Closed Bug 1475708 Opened 6 years ago Closed 6 years ago

Block setting cookies from trackers when restricting 3rd party storage

Tracking

()

Status:

RESOLVED FIXED

Milestone:

mozilla63

Tracking Flags:

Tracking

Status

firefox63

---

fixed

People

(Reporter: ehsan.akhgari, Assigned: ehsan.akhgari)

References

(Blocks 1 open bug)

Details

Attachments

(1 file, 1 obsolete file)

Block setting cookies using document.domain when restricting 3rd party storage 6 years ago (no longer active) 2.71 KB, patch		Details \| Diff \| Splinter Review
Block setting cookies using document.cookie when restricting 3rd party storage 6 years ago (no longer active) 2.71 KB, patch	baku : review+	Details \| Diff \| Splinter Review

(no longer active)

Assignee

Description

•

6 years ago

I highlighted this in my review comments in bug 1474651 but it was ignored.  Right now we allow attackers to set cookies using document.cookie in 3rd party contexts.

(no longer active)

Assignee

Comment 1

•

6 years ago

Attached patch Block setting cookies using document.domain when restricting 3rd party storage (obsolete) — Details — Splinter Review

Attachment #8992097 - Flags: review?(amarchesini)

(no longer active)

Assignee

Comment 2

•

6 years ago

Attached patch Block setting cookies using document.cookie when restricting 3rd party storage — Details — Splinter Review

Attachment #8992098 - Flags: review?(amarchesini)

(no longer active)

Assignee

Updated

•

6 years ago

Attachment #8992097 - Attachment is obsolete: true

Attachment #8992097 - Flags: review?(amarchesini)

(no longer active)

Assignee

Updated

•

6 years ago

Blocks: 1461921
No longer blocks: 1474651

Andrea Marchesini [:baku]

Updated

•

6 years ago

Attachment #8992098 - Flags: review?(amarchesini) → review+

(no longer active)

Assignee

Updated

•

6 years ago

Keywords: checkin-needed

Eliza Balazs [:ebalazs_]

Comment 3

•

6 years ago

I couldn't land your patch. Ehsan: Please set the issues opened by the reviewer as fixed by commit so review board allows to land them. Thank you.

Flags: needinfo?(ehsan)

Pulsebot

Comment 4

•

6 years ago

Pushed by ebalazs@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/5f39a82a042e
Block setting cookies using document.cookie when restricting 3rd party storage; r=baku

Keywords: checkin-needed

Eliza Balazs [:ebalazs_]

Updated

•

6 years ago

Flags: needinfo?(ehsan)

(no longer active)

Assignee

Comment 5

•

6 years ago

(In reply to Eliza Balazs [:ebalazs_] from comment #3)
> I couldn't land your patch. Ehsan: Please set the issues opened by the
> reviewer as fixed by commit so review board allows to land them. Thank you.

Hi Eliza, not sure what issue was the problem here, but looks like the right patch was pushed, so thanks a lot!  Let me know if any further action is needed on my part.  :-)

Bogdan Tara[:bogdan_tara | bogdant]

Comment 6

•

6 years ago

bugherder

https://hg.mozilla.org/mozilla-central/rev/5f39a82a042e

Status: NEW → RESOLVED

Closed: 6 years ago

status-firefox63: --- → fixed

Resolution: --- → FIXED

Target Milestone: --- → mozilla63

Nobody; OK to take it and work on it

Updated

•

5 years ago

Component: DOM → DOM: Core & HTML

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

Block setting cookies from trackers when restricting 3rd party storage

Categories

(Core :: DOM: Core & HTML, enhancement)

Tracking

()

People

(Reporter: ehsan.akhgari, Assigned: ehsan.akhgari)

References

(Blocks 1 open bug)

Details

Crash Data

Security

(public)

User Story

Attachments

(1 file, 1 obsolete file)

Description

Comment 1

Comment 2

Updated

Updated

Updated

Updated

Comment 3

Comment 4

Updated

Comment 5

Comment 6

Updated

Attachment

General

Description

File Name

Content Type