Closed Bug 1484380 Opened 6 years ago Closed 6 years ago

[Mac] Default the Mac Flash sandbox to level 1

Categories

(Core :: Security: Process Sandboxing, defect, P1)

Product:
Core
Component:
Security: Process Sandboxing
Version:
63 Branch
Platform:
Unspecified
macOS
Type:
defect

Tracking

()

Status:
VERIFIED FIXED
Milestone:
mozilla63
Tracking Flags:
Tracking Status
firefox62 --- verified
firefox63 --- verified

People

(Reporter: haik, Assigned: haik)

References

Details

Attachments

(1 file)

Bug 1484380 - [Mac] Default the Mac Flash sandbox to level 1 r?Alex_Gaynor
46 bytes, text/x-phabricator-request
Alex_Gaynor
: review+
RyanVM
: approval-mozilla-beta+
Details | Review
Level 2 of the Mac Flash sandbox only allows file-read access after file dialog activity is triggered. However, this doesn't work reliably on older macOS versions (10.12 and earlier) and may turn out to be brittle on the OS versions it works on. This bug is to change the default to level 1.
Assignee: nobody → haftandilian
Priority: -- → P1
Comment on attachment 9002147 [details] Bug 1484380 - [Mac] Default the Mac Flash sandbox to level 1 r?Alex_Gaynor Alex Gaynor [:Alex_Gaynor] has approved the revision.
Attachment #9002147 - Flags: review+
Pushed by haftandilian@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/9c1fc2ff3a2f [Mac] Default the Mac Flash sandbox to level 1 r=Alex_Gaynor
Blocks: 1484051
https://hg.mozilla.org/mozilla-central/rev/9c1fc2ff3a2f
Status: NEW → RESOLVED
Closed: 6 years ago
status-firefox63: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla63
Comment on attachment 9002147 [details] Bug 1484380 - [Mac] Default the Mac Flash sandbox to level 1 r?Alex_Gaynor Approval Request Comment [Feature/Bug causing the regression]: Bug 1474375 "[Mac] Let Sandboxing for the Flash NPAPI plugin process ride the trains" [User impact if declined]: With the fix for bug 1484051, Mac Flash applet file dialogs appear buggy and users won't be able to select some files. [Is this code covered by automated tests?]: No [Has the fix been verified in Nightly?]: Yes [Needs manual test from QE? If yes, steps to reproduce]: No (covered by bug 1484051) [List of other uplifts needed for the feature/fix]: None, but this is needed by bug 1484051. [Is the change risky?]: No [Why is the change risky/not risky?]: It makes the Mac Flash sandbox less restrictive so it is unlikely to cause problems. [String changes made/needed]: None
Attachment #9002147 - Flags: approval-mozilla-beta?
Comment on attachment 9002147 [details] Bug 1484380 - [Mac] Default the Mac Flash sandbox to level 1 r?Alex_Gaynor Needed for the Mac Flash sandbox shipping in 62. Approved for 62.0b20.
Attachment #9002147 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
Flags: qe-verify+
Verified that Firefox 62.0b20 and latest Nightly 63.0a1 come with both 'dom.ipc.plugins.sandbox-level.flash' and 'dom.ipc.plugins.sandbox-level.default' set to value 1 after manually downloading it and after updating across various mac versions (10.12, 10.11, 10.10, also verified 10.13 and 10.14 18A371a).
status-firefox62: fixedverified
status-firefox63: fixedverified
Flags: qe-verify+
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: