Closed Bug 1607483 Opened 4 years ago Closed 4 years ago

Disallow loading http(s) scripts into system privileged contexts

Tracking

()

Status:

RESOLVED FIXED

Milestone:

mozilla74

Tracking Flags:

Tracking

Status

firefox74

---

fixed

People

(Reporter: ckerschb, Assigned: ckerschb)

References

(Blocks 1 open bug)

Details

(Whiteboard: [domsecurity-active])

Attachments

(1 file)

Bug 1607483: Disallow loading http(s) scripts into system privileged contexts. r=tjr 4 years ago Christoph Kerschbaumer [:ckerschb] 47 bytes, text/x-phabricator-request		Details \| Review

Christoph Kerschbaumer [:ckerschb]

Assignee

Description

•

4 years ago

We stopped loading remote documents/frames into system privileged contexts within Bug 1513445. I think we should enforce the same restrictions for scripts.

Christoph Kerschbaumer [:ckerschb]

Assignee

Comment 1

•

4 years ago

Attached file Bug 1607483: Disallow loading http(s) scripts into system privileged contexts. r=tjr — Details

Christoph Kerschbaumer [:ckerschb]

Assignee

Updated

•

4 years ago

Whiteboard: [domsecurity-active]

Christoph Kerschbaumer [:ckerschb]

Assignee

Updated

•

4 years ago

Blocks: 1607673

Christoph Kerschbaumer [:ckerschb]

Assignee

Updated

•

4 years ago

Type: defect → enhancement

Pulsebot

Comment 2

•

4 years ago

Pushed by cbrindusan@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/3d924e2a2e54
Disallow loading http(s) scripts into system privileged contexts. r=tjr

Narcis Beleuzu [:NarcisB]

Comment 3

•

4 years ago

Backed out for assertion failures on nsContentSecurityManager.cpp

Backout link: https://hg.mozilla.org/integration/autoland/rev/ffe0bfc6e195cbcc2bf46aece0a53ba65b23e3b6
Log link: https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=284891245&repo=autoland&lineNumber=22087

Flags: needinfo?(ckerschb)

Christoph Kerschbaumer [:ckerschb]

Assignee

Comment 4

•

4 years ago

Backout link: https://hg.mozilla.org/integration/autoland/rev/ffe0bfc6e195cbcc2bf46aece0a53ba65b23e3b6
Log link: https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=284891245&repo=autoland&lineNumber=22087

Hah, seems we are loading remote scripts in system land - I'll take a look again - thanks!

Flags: needinfo?(ckerschb)

Pulsebot

Comment 5

•

4 years ago

Pushed by cbrindusan@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/caa23b535218
Disallow loading http(s) scripts into system privileged contexts. r=tjr

Narcis Beleuzu [:NarcisB]

Comment 6

•

4 years ago

Backed out for mochitest failures on test_input.html

Backout link: https://hg.mozilla.org/integration/autoland/rev/baba8b317e929f783d0675a90a448f77ef09274e
Log link: https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=285354421&repo=autoland&lineNumber=45229

Flags: needinfo?(ckerschb)

Christoph Kerschbaumer [:ckerschb]

Assignee

Comment 7

•

4 years ago

rrh - I'll take a look - thanks!

Flags: needinfo?(ckerschb)

Pulsebot

Comment 8

•

4 years ago

Pushed by cbrindusan@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/ba715e09512d
Disallow loading http(s) scripts into system privileged contexts. r=tjr

Bogdan Tara[:bogdan_tara | bogdant]

Comment 9

•

4 years ago

bugherder

https://hg.mozilla.org/mozilla-central/rev/ba715e09512d

Status: ASSIGNED → RESOLVED

Closed: 4 years ago

status-firefox74: --- → fixed

Resolution: --- → FIXED

Target Milestone: --- → mozilla74

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

Disallow loading http(s) scripts into system privileged contexts

Categories

(Core :: DOM: Security, enhancement, P1)

Tracking

()

People

(Reporter: ckerschb, Assigned: ckerschb)

References

(Blocks 1 open bug)

Details

(Whiteboard: [domsecurity-active])

Crash Data

Security

(public)

User Story

Attachments

(1 file)

Description

Comment 1

Updated

Updated

Updated

Comment 2

Comment 3

Comment 4

Comment 5

Comment 6

Comment 7

Comment 8

Comment 9

Attachment

General

Description

File Name

Content Type