Closed
Bug 835038
Opened 11 years ago
Closed 11 years ago
Compromised content process can create TCP sockets willy nilly
Categories
(Core :: IPC, defect)
Tracking
()
People
(Reporter: jdm, Assigned: jdm)
References
Details
Attachments
(1 file)
|
1.16 KB,
patch
|
jduell.mcbugs
:
review+
lsblakk
:
approval-mozilla-b2g18+
|
Details | Diff | Splinter Review |
We don't insist on a non-null PBrowser on which to perform permission checks. This is exceedingly bad.
|
Assignee | |
Updated•11 years ago
|
blocking-b2g: --- → tef?
|
|
Assignee | |
Comment 1•11 years ago
|
||
Attachment #706776 -
Flags: review?(jduell.mcbugs)
|
||
Comment 2•11 years ago
|
||
tef- but please request approval when ready so this can be considered for uplift.
blocking-b2g: tef? → -
|
||
Updated•11 years ago
|
Attachment #706776 -
Flags: review?(jduell.mcbugs) → review+
|
|
||
Comment 3•11 years ago
|
||
Renom as tef+: this is a pretty bad security hole and the fix is trivial.
blocking-b2g: - → tef?
(In reply to Jason Duell (:jduell) from comment #3) > Renom as tef+: this is a pretty bad security hole and the fix is trivial. You probably just want to ask for approval to land, I think.
|
|
||
Comment 5•11 years ago
|
||
(In reply to Jason Duell (:jduell) from comment #3) > Renom as tef+: this is a pretty bad security hole and the fix is trivial. cc Lucas and Johnny The consensus in triage is that we do want to fix this but it is not a critical enough issue to block the release.
|
|
Assignee | |
Comment 6•11 years ago
|
||
Comment on attachment 706776 [details] [diff] [review] Ensure IPC TCP sockets always have permission checks applied. [Approval Request Comment] Bug caused by (feature/regressing bug #): 770778 User impact if declined: Compromised content could open up arbitrary TCP connections regardless of app permissions. Testing completed: Manual testing. Risk to taking this patch (and alternatives if risky): None. String or UUID changes made by this patch: None
Attachment #706776 -
Flags: approval-mozilla-b2g18?
|
||
Updated•11 years ago
|
blocking-b2g: tef? → -
tracking-b2g18:
--- → +
|
|
||
Comment 7•11 years ago
|
||
Comment on attachment 706776 [details] [diff] [review] Ensure IPC TCP sockets always have permission checks applied. Approving to land - please get this on the b2g18 relbranch as per https://wiki.mozilla.org/Release_Management/B2G_Landing#v1.0.0_2
Attachment #706776 -
Flags: approval-mozilla-b2g18? → approval-mozilla-b2g18+
|
|
||
Comment 8•11 years ago
|
||
(In reply to Lukas Blakk [:lsblakk] from comment #7) > Comment on attachment 706776 [details] [diff] [review] please get this on the b2g18_v_1_0_0 branch - not relbranch, my bad.
|
|
Assignee | |
Comment 9•11 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/770b5184d683 https://hg.mozilla.org/releases/mozilla-b2g18/rev/1ed910d7b562 https://hg.mozilla.org/releases/mozilla-b2g18_v1_0_0/rev/d45ab6621cf3
Assignee: nobody → josh
status-b2g18:
--- → fixed
status-firefox19:
--- → wontfix
status-firefox20:
--- → wontfix
status-firefox21:
--- → fixed
|
||
Comment 10•11 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/770b5184d683
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla21
|
|
||
Comment 11•11 years ago
|
||
Batch edit: Bugs fixed on b2g18 after 1/25 merge to v1.0 branch are fixed on v1.0.1 branch.
status-b2g18-v1.0.1:
--- → fixed
You need to log in
before you can comment on or make changes to this bug.
Description
•