Open Bug 1494447 Opened 6 years ago Updated 2 years ago

PBackgroundStorage.ipdl accepts origin data unchecked from content process

Tracking

()

Status:

NEW

Project Flags:

Fission Milestone

Future

People

(Reporter: tjr, Unassigned)

References

(Depends on 1 open bug, Blocks 1 open bug)

Details

Tom Ritter [:tjr] (OOTO until 4/30 at least)

Reporter

Description

•

6 years ago

Most of the parent messages in PBackgroundStorage.ipdl construct an origin based on data supplied by the Content Process. A Rogue Content Process could use this to add, edit, delete, or possibly read data for other origins. 

Ideally, the Actor would be refactored to have the origin as a private member so the child does not need to supply it. (When doing so, care must be taken not to construct the actor with content-process-supplied-origin data however.)

If that is not possible, the origin supplied by the content process should be validated to ensure it is a valid value for that content process.

Yaron Tausky [:ytausky]

Updated

•

6 years ago

Priority: -- → P3

Chris Peterson [:cpeterson]

Comment 1

•

4 years ago

This bug is not a Fission MVP blocker.

Fission Milestone: --- → Future

BMO Automation

Updated

•

2 years ago

Severity: normal → S3

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

PBackgroundStorage.ipdl accepts origin data unchecked from content process

Categories

(Core :: Storage: localStorage & sessionStorage, enhancement, P3)

Tracking

()

People

(Reporter: tjr, Unassigned)

References

(Depends on 1 open bug, Blocks 1 open bug)

Details

Crash Data

Security

(public)

User Story

Description

Updated

Comment 1

Updated