Closed
Bug 1590068
Opened 5 years ago
Closed 2 years ago
Land fuzzing target for StructuredCloneData
Categories
(Core :: DOM: Content Processes, enhancement, P2)
Tracking
()
RESOLVED
FIXED
97 Branch
People
(Reporter: decoder, Assigned: decoder)
References
Details
(Keywords: sec-want, Whiteboard: [post-critsmash-triage][adv-main97-])
Attachments
(1 file)
We are currently testing StructuredCloneReader
in the JS engine, but it is also used outside of JS for IPC via StructuredCloneData
. Bugs in the deserialization can result in exploitable sandbox escapes and/or parent crashes.
This bug is about adding a fuzzing target for StructuredCloneData
outside of JS.
Updated•5 years ago
|
Component: IPC → DOM: Content Processes
Updated•4 years ago
|
Priority: -- → P2
Assignee | ||
Comment 1•3 years ago
|
||
Comment 2•2 years ago
•
|
||
Add fuzzing target for StructuredCloneData. r=baku,sfink
https://hg.mozilla.org/integration/autoland/rev/a2943d14c1ab21c30919ef59b056b84a812be565
https://hg.mozilla.org/mozilla-central/rev/a2943d14c1ab
Fix lint failure r=fix
https://hg.mozilla.org/integration/autoland/rev/ccd7088395f4418e5be79e67c049929f9bbecb7b
https://hg.mozilla.org/mozilla-central/rev/ccd7088395f4
Status: ASSIGNED → RESOLVED
Closed: 2 years ago
status-firefox97:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 97 Branch
Updated•2 years ago
|
Updated•2 years ago
|
Flags: qe-verify-
Whiteboard: [post-critsmash-triage]
Updated•2 years ago
|
Whiteboard: [post-critsmash-triage] → [post-critsmash-triage][adv-main97-]
Updated•2 years ago
|
Group: core-security-release
You need to log in
before you can comment on or make changes to this bug.
Description
•