Open Bug 1487520 Opened 6 years ago Updated 2 years ago

Performance Info Forgery from Content Process

Tracking

()

Status:

NEW

Project Flags:

Fission Milestone

Future

People

(Reporter: tjr, Unassigned)

References

(Depends on 1 open bug, Blocks 1 open bug)

Details

(Keywords: sec-want)

Tom Ritter [:tjr] (OOTO until 4/30 at least)

Reporter

Description

•

6 years ago

(Admittedly this is a pretty low priority, but it's an illustrative example so I want to get it on file.)

The AddPerformanceMetrics method on PContent (https://searchfox.org/mozilla-central/rev/2fe43133dbc774dda668d4597174d73e3969181a/dom/ipc/PContent.ipdl#1160 ) receives an array of PerformanceInfo's, one of which members is the host the performance entry is for. (It also supplies a pid and windowId.)

There is no validation on this data before it is aggregated, allowing a rogue content process to send fraudulent values to the Parent Process.

Andrew McCreight [:mccr8]

Updated

•

6 years ago

Priority: -- → P3

Andrew McCreight [:mccr8]

Updated

•

6 years ago

Keywords: sec-want

Tom Ritter [:tjr] (OOTO until 4/30 at least)

Reporter

Updated

•

6 years ago

Depends on: fission-ipc-map

Nobody; OK to take it and work on it

Assignee

Updated

•

5 years ago

Component: DOM → DOM: Core & HTML

Chris Peterson [:cpeterson]

Comment 1

•

4 years ago

This bug is not a Fission MVP blocker.

Fission Milestone: --- → Future

BMO Automation

Updated

•

2 years ago

Severity: normal → S3

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

Performance Info Forgery from Content Process

Categories

(Core :: DOM: Core & HTML, enhancement, P3)

Tracking

()

People

(Reporter: tjr, Unassigned)

References

(Depends on 1 open bug, Blocks 1 open bug)

Details

(Keywords: sec-want)

Crash Data

Security

(public)

User Story

Description

Updated

Updated

Updated

Updated

Comment 1

Updated