Open Bug 1782336 Opened 2 years ago Updated 2 years ago

Use AppContainer (Low Box token) to remove network access in the sandbox

Categories

(Core :: Security: Process Sandboxing, enhancement, P3)

Product:
Core
Component:
Security: Process Sandboxing
Platform:
Unspecified
Windows
Type:
enhancement

Tracking

()

Status:
UNCONFIRMED

People

(Reporter: Tom25519, Unassigned)

References

Details

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:103.0) Gecko/20100101 Firefox/103.0

Steps to reproduce:

https://docs.microsoft.com/en-us/windows/win32/secauthz/appcontainer-for-legacy-applications-

The AppContainer environment is a restrictive process execution environment that can be used for legacy applications to provide resource security. An application running in an AppContainer can only access resources specifically granted to it. As a result, applications implemented in an AppContainer cannot be hacked to allow malicious actions outside of the limited assigned resources.

Expected results:

I think Firefox could use it to enhance sandbox

The Bugbug bot thinks this bug should belong to the 'Core::Security: Process Sandboxing' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.

Component: Untriaged → Security: Process Sandboxing
Product: Firefox → Core

I know LPAC (low privileged app container) is on our radar but I'm not 100% sure that's the same thing.

We can roadmap this but USER_LOCKDOWN/USER_RESTRICTED are probably more important.

Severity: -- → S3
Priority: -- → P3
OS: Unspecified → Windows
Summary: Using AppContainer to enhance firefox sandbox → Use AppContainer (Low Box token) to further sandboxed processes
Version: Firefox 103 → Trunk
Summary: Use AppContainer (Low Box token) to further sandboxed processes → Use AppContainer (Low Box token) to remove network access in the sandbox
See Also: → 1783669
You need to log in before you can comment on or make changes to this bug.