75454640e9eaf087a2650c0c0eb -> 1206961 – Use channel->AsyncOpen2() in image/imgLoader.cpp https://bugzilla.mozilla.org/show_bug.cgi?id=1206961
Component: Untriaged → DOM: Security
Product: Firefox → Core
(In reply to 684sigma from comment #3) > Correction: in all scenarios it's necessary to load image at least once. So > completely accurate scenarios are described in Comment #1, Comment #3. > > 1. Start browser with e10s disabled. > 2. Open this url - chrome://mozapps/skin/plugins/contentPluginBlocked.png > 3. Open this url, then cancel loading of the page - data:text/html,<div > style="width: 48px;height: 48px;background-image: > url('chrome://mozapps/skin/plugins/contentPluginBlocked.png');"></div> > 4. Ctrl+Click on the reload button in address bar > > Result: The page show images from extension > Expected: The page should always show images, or should always hide them I can reproduce that problem. If you 'just' click reload it's still blocked, but if you click 'ctrl-click' it loads in the new tab. I suspect this is an artifact that we are not passing the principal from frontend to the backend code and use the fallback mechanism within docshell to generate a triggeringPrincipal. In fact loading that image should always be blocked because that particular one is not content accessible. Most likely the problem will be fixed with Bug 1333030.
Flags: needinfo?(ckerschb)
Priority: -- → P2
Whiteboard: [domsecurity-active]
Assignee: nobody → ckerschb
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Moving to p3 because no activity for at least 1 year(s). See https://github.com/mozilla/bug-handling/blob/master/policy/triage-bugzilla.md#how-do-you-triage for more information
Priority: P2 → P3
Assignee: ckerschb → nobody
Status: ASSIGNED → NEW
Whiteboard: [domsecurity-active] → [domsecurity-backlog1]
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: