Open
Bug 781028
Opened 12 years ago
Updated 2 years ago
Audit passing null URIs in IPC.
Categories
(Core :: DOM: Core & HTML, defect, P5)
Core
DOM: Core & HTML
Tracking
()
NEW
People
(Reporter: wchen, Unassigned)
Details
Follow up for https://bugzilla.mozilla.org/show_bug.cgi?id=775377#c6 cjones: we need to audit passing null URIs cjones: sometimes that means "system principal", which has full privileges cjones: content shouldn't be able to forge that across process boundaries
Comment 1•12 years ago
|
||
It might be better to get a bit more context here. principal.URI can return null in more situations than the system principal. Indeed, the system principal will return a null URI but so do extended principals and so can regular principals.
OS: Mac OS X → All
Hardware: x86 → All
Version: unspecified → Trunk
Didn't follow that, but maybe we're not on the same page. We deserialize nsIURI here http://mxr.mozilla.org/mozilla-central/source/netwerk/ipc/NeckoMessageUtils.h#86 . The code lets null be deserialized. Is there anywhere that null nsIURI can flow that would cause harm?
Comment 3•6 years ago
|
||
https://bugzilla.mozilla.org/show_bug.cgi?id=1472046 Move all DOM bugs that haven’t been updated in more than 3 years and has no one currently assigned to P5. If you have questions, please contact :mdaly.
Priority: -- → P5
Assignee | ||
Updated•5 years ago
|
Component: DOM → DOM: Core & HTML
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•