1505832 - (fission-site-sandbox) [meta] Fission Site Sandboxing Improvements

Status: NEW

(Core :: Security: Process Sandboxing, task)

Description

[Tom Ritter [:tjr] (OOTO until 9/2)]

This bug is a meta for ensuring that a compromise of evil.com's process cannot allow them to learn data about any other origin or perform actions they are not entitled to do.

It encompasses the very large fission-ipc component, but there are additional bugs that block this that are not strictly about origin checks in IPC methods.

Comment 1

[Chris Peterson [:cpeterson]]

Fission Future because Nika says this doesn't block shipping Fission MVP.

Comment 2

[demiobenour]

This should also be parity-edge because Edge is based on Chromium now.

Comment 3

[Gian-Carlo Pascutto [:gcp]]

Changing the title to reflect that we have Fission Site Sandboxing, but like all software it's not bug free.

We think the remaining cases here are not concerning enough to be worthy of our (immediate!) attention. But we're keeping this metabug open in case someone finds something serious, so they can be centrally linked.

We consider it security vulnerability if a compromised renderer can do bad things to other sites, and we would consider it for a bug bounty if it's especially bad. If it's stealing browser history or impersonating a Clear-Site-Data request or something like that - it's not a priority, but we'd still link it here to keep track of everything we know we can improve.