[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #15502 [Tor Browser]: URL.createObjectURL() considered harmful

Subject: Re: [tor-bugs] #15502 [Tor Browser]: URL.createObjectURL() considered harmful
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Thu, 16 Apr 2015 02:29:33 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 15 Apr 2015 22:29:41 -0400
In-reply-to: <049.cf73e12d1d96f648a7b8ceb937bbb35d@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <049.cf73e12d1d96f648a7b8ceb937bbb35d@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#15502: URL.createObjectURL() considered harmful
-------------------------+-------------------------------------------------
     Reporter:           |      Owner:  arthuredelstein
  mikeperry              |     Status:  needs_review
         Type:  defect   |  Milestone:
     Priority:  major    |    Version:
    Component:  Tor      |   Keywords:  tbb-linkability, tbb-newnym,
  Browser                |  tbb-4.5-alpha, TorBrowserTeam201504R,
   Resolution:           |  MikePerry201504R
Actual Points:           |  Parent ID:
       Points:           |
-------------------------+-------------------------------------------------

Comment (by mikeperry):

 The tor-browser patch looks mostly ok to me, though I am a little worried
 about the use of nsContentUtils::GetDocumentFromCaller() in
 ThirdPartyUtil::GetFirstPartyHostFromCaller(). It is reminding me of
 #13027. We ultimately discovered that WebWorkers were given the correct
 Javascript context after creation, but can we explicitly test WebWorkers
 to ensure they can't access blob uris from different first party domains
 as well, just to be sure? Probably also wise to make this an actual in-
 tree test to ensure that it doesn't change on us in ff38-esr.

 I think it might also be helpful to have mcs+brade to weigh in on this
 approach.

 I filed #15703 to remind us about mediasource: and associated tests in
 ff38-esr.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15502#comment:15>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: [tor-bugs] #15703 [Tor Browser]: Isolate mediasource: URI to first party domain
Next by Author: Re: [tor-bugs] #14429 [Tor Browser]: Automated rounding of content window dimensions
Previous by thread: Re: [tor-bugs] #15502 [Tor Browser]: URL.createObjectURL() considered harmful
Next by thread: Re: [tor-bugs] #15502 [Tor Browser]: URL.createObjectURL() considered harmful
Index(es):
- Author
- Thread