Open Bug 1554277 Opened 6 years ago Updated 2 years ago

Check process source for messages in GeckoView

Categories

(GeckoView :: Extensions, task, P3)

Product:
GeckoView
Component:
Extensions
Platform:
Unspecified
All
Type:
task

Tracking

(firefox68 affected, firefox69 affected)

Tracking Flags:
Tracking Status
firefox68 --- affected
firefox69 --- affected

People

(Reporter: agi, Unassigned)

References

(Blocks 1 open bug)

Details

I'm filing this because I don't want to forget about it. This might turn into a meta bug.

Right now GeckoView's java layer seems to accept messages from all processes indiscriminately.

E.g. there doesn't seem to be a way for GeckoView to enforce that GeckoView:MediaPermission comes from the main process and not from a compromised content process.

This is even more important with multiple content processes and fission, as we should enforce that we receive messages only from GeckoSession instances that are running on a given content process.

In Gecko this is done by checking the messageManager instance, see here https://searchfox.org/mozilla-central/rev/4606c7974a68cab416c038acaedcae49eed93822/toolkit/components/extensions/ExtensionParent.jsm#370

Summary: Expose process source for messages in GeckoView → Check process source for messages in GeckoView

P3 because we only have one content process today, though it sounds like this is still an issue now when processing messages sent from the main process to itself?

E.g. there doesn't seem to be a way for GeckoView to enforce that GeckoView:MediaPermission comes from the main process and not from a compromised content process.

status-firefox68: --- → affected
status-firefox69: --- → affected
Priority: -- → P3
Blocks: webext-geckoview
No longer blocks: 1511077

Mass moving bugs to the Extension component.

Component: General → Extensions
Severity: normal → S3

Tasks should have severity N/A.

Severity: S3 → N/A
You need to log in before you can comment on or make changes to this bug.