Open Bug 810610 Opened 7 years ago Updated 2 years ago
Fix security problems with Tab
Parent::Recv PIndexed DBConstructor
We now have two security problems documented in TabParent::RecvPIndexedDBConstructor. One of them doesn't apply to any configuration we ship, so it's not a big deal. I don't know about the other one (the XXXbent below). See TabParent::RecvPIndexedDBConstructor: // XXXbent Need to make sure we have a whitelist for chrome databases! and // Verify that the child is requesting to access a database it's allowed to // see. (aASCIIOrigin here specifies a TabContext + a website origin, and // we're checking that the TabContext may access it.) // // We have to check IsBrowserOrApp() because TabContextMayAccessOrigin will // fail if we're not a browser-or-app, since aASCIIOrigin will be a plain URI, // but TabContextMayAccessOrigin will construct an extended origin using // app-id 0. Note that as written below, we allow a non browser-or-app child // to read any database. That's a security hole, but we don't ship a // configuration which creates non browser-or-app children, so it's not a big // deal.
(In reply to Justin Lebar [:jlebar] from comment #0) > // XXXbent Need to make sure we have a whitelist for chrome databases! We already took care of this with bug 805354, I just forgot to remove the comment :(
You need to log in before you can comment on or make changes to this bug.