Closed Bug 1735746 Opened 3 years ago Closed 3 years ago

Block external protocol handler with sandbox.

Categories

(Core :: DOM: Security, enhancement, P3)

Product:
Core
Component:
DOM: Security
Type:
enhancement

Tracking

()

Status:
RESOLVED FIXED
Milestone:
101 Branch
Tracking Flags:
Tracking Status
firefox101 --- fixed

People

(Reporter: arthursonzogni, Assigned: pbz)

References

(Blocks 1 open bug)

Details

(Whiteboard: [domsecurity-backlog3])

Attachments

(4 files)

Bug 1735746 - Block external protocol navigation from sandboxed contexts. r=nika!,ckerschb!
48 bytes, text/x-phabricator-request
Details | Review
Bug 1735746 - Add a pref and limit external protocol sandbox blocking to Nightly. r=ckerschb!
48 bytes, text/x-phabricator-request
Details | Review
Bug 1735746 - Log an error message to the web console for blocked external protocol navigation from sandbox. r=ckerschb!
48 bytes, text/x-phabricator-request
Details | Review
Bug 1735746 - External protocol navigation sandbox tests. r=nika,ckerschb
48 bytes, text/x-phabricator-request
Details | Review

User Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.71 Safari/537.36

Steps to reproduce:

Implementation bug about a new specification:
spec: https://github.com/whatwg/html/pull/7124#pullrequestreview-778826909
whatwg/html bug: https://github.com/whatwg/html/issues/2191

Developers are surprised that sandboxed iframe can navigate and/or
redirect the user toward an external application.

General iframe navigation in the sandboxed iframe are not blocked
normally, because they stay within the iframe. However they can be seen
as a popup or a top-level navigation when it opens an external
application. In this case, it makes sense to extend the scope of sandbox
flags, and block malvertisers.

This feature gates access to external protocol from sandboxed iframe behind any of:

  • allow-popup
  • allow-top-level-navigation
  • allow-top-level-navigation-by-user-activation + UserGesture.
Status: UNCONFIRMED → NEW
Component: DOM: Navigation → DOM: Security
Ever confirmed: true

This is a real issue on mobile for app intents, too. If, as a site author, I sandbox untrusted content and don't give it permission to navigate me away, I also don't want it popping up some other app or the play store on top of me. Of course, advertising-supported sites will want to be able to grant that permission.

Severity: -- → N/A
Priority: -- → P3
Whiteboard: [domsecurity-backlog3]
Assignee: nobody → pbz
Status: NEW → ASSIGNED
Blocks: 1762420
Pushed by pzuhlcke@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/49f2e283115d Block external protocol navigation from sandboxed contexts. r=nika,ckerschb,Gijs,smaug https://hg.mozilla.org/integration/autoland/rev/9968278b9efe Add a pref and limit external protocol sandbox blocking to Nightly. r=ckerschb,farre https://hg.mozilla.org/integration/autoland/rev/3b06ed08d93b Log an error message to the web console for blocked external protocol navigation from sandbox. r=ckerschb https://hg.mozilla.org/integration/autoland/rev/703dfd92c775 External protocol navigation sandbox tests. r=nika
Pushed by pzuhlcke@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/ce3b938dce61 Block external protocol navigation from sandboxed contexts. r=nika,ckerschb,Gijs,smaug https://hg.mozilla.org/integration/autoland/rev/853b1951f8f8 Add a pref and limit external protocol sandbox blocking to Nightly. r=ckerschb,farre https://hg.mozilla.org/integration/autoland/rev/2b26f37436f9 Log an error message to the web console for blocked external protocol navigation from sandbox. r=ckerschb https://hg.mozilla.org/integration/autoland/rev/88761b7441ee External protocol navigation sandbox tests. r=nika
Regressions: 1765548
Regressions: 1765650
Flags: needinfo?(pbz)
Blocks: 1766828
Regressions: 1767277
No longer regressions: 1767277
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: