Closed
Bug 1612061
Opened 5 years ago
Closed 4 years ago
Audit DocumentChannel for cross-origin network leaks we can avoid
Categories
(Core :: Networking, task, P3)
Core
Networking
Tracking
()
RESOLVED
FIXED
| Fission Milestone | M8 |
People
(Reporter: tjr, Assigned: tjr)
References
(Blocks 2 open bugs)
Details
(Keywords: sec-audit, Whiteboard: [necko-triaged][sp3])
After DocumentChannel completes and removes itself in favor of a real channel (HttpChannelChild probably), there may be data accessible from that real channel that we don't need to expose to the content process. (e.g. referer, original uri)
|
||
Updated•5 years ago
|
Priority: -- → P3
Whiteboard: [necko-triaged]
|
||
Comment 1•5 years ago
|
||
Does this DocumentChannel bug need to block shipping Fission MVP?
Fission Milestone: --- → ?
|
||
Comment 2•5 years ago
|
||
We should do this sometime in M7 but should not block Nightly
Fission Milestone: ? → M7
|
|
||
Comment 4•4 years ago
|
||
This doesn't necessarily block Fission MVP but we can revisit this later to prioritize appropriately.
Fission Milestone: M7 → MVP
|
|
||
Updated•4 years ago
|
Assignee: nobody → tom
Status: NEW → ASSIGNED
Fission Milestone: MVP → M8
|
Assignee | |
Comment 5•4 years ago
|
||
At this point I think we can consider this done.
Status: ASSIGNED → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
|
||
Updated•2 years ago
|
Whiteboard: [necko-triaged] → [necko-triaged][sp3]
|
||
Updated•2 years ago
|
See Also: → https://mozilla-hub.atlassian.net/browse/SP3-81
You need to log in
before you can comment on or make changes to this bug.
Description
•