Open Bug 1882259 Opened 11 months ago Updated 3 months ago

CookieService does not normalize IPv6 hosts

Categories

(Core :: Networking: Cookies, defect, P2)

Firefox 123
defect

Tracking

()

People

(Reporter: leander.schwarz, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: priv-triaged, Whiteboard: [necko-triaged])

Attachments

(1 file)

IPv6 host cookies added through the CookieService are not normalized, leading to IPv6 hosts being able to be stored multiple times in different representations (e.g. "0:0:0:0:0:0:0:1" and "::1").

If added through a HTTP channel they are normalized but brackets (e.g. "[::1]") are added around the host to disambiguate between host and port colons. While necessary for URLs this does not match the principals host representation without brackets.

To be able to store / remove / lookup IPv6 cookies correctly and consistently, the IPv6 cookie host representation should be normalized on every CookieService operation. Since internally hosts with brackets are used in multiple places, brackets should be added for IPv6 hosts as part of the normalization.

There also seems to be an inconsistency between state reported by storage/cache and cookies

Clear the severity since I am moving it to another component.

Severity: S2 → --
Component: DOM: Core & HTML → Networking: Cookies
Priority: P2 → --
Severity: -- → S3
Priority: -- → P2
Whiteboard: [necko-triaged]
Keywords: priv-triaged
Assignee: lschwarz → nobody
Status: ASSIGNED → NEW
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: