Open
Bug 1494447
Opened 6 years ago
Updated 2 years ago
PBackgroundStorage.ipdl accepts origin data unchecked from content process
Categories
(Core :: Storage: localStorage & sessionStorage, enhancement, P3)
Core
Storage: localStorage & sessionStorage
Tracking
()
NEW
Fission Milestone | Future |
People
(Reporter: tjr, Unassigned)
References
(Depends on 1 open bug, Blocks 1 open bug)
Details
Most of the parent messages in PBackgroundStorage.ipdl construct an origin based on data supplied by the Content Process. A Rogue Content Process could use this to add, edit, delete, or possibly read data for other origins. Ideally, the Actor would be refactored to have the origin as a private member so the child does not need to supply it. (When doing so, care must be taken not to construct the actor with content-process-supplied-origin data however.) If that is not possible, the origin supplied by the content process should be validated to ensure it is a valid value for that content process.
Updated•6 years ago
|
Priority: -- → P3
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•