nsContentUtils::ShouldResistFingerprinting(*) methods return false if null is passed as param
Categories
(Core :: Security, defect, P2)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox75 | --- | fixed |
People
(Reporter: smaug, Assigned: jens1o)
Details
(Keywords: good-first-bug)
Attachments
(1 file)
It looks worrisome that one might be able to bypass fingerprinting check if one somehow manages to find a code path which passes null as param.
I would expect return value be ShouldResistFingerprinting();
|
||
Comment 1•6 years ago
|
||
I thought for a moment that maybe this was a poorly documented way to say "If we don't have a docshell/document, we're in the system context" but looking at callsites, that seems unlikely... I was less certain about mozilla::dom::Element::SetPointerCapture though.
Still, yes I agree I think they should defer to ShouldResistFingerprinting()
|
||
Comment 2•6 years ago
|
||
The priority flag is not set for this bug.
:wleung, could you have a look please?
For more information, please visit auto_nag documentation.
|
|
||
Updated•6 years ago
|
|
||
Comment 3•6 years ago
|
||
Hi, could I work on this bug?
|
|
||
Comment 4•6 years ago
|
||
Sorry, I forgot to set the assignee, I'm currently mentoring someone through this bug.
|
|
||
Comment 5•6 years ago
|
||
Actually, if you would like to do this, it is free and you can work on it, yes.
|
Assignee | |
Updated•6 years ago
|
|
|
Assignee | |
Comment 7•6 years ago
|
||
|
|
Assignee | |
Comment 8•5 years ago
|
||
hey :smaug, I wonder whether this is ready for landing?
|
Reporter | |
Comment 10•5 years ago
|
||
(it isn't always clear who can land patches.)
|
|
Assignee | |
Comment 11•5 years ago
|
||
At least I cannot do it. If you are unable to do it, I would request a checkin-needed note in Phrabicator. Yet if you're able to (and have the time), I'd appreciate it.
|
|
Reporter | |
Comment 12•5 years ago
|
||
I can do it :)
|
||
Comment 13•5 years ago
|
||
|
||
Comment 14•5 years ago
|
||
| bugherder | ||
Description
•