Open Bug 1950666 Opened 8 months ago Updated 3 months ago

[meta] Enforce a strict CSP for all chrome documents

Tracking

()

Status:

NEW

People

(Reporter: tschuster, Unassigned)

References

(Depends on 5 open bugs, Blocks 1 open bug)

Details

(Keywords: meta, Whiteboard: [domsecurity-meta])

Tom Schuster (MoCo)

Reporter

Description

•

8 months ago

As part of the dependencies for Bug 1935985 we already introduced a lot of strict CSPs for our chrome documents. However the original goal was mostly targeted at preventing unwanted script execution. This bug is for blocking/preventing other kinds of loads, especially style, images etc., which are less dangerous, but should still be prevented.

Tom Schuster (MoCo)

Reporter

Updated

•

8 months ago

Depends on: 1950668

Tom Schuster (MoCo)

Reporter

Updated

•

8 months ago

Depends on: 1950673

Tom Schuster (MoCo)

Reporter

Updated

•

7 months ago

Depends on: 1955233

Tom Schuster (MoCo)

Reporter

Updated

•

7 months ago

Depends on: 1955203

Tom Schuster (MoCo)

Reporter

Updated

•

6 months ago

Blocks: harden-security-landscape-firefox

Daniel Veditz [:dveditz] out until Nov 10

Updated

•

6 months ago

Severity: -- → N/A

Whiteboard: [domsecurity-meta]

Tom Schuster (MoCo)

Reporter

Updated

•

5 months ago

Depends on: 1966120

You need to log in before you can comment on or make changes to this bug.

Bugzilla

[meta] Enforce a strict CSP for all chrome documents

Categories

(Core :: DOM: Security, task)

Tracking

()

People

(Reporter: tschuster, Unassigned)

References

(Depends on 5 open bugs, Blocks 1 open bug)

Details

(Keywords: meta, Whiteboard: [domsecurity-meta])

Crash Data

Security

(public)

User Story

Description

Updated

Updated

Updated

Updated

Updated

Updated

Updated