Closed Bug 1500586 Opened 5 years ago Closed 3 years ago
Application Cache can be poisoned via POffline
Cache Update by a Rogue Content Process
In PContent, POfflineCacheUpdate allows a content process to supply URIs and a principal for an offline application cache update. It seems like a rogue content process could forge the principal and possible the URIs and inject another origin's Application Cache. We should validate the principal and origin of the originating Content Process and ensure they are valid values.
Component: DOM → DOM: Core & HTML
Fission Milestone: --- → Future
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → INACTIVE
You need to log in before you can comment on or make changes to this bug.