Closed Bug 1577284 Opened 2 years ago Closed 2 years ago

Refactor out a data: ChromeUtils.import

Categories

(Core :: DOM: Security, task, P2)

task

Tracking

()

RESOLVED FIXED
mozilla71
Tracking Status
firefox-esr60 --- wontfix
firefox-esr68 --- wontfix
firefox69 --- wontfix
firefox70 --- wontfix
firefox71 --- fixed

People

(Reporter: tjr, Assigned: tjr)

Details

(Keywords: sec-want, Whiteboard: [domsecurity-active][post-critsmash-triage][adv-main71-])

Attachments

(1 file)

https://searchfox.org/mozilla-central/rev/325c1a707819602feff736f129cb36055ba6d94f/toolkit/mozapps/extensions/AddonManager.jsm#90 uses a data: uri to perform a ChromeUtils.import()

We need to refactor this to avoid using a data: uri to accomplish this task so we can prevent loading JS from data: uris entirely.

Group: core-security → dom-core-security
Type: enhancement → task
Keywords: sec-want
Status: NEW → ASSIGNED
Priority: -- → P2
Whiteboard: [domsecurity-active]
Group: dom-core-security → core-security-release
Status: ASSIGNED → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla71
Flags: qe-verify-
Whiteboard: [domsecurity-active] → [domsecurity-active][post-critsmash-triage]
Whiteboard: [domsecurity-active][post-critsmash-triage] → [domsecurity-active][post-critsmash-triage][adv-main71-]
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.