Block setting cookies from trackers when restricting 3rd party storage

RESOLVED FIXED in Firefox 63

Status

()

enhancement
RESOLVED FIXED
11 months ago
3 months ago

People

(Reporter: Ehsan, Assigned: Ehsan)

Tracking

(Blocks 1 bug)

unspecified
mozilla63
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(firefox63 fixed)

Details

Attachments

(1 attachment, 1 obsolete attachment)

Assignee

Description

11 months ago
I highlighted this in my review comments in bug 1474651 but it was ignored.  Right now we allow attackers to set cookies using document.cookie in 3rd party contexts.
Assignee

Updated

11 months ago
Attachment #8992097 - Attachment is obsolete: true
Attachment #8992097 - Flags: review?(amarchesini)
Assignee

Updated

11 months ago
Blocks: 1461921
No longer blocks: 1474651
Attachment #8992098 - Flags: review?(amarchesini) → review+
Assignee

Updated

11 months ago
Keywords: checkin-needed
I couldn't land your patch. Ehsan: Please set the issues opened by the reviewer as fixed by commit so review board allows to land them. Thank you.
Flags: needinfo?(ehsan)

Comment 4

11 months ago
Pushed by ebalazs@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/5f39a82a042e
Block setting cookies using document.cookie when restricting 3rd party storage; r=baku
Keywords: checkin-needed
Flags: needinfo?(ehsan)
Assignee

Comment 5

11 months ago
(In reply to Eliza Balazs [:ebalazs_] from comment #3)
> I couldn't land your patch. Ehsan: Please set the issues opened by the
> reviewer as fixed by commit so review board allows to land them. Thank you.

Hi Eliza, not sure what issue was the problem here, but looks like the right patch was pushed, so thanks a lot!  Let me know if any further action is needed on my part.  :-)

Comment 6

11 months ago
bugherder
https://hg.mozilla.org/mozilla-central/rev/5f39a82a042e
Status: NEW → RESOLVED
Closed: 11 months ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla63
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.