Closed Bug 1494466 Opened 3 years ago Closed 3 months ago

PBackgroundStorage::OriginsHavingData sends cross-origin data to a content process

Categories

(Core :: Storage: localStorage & sessionStorage, enhancement, P2)

enhancement

Tracking

()

RESOLVED FIXED
Fission Milestone Future

People

(Reporter: tjr, Unassigned)

References

(Blocks 1 open bug)

Details

(Whiteboard: DWS_NEXT)

In PBackgroundStorage.ipdl there is a method sending data to the child OriginsHavingData().  It appears that this sends information about all origins that have local data to the content process to be used as some part of an optimization.

As part of Fission, we should not send information about other origins to a content process.
Priority: -- → P3
Priority: P3 → P2
Whiteboard: DWS_NEXT

Andrew, can you please have someone to look into the criticality and the scope of this?

Flags: needinfo?(overholt)

Yes, I will do so in 2 weeks.

Flags: needinfo?(overholt)

Update: it'll be next week.

This will be fixed by LocalStorage NextGen. The broadcast is necessary for preloading under the current legacy implementation.

Depends on: 1539835

This bug is not a Fission MVP blocker.

This bug is about hardening localStorage against Spectre attacks.

Fission Milestone: --- → Future
No longer blocks: fission

ni to myself to revalidate this with LSNG

Flags: needinfo?(tom)

I can confirm that with LSNG enabled this no longer happens; and in Bug 1599979 we just enabled it on release.

Status: NEW → RESOLVED
Closed: 3 months ago
Depends on: 1599979
Flags: needinfo?(tom)
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.