Closed Bug 820271 Opened 13 years ago Closed 13 years ago

Validate "Webapps:Uninstall" message parameters in the parent process

Categories

(Core :: DOM: Device Interfaces, defect)

x86
macOS
defect
Not set
normal

Tracking

()

RESOLVED INVALID

People

(Reporter: pauljt, Unassigned)

References

Details

Webapps.js only allows an page to uninstall apps itself (app.origin is set to current origin). Being able to craft this message allows child to uninstall any application. Parent could check that origin being unstailled is origin of sender of message - but I guess this would break the home screen. So perhaps only allow uninstall for other origins if the sender has the webapps-manager permission.
combining these.
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.