Open Bug 1960648 Opened 8 months ago Updated 7 months ago

Limit DetectJSHacks to just general.config.sandbox

Tracking

()

Status:

NEW

People

(Reporter: tschuster, Unassigned)

References

Details

Tom Schuster (MoCo) [PTO Dec 23 - Jan 4]

Reporter

Description

•

8 months ago

The function nsContentSecurityUtils::DetectJsHacks is supposed to detect users that run with custom userChromeJS modifications. The result of that function is used to weaken certain restrictions about what kind of scripts are allowed to execute.

Currently this function checks a four different preferences that can indicate the usage of userChromeJS: xpinstall.signatures.required, general.config.filename, autoadmin.global_config_url and autoadmin.failover_to_cached.

The plan is to change this to general.config.sandbox: false, which must be set when trying to load an AutoConfig without sandboxing. Exclusively for eval (and similar like new Function) we also have the additional pref security.allow_unsafe_dangerous_privileged_evil_eval introduced in Bug 1958232.

Tom Schuster (MoCo) [PTO Dec 23 - Jan 4]

Reporter

Updated

•

8 months ago

Summary: Limit DetectJSHacks to just → Limit DetectJSHacks to just general.config.sandbox

Tom Schuster (MoCo) [PTO Dec 23 - Jan 4]

Reporter

Updated

•

8 months ago

Depends on: 1960652

Tom Schuster (MoCo) [PTO Dec 23 - Jan 4]

Reporter

Updated

•

7 months ago

Bugzilla

Limit DetectJSHacks to just general.config.sandbox

Categories

(Firefox :: Security, task)

Tracking

()

People

(Reporter: tschuster, Unassigned)

References

Details

Crash Data

Security

(public)

User Story

Description

Updated

Updated

Updated