Closed Bug 1819156 Opened 2 years ago Closed 2 years ago

WebAuthn transaction IDs should be randomized

Categories

(Core :: DOM: Web Authentication, defect, P3)

Product:
Core
Component:
DOM: Web Authentication
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
112 Branch
Tracking Flags:
Tracking Status
firefox112 --- fixed

People

(Reporter: jschanck, Assigned: jschanck)

References

(Blocks 1 open bug)

Details

Attachments

(1 file)

Bug 1819156 - Assign WebAuthn transaction IDs randomly. r=keeler
48 bytes, text/x-phabricator-request
Details | Review

Bug 1696159 notes that a compromised content process can cancel a WebAuthn transaction in another process by guessing its transaction ID. The current implementation of NextID assigns IDs from a (per-process!) counter. So starting a transaction in one tab and then in another results in both transactions having ID 1. I think this is the cause of some intermittent failures in browser_abort_visibility.

Blocks: webauthn
Pushed by jschanck@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/0a46bbac2b93 Assign WebAuthn transaction IDs randomly. r=keeler

https://hg.mozilla.org/mozilla-central/rev/0a46bbac2b93

Status: NEW → RESOLVED
Closed: 2 years ago
status-firefox112: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 112 Branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: