Open
Bug 810610
Opened 12 years ago
Updated 2 years ago
Fix security problems with TabParent::RecvPIndexedDBConstructor
Categories
(Core :: Storage: IndexedDB, defect, P5)
Tracking
()
NEW
People
(Reporter: justin.lebar+bug, Unassigned)
References
Details
We now have two security problems documented in TabParent::RecvPIndexedDBConstructor. One of them doesn't apply to any configuration we ship, so it's not a big deal. I don't know about the other one (the XXXbent below). See TabParent::RecvPIndexedDBConstructor: // XXXbent Need to make sure we have a whitelist for chrome databases! and // Verify that the child is requesting to access a database it's allowed to // see. (aASCIIOrigin here specifies a TabContext + a website origin, and // we're checking that the TabContext may access it.) // // We have to check IsBrowserOrApp() because TabContextMayAccessOrigin will // fail if we're not a browser-or-app, since aASCIIOrigin will be a plain URI, // but TabContextMayAccessOrigin will construct an extended origin using // app-id 0. Note that as written below, we allow a non browser-or-app child // to read any database. That's a security hole, but we don't ship a // configuration which creates non browser-or-app children, so it's not a big // deal.
(In reply to Justin Lebar [:jlebar] from comment #0) > // XXXbent Need to make sure we have a whitelist for chrome databases! We already took care of this with bug 805354, I just forgot to remove the comment :(
Updated•6 years ago
|
Priority: -- → P5
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•