Closed Bug 1500549 Opened Last year Closed Last year
TRR Blacklist does not respect Origin
The TRR Blacklist storage item stores results using a hashkey that is based only on the domain. (It respects private browsing by using two different stores). https://searchfox.org/mozilla-central/rev/9cb3e241502a2d47e2d5057ca771324a446b6695/netwerk/dns/TRRService.h#86 An attacker could correlate a user (who had TRR enabled) across containers (or first party isolation) by using DNS response tricks. The hashkey that is used to store and look up entries in the blacklist should be based off the full OriginAttributes struct, rather than simply the domain.
Assignee: nobody → daniel
Priority: -- → P2
Whiteboard: [userContextId] → [userContextId][trr][necko-triaged]
Pushed by email@example.com: https://hg.mozilla.org/integration/autoland/rev/1c9f10e217d1 make TRR Blacklist use originSuffix r=valentin
You need to log in before you can comment on or make changes to this bug.