Open
Bug 1494459
Opened 6 years ago
Updated 2 years ago
The StorageActivity method on PBackground can be forged by a rogue content process
Categories
(Core :: Storage: localStorage & sessionStorage, enhancement, P2)
Core
Storage: localStorage & sessionStorage
Tracking
()
NEW
Fission Milestone | Future |
People
(Reporter: tjr, Unassigned)
References
(Depends on 1 open bug, Blocks 1 open bug)
Details
In PBackground, the StorageActivity method accepts a principal and (as far as I can tell) uses it to track activity on origins for the purposes of clearing site data. What it is used for, the principal is supplied by the content process, and could be fraudulent. Ideally, we could refactor PBackground so this data doesn't need to come from the content process, but at a minimum, we should validate that the principal supplied matches the content process that supplied it.
Updated•6 years ago
|
Priority: -- → P2
Assignee | ||
Updated•5 years ago
|
Component: DOM → DOM: Core & HTML
Updated•5 years ago
|
Component: DOM: Core & HTML → DOM: Web Storage
Comment 1•5 years ago
|
||
Although long term the goal is to have everything handled by QuotaManager, I think we may already be able to remove this specific control-flow path, as a quick perusal suggests currently only the ServiceWorkerRegistrar uses this path and that's already parent-process only.
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•