Open
Bug 1501010
Opened 6 years ago
Updated 2 years ago
The RemovePermission, DisableNotifications IPC methods accepts a principal; which could be forged by a Rogue Content Process
Categories
(Core :: DOM: Push Subscriptions, enhancement, P3)
Core
DOM: Push Subscriptions
Tracking
()
NEW
| Fission Milestone | Future |
People
(Reporter: tjr, Unassigned)
References
(Depends on 1 open bug, Blocks 1 open bug)
Details
(Whiteboard: [domsecurity-backlog3])
This would allow a rogue content process to remove permissions from other origins. We should validate that the principal aligns with the origins the content process is hosting.
|
Reporter | |
Comment 1•6 years ago
|
||
This also applies to PContent::RemovePermission
Summary: The DisableNotifications IPC method accepts a principal; which could be forged by a Rogue Content Process → The RemovePermission, DisableNotifications IPC methods accepts a principal; which could be forged by a Rogue Content Process
|
||
Comment 2•6 years ago
|
||
I'm not sure Permissions is "DOM: Security". Wouldn't it be "Permission Manager"?
Flags: needinfo?(tom)
Whiteboard: [domsecurity-backlog3]
|
|
||
Updated•6 years ago
|
Priority: P5 → P3
|
|
Reporter | |
Comment 3•6 years ago
|
||
Just a guess, I'll let Johann decide?
Flags: needinfo?(tom) → needinfo?(jhofmann)
|
||
Comment 4•6 years ago
|
||
Yeah, it's not technically part of the permission manager but I think we can cast a bit broader net in that component (it's a quiet component). Sounds like a P3 to me, any disagreements?
Component: DOM: Security → Permission Manager
Flags: needinfo?(jhofmann)
|
|
Reporter | |
Comment 5•6 years ago
|
||
Nope, I think that's what I filed it as.
|
|
||
Comment 6•6 years ago
|
||
Actually looking at it a bit more closely I think this is better placed in DOM Notifications.
Component: Permission Manager → DOM: Push Notifications
|
||
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•