Open
Bug 1492569
Opened 6 years ago
Updated 2 years ago
PBackgroundIDBFactory.ipdl allows construction of a PBackgroundIDBFactoryRequest with content-process-supplied Principal
Categories
(Core :: Storage: IndexedDB, defect, P2)
Core
Storage: IndexedDB
Tracking
()
NEW
Fission Milestone | Future |
People
(Reporter: tjr, Unassigned)
References
(Blocks 1 open bug)
Details
(Whiteboard: DWS_NEXT)
As far as I can tell, there is a lot of code with IndexDB that checks principals and permissions; and that principal it's using was supplied by the Content Process in mozilla-central/dom/indexedDB/PBackgroundIDBFactory.ipdl as part of FactoryRequestParams. A rogue Content Process could supply a fraudulent principal and it seems like that _may_ enable operations on any origin's IndexDB?
Updated•6 years ago
|
Priority: -- → P2
Comment 2•6 years ago
|
||
Yeah, we should fix this if possible, but I'm not sure if there's an internal API for that already.
Updated•6 years ago
|
Whiteboard: DWS_NEXT
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•