Open
Bug 529345
Opened 15 years ago
Updated 3 years ago
need to ensure that updateIntervals are not negative
Categories
(Firefox :: Search, defect, P5)
Firefox
Search
Tracking
()
NEW
People
(Reporter: Gavin, Unassigned)
Details
(Whiteboard: [fxsearch])
We currently don't do much validation on updateInterval. AFAICT, someone can specify an updateInterval of -1, which will make us search for updates every six hours (every time our update timer fires). Marking security sensitive for now, but this probably isn't _that_ big of a deal...
|
||
Comment 1•15 years ago
|
||
There are updateIntervals in many different parts of the source tree. http://mxr.mozilla.org/mozilla-central/search?string=updateInterval Did you have any particular one(s) in mind?
|
Reporter | |
Comment 2•15 years ago
|
||
This bug is about the Firefox search service. That's why I filed it in Firefox :: Search.
|
||
Comment 3•15 years ago
|
||
Since 1 day is a valid setting this is only 4 times more often. how is that a security problem?
Whiteboard: [sg:needinfo] what's the security risk?
|
|
Reporter | |
Comment 4•15 years ago
|
||
You're right, it's not really. Still something we should fix though, I think.
Group: core-security
|
|
||
Updated•15 years ago
|
Whiteboard: [sg:needinfo] what's the security risk?
|
||
Updated•9 years ago
|
Priority: -- → P4
Whiteboard: [fxsearch]
|
||
Updated•9 years ago
|
Rank: 45
|
||
Updated•3 years ago
|
Severity: normal → S4
Rank: 45
Priority: P4 → P5
You need to log in
before you can comment on or make changes to this bug.
Description
•