Open Bug 1495887 Opened 6 years ago Updated 2 years ago

PDNSRequest can be constructed with a fraudulent Origin Attributes

Tracking

()

Status:

NEW

Project Flags:

Fission Milestone

Future

People

(Reporter: tjr, Unassigned)

References

(Depends on 1 open bug, Blocks 1 open bug)

Details

(Whiteboard: [necko-triaged])

Tom Ritter [:tjr] (OOTO until 4/30 at least)

Reporter

Description

•

6 years ago

In PNecko, the PDNSRequest actor can be constructed with fraudulent origin attributes by a rogue content process. The origin attributes should be checked to ensure it is a valid value based on the Content Process the message is received from.

The impact of this is decidedly low: a rogue content process can cause DNS responses to be cached for other origins, the private browsing mode, or other containers.

Daniel Stenberg [:bagder]

Updated

•

6 years ago

Whiteboard: [necko-triaged]

Chris Peterson [:cpeterson]

Comment 1

•

4 years ago

This bug is not a Fission MVP blocker.

Fission Milestone: --- → Future

BMO Automation

Updated

•

2 years ago

Severity: normal → S3

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

PDNSRequest can be constructed with a fraudulent Origin Attributes

Categories

(Core :: Networking: DNS, enhancement, P3)

Tracking

()

People

(Reporter: tjr, Unassigned)

References

(Depends on 1 open bug, Blocks 1 open bug)

Details

(Whiteboard: [necko-triaged])

Crash Data

Security

(public)

User Story

Description

Updated

Comment 1

Updated