Security Error: Content at about: may not load or link to {xxx}.

RESOLVED FIXED

Status

()

Core
Security: CAPS
RESOLVED FIXED
11 years ago
8 years ago

People

(Reporter: glandium, Assigned: glandium)

Tracking

({fixed1.8.1.21})

1.8 Branch
fixed1.8.1.21
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

Trying to modify the about page to make it more useful for debian, I got these security errors when trying to link to file:///, resource:/// and chrome:/// urls from about:.

I understand how loading data may be a security risk, but I fail to see how allowing *links* to file:/// from about: would be a security risk. Note that links to http:// from about: are allowed, and would be a much greater security risk...

Is there a real rationale behind this or is this just a side effect of something else ?

Comment 1

11 years ago
File:/// links are not allowed for security reasons, see <http://kb.mozillazine.org/Links_to_local_pages_don't_work>.

But maybe they should be allowed originating from about: pages, since they can't come from the outside.
Note that if I go to chrome://global/content/about.xhtml and click on the link to a file:/// url, it works.

I guess adding a test on sourceScheme.EqualsLiteral("about") to http://lxr.mozilla.org/mozilla1.8.0/source/caps/src/nsScriptSecurityManager.cpp#1352
and http://lxr.mozilla.org/mozilla1.8.0/source/caps/src/nsScriptSecurityManager.cpp#1378 would be okay.
Created attachment 250174 [details] [diff] [review]
Proposed patch for 1.8 branch

The code is pretty different on the trunk, and I'm only interested on 1.8 right now. Does it look okay to you ?
Attachment #250174 - Flags: review?(jo.hermans)

Comment 4

11 years ago
I'm sorry, but I'm not the person to ask for review. Daniel (dveditz@cruzio.com) is the module owner.
Attachment #250174 - Flags: review?(jo.hermans) → review?(dveditz)
A non-safe about: URI should already be able to link to these. See http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/caps/src/nsScriptSecurityManager.cpp&rev=1.266.2.14&mark=1260-1262#1245

So I guess this only applies to plain "about:" itself, which GetBaseURIScheme thinks is non-safe but isn't actually privileged, and that should make this a safe enough change.

Boris, any thoughts before I OK this?
The proposed patch would allow all about: URIs that are not whitelisted as "safe" to link to file:, chrome:, and resource: URIs, right?

I guess that's ok as long as we're absolutely sure that all about: implementations are either privileged or on this whitelist... the problem is that people can drop in about: implementations.

If what we care is about: itself, why not just compare the URI to about:?  I'd feel much happier with that.

As for trunk, we should do this before the betas of 1.9, I think.  We might need API changes to the new APIs to do it.

All that said, why exactly isn't about: just privileged?  This keeps coming up as an issue, as I recall -- people want to run XPConnectified script in it too...
Mike, is this still a problem on the trunk? If it is, could you supply a new patch based on the trunk?
Assignee: dveditz → mh+mozilla
I have no idea if it still is a problem. I'll give this a try in a little while.
(In reply to comment #8)
> I have no idea if it still is a problem. I'll give this a try in a little
> while.

Any update on this?
Attachment #250174 - Flags: superreview?(mrbkap)
Attachment #250174 - Flags: review?(dveditz) → review+
Comment on attachment 250174 [details] [diff] [review]
Proposed patch for 1.8 branch

r=dveditz

This is not great but OK, if you still need it. It's not going to work on the trunk in the current form. If you really want to land this please replace the tabs with spaces.

Updated

9 years ago
Attachment #250174 - Flags: superreview?(mrbkap) → superreview+
Attachment #250174 - Flags: approval1.8.1.19?
Attachment #250174 - Flags: approval1.8.1.next?
Attachment #250174 - Flags: approval1.8.1.19?
Attachment #250174 - Flags: approval1.8.1.next?
Attachment #250174 - Flags: approval1.8.1.next+
Attachment #250174 - Flags: approval1.8.0.next?
Comment on attachment 250174 [details] [diff] [review]
Proposed patch for 1.8 branch

Approved for 1.8.1.21, a=dveditz for release-drivers.
Reed: Can you please make sure this gets landed on the 1.8 branch.
Keywords: checkin-needed
Whiteboard: [needs checkin on 1.8 branch]
MOZILLA_1_8_BRANCH:

Checking in caps/src/nsScriptSecurityManager.cpp;
/cvsroot/mozilla/caps/src/nsScriptSecurityManager.cpp,v  <--  nsScriptSecurityManager.cpp
new revision: 1.266.2.28; previous revision: 1.266.2.27
done
Status: NEW → RESOLVED
Last Resolved: 8 years ago
Keywords: checkin-needed → fixed1.8.1.21
OS: Linux → All
Hardware: x86 → All
Resolution: --- → FIXED
Whiteboard: [needs checkin on 1.8 branch]
You need to log in before you can comment on or make changes to this bug.