Open Bug 781028 Opened 12 years ago Updated 2 years ago

Audit passing null URIs in IPC.

Categories

(Core :: DOM: Core & HTML, defect, P5)

Product:
Core
Component:
DOM: Core & HTML
Type:
defect

Tracking

()

People

(Reporter: wchen, Unassigned)

Details

Follow up for https://bugzilla.mozilla.org/show_bug.cgi?id=775377#c6

cjones: we need to audit passing null URIs
cjones: sometimes that means "system principal", which has full privileges
cjones: content shouldn't be able to forge that across process boundaries
It might be better to get a bit more context here.
principal.URI can return null in more situations than the system principal. Indeed, the system principal will return a null URI but so do extended principals and so can regular principals.
OS: Mac OS X → All
Hardware: x86 → All
Version: unspecified → Trunk
Didn't follow that, but maybe we're not on the same page.

We deserialize nsIURI here

http://mxr.mozilla.org/mozilla-central/source/netwerk/ipc/NeckoMessageUtils.h#86

.  The code lets null be deserialized.  Is there anywhere that null nsIURI can flow that would cause harm?
https://bugzilla.mozilla.org/show_bug.cgi?id=1472046

Move all DOM bugs that haven’t been updated in more than 3 years and has no one currently assigned to P5.

If you have questions, please contact :mdaly.
Priority: -- → P5
Component: DOM → DOM: Core & HTML
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.