Closed
Bug 1590068
Opened 5 years ago
Closed 2 years ago
Land fuzzing target for StructuredCloneData
Categories
(Core :: DOM: Content Processes, enhancement, P2)
Tracking
()
RESOLVED
FIXED
97 Branch
People
(Reporter: decoder, Assigned: decoder)
References
Details
(Keywords: sec-want, Whiteboard: [post-critsmash-triage][adv-main97-])
Attachments
(1 file)
We are currently testing StructuredCloneReader in the JS engine, but it is also used outside of JS for IPC via StructuredCloneData. Bugs in the deserialization can result in exploitable sandbox escapes and/or parent crashes.
This bug is about adding a fuzzing target for StructuredCloneData outside of JS.
|
||
Updated•5 years ago
|
Component: IPC → DOM: Content Processes
|
||
Updated•4 years ago
|
Priority: -- → P2
|
Assignee | |
Comment 1•3 years ago
|
||
|
||
Comment 2•2 years ago
•
|
||
Add fuzzing target for StructuredCloneData. r=baku,sfink
https://hg.mozilla.org/integration/autoland/rev/a2943d14c1ab21c30919ef59b056b84a812be565
https://hg.mozilla.org/mozilla-central/rev/a2943d14c1ab
Fix lint failure r=fix
https://hg.mozilla.org/integration/autoland/rev/ccd7088395f4418e5be79e67c049929f9bbecb7b
https://hg.mozilla.org/mozilla-central/rev/ccd7088395f4
Status: ASSIGNED → RESOLVED
Closed: 2 years ago
status-firefox97:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 97 Branch
|
||
Updated•2 years ago
|
|
||
Updated•2 years ago
|
Flags: qe-verify-
Whiteboard: [post-critsmash-triage]
|
||
Updated•2 years ago
|
Whiteboard: [post-critsmash-triage] → [post-critsmash-triage][adv-main97-]
|
||
Updated•2 years ago
|
Group: core-security-release
You need to log in
before you can comment on or make changes to this bug.
Description
•