Closed Bug 1607483 Opened 5 years ago Closed 5 years ago

Disallow loading http(s) scripts into system privileged contexts

Categories

(Core :: DOM: Security, enhancement, P1)

enhancement

Tracking

()

RESOLVED FIXED
mozilla74
Tracking Status
firefox74 --- fixed

People

(Reporter: ckerschb, Assigned: ckerschb)

References

(Blocks 1 open bug)

Details

(Whiteboard: [domsecurity-active])

Attachments

(1 file)

We stopped loading remote documents/frames into system privileged contexts within Bug 1513445. I think we should enforce the same restrictions for scripts.

Whiteboard: [domsecurity-active]
Blocks: 1607673
Type: defect → enhancement
Pushed by cbrindusan@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/3d924e2a2e54 Disallow loading http(s) scripts into system privileged contexts. r=tjr
Flags: needinfo?(ckerschb)
Pushed by cbrindusan@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/caa23b535218 Disallow loading http(s) scripts into system privileged contexts. r=tjr

rrh - I'll take a look - thanks!

Flags: needinfo?(ckerschb)
Pushed by cbrindusan@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/ba715e09512d Disallow loading http(s) scripts into system privileged contexts. r=tjr
Status: ASSIGNED → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla74
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: