[meta] Download protection should look inside archive files

NEW
Unassigned

Status

()

enhancement
P3
normal
Last year
8 months ago

People

(Reporter: francois, Unassigned)

Tracking

(Depends on 3 bugs, Blocks 1 bug, {meta})

Firefox Tracking Flags

(Not tracked)

Details

A few things to note about Chrome's implementation:

- all decompressors are run in a separate "utility" process that is heavily sandboxed (and their parser code has been fuzzed too)
- they also decompress the various aliases for .zip and .dmg (e.g. .iso, .dmgpart, etc.) -- list of aliases is in the Chromium source code
- they don't recursively decompress files, but they consider a zip-within-a-zip suspicious and do a remote lookup for those
Reporter

Updated

Last year
Depends on: 1260856
Reporter

Updated

Last year
Depends on: 1167040
Reporter

Updated

Last year
No longer depends on: 1167040
Reporter

Updated

Last year
Depends on: 1475705
Reporter

Updated

Last year
Depends on: 1475706
Reporter

Updated

11 months ago
Depends on: 1480639
Keywords: meta
You need to log in before you can comment on or make changes to this bug.