Open Bug 1486598 Opened 6 years ago Updated 2 days ago

Web Authn Origin Forgery through IPC

Tracking

()

Status:

NEW

Project Flags:

Fission Milestone

Future

People

(Reporter: tjr, Unassigned)

References

(Depends on 2 open bugs, Blocks 1 open bug)

Details

(Whiteboard: [domsecurity-backlog2] [webauthn])

Tom Ritter [:tjr]

Reporter

Description

•

6 years ago

While performing a cursory review of Web Authn IPC, it appears that the origin for a Web Authn request comes from the child (in Origin of WebAuthnGetAssertionInfo in https://searchfox.org/mozilla-central/source/dom/webauthn/PWebAuthnTransaction.ipdl ). In the future, we should validate that the origin provided matches the origin of the content process it comes from.

Daniel Veditz [:dveditz]

Updated

•

6 years ago

Priority: -- → P3

Whiteboard: [domsecurity-backlog2]

J.C. Jones [:jcj] (he/they)

Updated

•

6 years ago

Whiteboard: [domsecurity-backlog2] → [domsecurity-backlog2] [webauthn]

Tom Ritter [:tjr]

Reporter

Updated

•

6 years ago

Depends on: fission-ipc-map

J.C. Jones [:jcj] (he/they)

Updated

•

6 years ago

Component: DOM: Security → DOM: Web Authentication

Chris Peterson [:cpeterson]

Comment 1

•

5 years ago

This bug is not a Fission MVP blocker.

Fission Milestone: --- → Future

BMO Automation

Updated

•

2 years ago

Severity: normal → S3

John Schanck [:jschanck]

Updated

•

2 days ago

Depends on: 1945969

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Web Authn Origin Forgery through IPC

Categories

(Core :: DOM: Web Authentication, enhancement, P3)

Tracking

()

People

(Reporter: tjr, Unassigned)

References

(Depends on 2 open bugs, Blocks 1 open bug)

Details

(Whiteboard: [domsecurity-backlog2] [webauthn])

Crash Data

Security

(public)

User Story

Description

Updated

Updated

Updated

Updated

Comment 1

Updated

Updated