Open Bug 1490093 Opened 6 years ago Updated 2 years ago

CORS Preflight Cache can be cleared by a rogue Content Process

Tracking

()

Status:

NEW

Project Flags:

Fission Milestone

Future

People

(Reporter: tjr, Unassigned)

References

(Depends on 1 open bug, Blocks 1 open bug)

Details

(Whiteboard: [necko-triaged])

Tom Ritter [:tjr]

Reporter

Description

•

6 years ago

RemoveCorsPreflightCacheEntry in https://searchfox.org/mozilla-central/source/netwerk/protocol/http/PHttpChannel.ipdl accepts a URI and Principal from the Content Process, and uses it directly to remove entries from a static CORS Preflight Cache without verification. We should verify that the URI/Principal correspond to allowable values based on the content process the message is received from.

Tom Ritter [:tjr]

Reporter

Updated

•

6 years ago

Depends on: fission-ipc-map

Honza Bambas (:mayhemer)

Updated

•

6 years ago

Priority: -- → P3

Whiteboard: [necko-triaged]

Chris Peterson [:cpeterson]

Comment 1

•

5 years ago

This bug is not a Fission MVP blocker.

Fission Milestone: --- → Future

BMO Automation

Updated

•

2 years ago

Severity: normal → S3

You need to log in before you can comment on or make changes to this bug.

Bugzilla

CORS Preflight Cache can be cleared by a rogue Content Process

Categories

(Core :: Networking: HTTP, enhancement, P3)

Tracking

()

People

(Reporter: tjr, Unassigned)

References

(Depends on 1 open bug, Blocks 1 open bug)

Details

(Whiteboard: [necko-triaged])

Crash Data

Security

(public)

User Story

Description

Updated

Updated

Comment 1

Updated