Closed Bug 1793966 Opened 2 years ago Closed 1 year ago

Enable low privileged application container on MF Media Engine utility process

Categories

(Core :: Security: Process Sandboxing, enhancement, P2)

Product:
Core
Component:
Security: Process Sandboxing
Platform:
All
Windows
Type:
enhancement

Tracking

()

Status:
RESOLVED FIXED
Milestone:
121 Branch
Tracking Flags:
Tracking Status
firefox121 --- fixed

People

(Reporter: bobowen, Assigned: bobowen)

References

(Blocks 3 open bugs)

Details

Attachments

(1 file)

Bug 1793966: Enable low privileged application container on MF Media Engine utility process. r=handyman!
48 bytes, text/x-phabricator-request
Details | Review

We need to relax other parts of the windows process sandbox for the MF Media Engine.
This is because of the coarse grained approach that many of these security features take, where access required for certain things means a wide range of other unrelated access is also allowed.
To improve this situation and restrengthen the sandbox we want to enable a Low Privileged Application Container. This should allow us to only enable access to a more focussed set of resources.

Depends on: 1793967
Depends on: 1793968
Depends on: 1793969
Depends on: 1793972
Severity: -- → N/A
Priority: -- → P2
Depends on: 1797768
Depends on: 1797769
Depends on: 1815711
Blocks: mfcdm
Group: mozilla-employee-confidential
Pushed by bobowencode@gmail.com: https://hg.mozilla.org/integration/autoland/rev/362c853f3879 Enable low privileged application container on MF Media Engine utility process. r=handyman
Regressions: 1863408

https://hg.mozilla.org/mozilla-central/rev/362c853f3879

Status: ASSIGNED → RESOLVED
Closed: 1 year ago
status-firefox121: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 121 Branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: