Closed
Bug 856527
Opened 12 years ago
Closed 7 years ago
Write test to ensure that about:healthreport doesn't get chrome privileges
Categories
(Firefox Health Report Graveyard :: Client: Desktop, defect, P4)
Firefox Health Report Graveyard
Client: Desktop
Tracking
(Not tracked)
RESOLVED
INVALID
Firefox 23
People
(Reporter: mconnor, Unassigned)
Details
(Whiteboard: [measurement:client])
Popped into my head, probably overkill but worth doing at some point.
|
||
Updated•12 years ago
|
Component: Metrics and Firefox Health Report → Client: Desktop
Product: Mozilla Services → Firefox Health Report
Target Milestone: mozilla23 → ---
|
||
Updated•12 years ago
|
Component: Client: Desktop → about:healthreport
Summary: write test to ensure that about:healthreport doesn't get chrome privs → Write test to ensure that about:healthreport doesn't get chrome privileges
|
Reporter | |
Updated•12 years ago
|
Component: about:healthreport → Client: Desktop
Target Milestone: --- → Firefox 23
|
||
Updated•12 years ago
|
Component: Client: Desktop → about:healthreport
|
|
Reporter | |
Comment 1•12 years ago
|
||
This is about the wrapper, not the report.
Component: about:healthreport → Client: Desktop
|
||
Comment 2•11 years ago
|
||
Based on
http://mxr.mozilla.org/mozilla-central/source/browser/components/about/AboutRedirector.cpp#87
and the comments in Bug 904612, I think we need to be careful about the chrome privileges of the iframe created at
http://mxr.mozilla.org/mozilla-central/source/browser/base/content/abouthealthreport/abouthealth.xhtml#29
in Desktop about:healthreport.
|
||
Comment 3•11 years ago
|
||
Ugh, yeah, I guess I missed this. Setting datareporting.healthreport.about.reportUrl to data:text/html,<script>alert(Components.stack);</script> and loading about:healthreport shows that this is indeed a problem. Our use of SSL means that this is hard to exploit, but we need to fix it ASAP.
status-firefox24:
--- → affected
status-firefox25:
--- → affected
tracking-firefox24:
--- → +
tracking-firefox25:
--- → +
Summary: Write test to ensure that about:healthreport doesn't get chrome privileges → about:healthreport loads remote content in a chrome-privileged docshell
|
|
||
Comment 4•11 years ago
|
||
Wait, I'm maybe wrong about this.
|
|
||
Comment 5•11 years ago
|
||
It looks like I am wrong about this:
> Services.scriptSecurityManager.isSystemPrincipal(document.getElementById("remote-report").nodePrincipal)
true
> Services.scriptSecurityManager.isSystemPrincipal(document.getElementById("remote-report").contentWindow.document.nodePrincipal)
false
Though I'm not sure why...
|
|
||
Updated•11 years ago
|
status-firefox24:
affected → ---
status-firefox25:
affected → ---
tracking-firefox24:
+ → ---
tracking-firefox25:
+ → ---
Summary: about:healthreport loads remote content in a chrome-privileged docshell → Write test to ensure that about:healthreport doesn't get chrome privileges
|
|
||
Updated•11 years ago
|
Blocks: fxdesktopbacklog
|
||
Updated•11 years ago
|
Whiteboard: p=0
|
|
||
Updated•10 years ago
|
|
||
Updated•9 years ago
|
Assignee: mconnor → nobody
Whiteboard: p=2 → [measurement:client]
|
||
Comment 6•7 years ago
|
||
I'm marking this bug as INVALID,
because about:healthreport (Firefox Health Report) was removed in bug #1352497.
Status: NEW → RESOLVED
Closed: 7 years ago
QA Contact: Virtual
Resolution: --- → INVALID
|
||
Updated•6 years ago
|
Product: Firefox Health Report → Firefox Health Report Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•