Open Bug 1501072 Opened 6 years ago Updated 2 years ago

PContentPermissionRequest can be forged by a Rogue Content Process

Tracking

()

Status:

NEW

Project Flags:

Fission Milestone

Future

People

(Reporter: tjr, Unassigned)

References

(Depends on 1 open bug, Blocks 1 open bug)

Details

(Whiteboard: [domsecurity-backlog2])

Tom Ritter [:tjr] (OOTO until 4/30 at least)

Reporter

Description

•

6 years ago

PContent::PContentPermissionRequest accepts a principal from the content process and uses it to request and store permissions. A rogue content process could supply a fraudulent principal and potentially trick the user into granting access for a different domain.  

Alternately, I believe the Content Process could supply a principal the user has granted persistent access to and thus bypass the permission check.

We should validate the principal supplies is valid for the origins the content process is hosting.

Daniel Veditz [:dveditz]

Updated

•

6 years ago

Priority: -- → P3

Whiteboard: [domsecurity-backlog2]

Chris Peterson [:cpeterson]

Comment 1

•

4 years ago

This bug is not a Fission MVP blocker.

Fission Milestone: --- → Future

BMO Automation

Updated

•

2 years ago

Severity: normal → S3

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

PContentPermissionRequest can be forged by a Rogue Content Process

Categories

(Core :: DOM: Security, enhancement, P3)

Tracking

()

People

(Reporter: tjr, Unassigned)

References

(Depends on 1 open bug, Blocks 1 open bug)

Details

(Whiteboard: [domsecurity-backlog2])

Crash Data

Security

(public)

User Story

Description

Updated

Comment 1

Updated