Closed
Bug 1500586
Opened 6 years ago
Closed 3 years ago
Application Cache can be poisoned via POfflineCacheUpdate by a Rogue Content Process
Categories
(Core :: DOM: Core & HTML, enhancement, P3)
Core
DOM: Core & HTML
Tracking
()
RESOLVED
INACTIVE
Fission Milestone | Future |
People
(Reporter: tjr, Unassigned)
References
(Depends on 1 open bug, Blocks 1 open bug)
Details
In PContent, POfflineCacheUpdate allows a content process to supply URIs and a principal for an offline application cache update. It seems like a rogue content process could forge the principal and possible the URIs and inject another origin's Application Cache. We should validate the principal and origin of the originating Content Process and ensure they are valid values.
Updated•6 years ago
|
Priority: -- → P3
Assignee | ||
Updated•6 years ago
|
Component: DOM → DOM: Core & HTML
Comment 2•3 years ago
|
||
Appcache was removed.
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → INACTIVE
You need to log in
before you can comment on or make changes to this bug.
Description
•