Closed Bug 1456091 Opened 2 years ago Closed 2 years ago
cross-origin info leak by loading simpe text/plain files as <script>
i also report this to chrome and they say there is a same issue https://bugs.chromium.org/p/chromium/issues/detail?id=764010 so that i think it would be fine if firefox could also fix it
Group: firefox-core-security → dom-core-security
Component: Untriaged → DOM: Security
Product: Firefox → Core
Flags: needinfo?(dveditz) → needinfo?(evilpies)
Summary: same origin bypass (info leak) in firefox → cross-origin info leak by loading simpe text/plain files as <script>
No, we don't have a follow up bug for this. I am skeptical about blocking text/plain, especially when unknown is still quite high anyway. "CORB" (https://github.com/whatwg/fetch/issues/681) is coming, which from my understanding would not actually block this, but is at least related.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Priority: -- → P3
Actually I just found bug 1333995.
Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 1333995
See Also: → 1398886
You need to log in before you can comment on or make changes to this bug.