Open Bug 1492569 Opened 6 years ago Updated 2 years ago

PBackgroundIDBFactory.ipdl allows construction of a PBackgroundIDBFactoryRequest with content-process-supplied Principal

Tracking

()

Status:

NEW

Project Flags:

Fission Milestone

Future

People

(Reporter: tjr, Unassigned)

References

(Blocks 1 open bug)

Details

(Whiteboard: DWS_NEXT)

Tom Ritter [:tjr] (OOTO until 4/30 at least)

Reporter

Description

•

6 years ago

As far as I can tell, there is a lot of code with IndexDB that checks principals and permissions; and that principal it's using was supplied by the Content Process in mozilla-central/dom/indexedDB/PBackgroundIDBFactory.ipdl as part of FactoryRequestParams.

A rogue Content Process could supply a fraudulent principal and it seems like that _may_ enable operations on any origin's IndexDB?

Marion Daly [:mdaly]

Updated

•

6 years ago

Priority: -- → P2

Marion Daly [:mdaly]

Comment 1

•

6 years ago

:Jan, thoughts?

Flags: needinfo?(jvarga)

Jan Varga [:janv]

Comment 2

•

6 years ago

Yeah, we should fix this if possible, but I'm not sure if there's an internal API for that already.

Marion Daly [:mdaly]

Updated

•

6 years ago

Whiteboard: DWS_NEXT

Marion Daly [:mdaly]

Comment 3

•

6 years ago

Removing NI and adding to backlog

Flags: needinfo?(jvarga)

Chris Peterson [:cpeterson]

Comment 4

•

4 years ago

This bug is not a Fission MVP blocker.

Fission Milestone: --- → Future

BMO Automation

Updated

•

2 years ago

Severity: normal → S3

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

PBackgroundIDBFactory.ipdl allows construction of a PBackgroundIDBFactoryRequest with content-process-supplied Principal

Categories

(Core :: Storage: IndexedDB, defect, P2)

Tracking

()

People

(Reporter: tjr, Unassigned)

References

(Blocks 1 open bug)

Details

(Whiteboard: DWS_NEXT)

Crash Data

Security

(public)

User Story

Description

Updated

Comment 1

Comment 2

Updated

Comment 3

Comment 4

Updated