Open Bug 1495835 Opened 6 years ago Updated 2 years ago

PBroadcastChannel can be constructed by a Rogue Content Process with a fraudulent origin

Tracking

()

Status:

NEW

Project Flags:

Fission Milestone

Future

People

(Reporter: tjr, Unassigned)

References

(Depends on 1 open bug, Blocks 1 open bug)

Details

Tom Ritter [:tjr] (OOTO until 4/30 at least)

Reporter

Description

•

6 years ago

In PBackground.ipdl, PBroadcastChannel accepts a principal and an origin, and uses it to construct an actor which contains the origin as the lookup key.

It uses a CheckPrincipalRunnable to verify that the principal supplied matches the origin specified, but a rogue content process could supply a fraudulent pincipal to match the fraudulent origin to pass the check. After this, the content process could receive or send broadcast messages for other origins.

The supplied principal should be checked to ensure that the supplied data is valid for this content process.

John Dai[:jdai]

Updated

•

6 years ago

Priority: -- → P3

Nobody; OK to take it and work on it

Assignee

Updated

•

5 years ago

Component: DOM → DOM: Core & HTML

Chris Peterson [:cpeterson]

Comment 1

•

4 years ago

This bug is not a Fission MVP blocker.

Fission Milestone: --- → Future

BMO Automation

Updated

•

2 years ago

Severity: normal → S3

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

PBroadcastChannel can be constructed by a Rogue Content Process with a fraudulent origin

Categories

(Core :: DOM: Core & HTML, enhancement, P3)

Tracking

()

People

(Reporter: tjr, Unassigned)

References

(Depends on 1 open bug, Blocks 1 open bug)

Details

Crash Data

Security

(public)

User Story

Description

Updated

Updated

Comment 1

Updated