Closed Bug 1500586 Opened 5 years ago Closed 2 years ago

Application Cache can be poisoned via POfflineCacheUpdate by a Rogue Content Process

Categories

(Core :: DOM: Core & HTML, enhancement, P3)

enhancement

Tracking

()

RESOLVED INACTIVE
Fission Milestone Future

People

(Reporter: tjr, Unassigned)

References

(Depends on 1 open bug, Blocks 1 open bug)

Details

In PContent, POfflineCacheUpdate allows a content process to supply URIs and a principal for an offline application cache update. It seems like a rogue content process could forge the principal and possible the URIs and inject another origin's Application Cache.  

We should validate the principal and origin of the originating Content Process and ensure they are valid values.
Priority: -- → P3
Component: DOM → DOM: Core & HTML

This bug is not a Fission MVP blocker.

Fission Milestone: --- → Future
Depends on: 1619673

Appcache was removed.

Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → INACTIVE
You need to log in before you can comment on or make changes to this bug.