Open
Bug 1490784
Opened 6 years ago
Updated 2 years ago
A rogue Content Process can enumerate User History via PQuota.ipdl
Categories
(Core :: DOM: Core & HTML, enhancement, P2)
Core
DOM: Core & HTML
Tracking
()
NEW
| Fission Milestone | Future |
People
(Reporter: tjr, Unassigned)
References
(Depends on 1 open bug, Blocks 1 open bug)
Details
https://searchfox.org/mozilla-central/source/dom/quota/PQuota.ipdl exposes methods that allows a Content Process to query for storage usage based on Principal. A rogue Content Process could create an arbitrary principal and use that to learn storage information about other origins (and from that, learn users browsing history.)
The principal sent from the Content Process should be validated to ensure it is a valid value for the Content Process.
Additionally, the 'GetAllStorageData' IPC method should be restricted from being used by a Content Process. As far as I can tell, this is never called by the Content Process - if it is then we would need to refactor that usage.
|
Reporter | |
Updated•6 years ago
|
Depends on: fission-ipc-map
|
||
Updated•6 years ago
|
Priority: -- → P2
|
Assignee | |
Updated•6 years ago
|
Component: DOM → DOM: Core & HTML
|
||
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•