Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-11-24 05:11:16 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
1c7bbf914b
gecko-dev/mfbt
History
Alex Catarineu bc96439261 Bug 461204 - Improve the random number generator for the boundaries in multipart/form-data r=smaug 
Using a weak RNG for the form boundary allows a website operator to perform several
attacks on users (as outlined in https://trac.torproject.org/projects/tor/ticket/22919)

These include:
 - Identifying Windows users based on the unseeded RNG
 - Identify the number of form submissions that have occurred cross-origin between same-origin submissions

Additionally, a predictable boundary makes it possible to forge a boundary in the middle
of a file upload.

Differential Revision: https://phabricator.services.mozilla.com/D56056

--HG--
extra : moz-landing-system : lando
2020-01-13 20:41:14 +00:00
..
double-conversion
lz4
tests Bug 1608064 - Replace Is{Rvalue,Lvalue,}Reference with <type_traits> equivalents. r=froydnj 2020-01-10 10:40:34 +00:00
Algorithm.h
Alignment.h
AllocPolicy.h
AlreadyAddRefed.h
Array.h Bug 1477756 - Initial out-of-process WebGL implementation. r=mccr8,handyman 2020-01-08 22:19:14 +00:00
ArrayUtils.h Bug 1607595 - Remove uses of mozilla::IsBaseOf. r=froydnj 2020-01-08 14:52:10 +00:00
Assertions.cpp
Assertions.h Bug 1570499 - Part 1: Replace MOZ_FALLTHROUGH macro with C++17's [[fallthrough]] attribute. r=froydnj 2019-12-20 07:16:43 +00:00
Atomics.h
Attributes.h Bug 1570499 - Part 3: Remove MOZ_FALLTHROUGH macro definition. r=froydnj 2019-12-20 07:03:27 +00:00
BinarySearch.h
BloomFilter.h
Buffer.h
BufferList.h
Casting.h
ChaosMode.cpp
ChaosMode.h
Char16.h Bug 1602452 - Make member functions of nsTStringRepr defined in header constexpr. r=froydnj 2019-12-10 08:40:48 +00:00
CheckedInt.h Bug 1607816 - Replace mozilla::{Max, Min}Value with std::numeric_limits. r=froydnj 2020-01-08 16:30:40 +00:00
Compiler.h
Compression.cpp
Compression.h
DbgMacro.h
DebugOnly.h
DefineEnum.h
DoublyLinkedList.h Bug 1607595 - Remove uses of mozilla::IsBaseOf. r=froydnj 2020-01-08 14:52:10 +00:00
EndianUtils.h Bug 1439659 - Fix inadvertent typo (that would have been immediately obvious as compile error in a big-endian build, because of this bug's change, happily). r=froydnj 2019-12-16 21:14:05 +00:00
EnumeratedArray.h
EnumeratedRange.h
EnumSet.h
EnumTypeTraits.h
fallible.h
FastBernoulliTrial.h
FloatingPoint.cpp
FloatingPoint.h
FStream.h
FunctionTypeTraits.h
GuardObjects.h
HashFunctions.cpp
HashFunctions.h
HashTable.h Backed out changeset 310c4bf09003 (bug 1604585) for build bustages on ReentrancyGuard.h 2019-12-17 20:58:26 +02:00
HelperMacros.h
IntegerPrintfMacros.h
IntegerRange.h
IntegerTypeTraits.h Bug 1607816 - Replace mozilla::{Max, Min}Value with std::numeric_limits. r=froydnj 2020-01-08 16:30:40 +00:00
JSONWriter.cpp
JSONWriter.h
JsRust.h
Latin1.h
Likely.h
LinkedList.h
LinuxSignal.h
MacroArgs.h
MacroForEach.h
MathAlgorithms.h Bug 1590907 - Remove obsolete macro MOZ_HAVE_BITSCAN64. r=froydnj 2019-11-12 21:59:25 +00:00
Maybe.h Bug 1572205 - Use a single-member union as the storage for Maybe r=jwalden 2020-01-07 23:50:31 +00:00
MaybeOneOf.h
MemoryChecking.h
MemoryReporting.h
Move.h
moz.build
NonDereferenceable.h
NotNull.h
NullPtr.h
Opaque.h
OperatorNewExtensions.h
Pair.h Bug 1607595 - Remove uses of mozilla::IsBaseOf. r=froydnj 2020-01-08 14:52:10 +00:00
Path.h
PodOperations.h
Poison.cpp
Poison.h
RandomNum.cpp Bug 461204 - Improve the random number generator for the boundaries in multipart/form-data r=smaug 2020-01-13 20:41:14 +00:00
RandomNum.h Bug 461204 - Improve the random number generator for the boundaries in multipart/form-data r=smaug 2020-01-13 20:41:14 +00:00
Range.h
RangedArray.h
RangedPtr.h Bug 1519636 - Reformat recent changes to the Google coding style r=Ehsan 2020-01-09 21:50:11 +00:00
RecordReplay.cpp Bug 1606447 - Initial landing for cloud replay, r=jlast. 2020-01-03 20:43:08 +00:00
RecordReplay.h Bug 1606447 - Initial landing for cloud replay, r=jlast. 2020-01-03 20:43:08 +00:00
ReentrancyGuard.h
RefCounted.h Bug 1607595 - Remove uses of mozilla::IsBaseOf. r=froydnj 2020-01-08 14:52:10 +00:00
RefCountType.h
RefPtr.h Bug 1600096 - Disable RefPtr conversion constructors when underlying pointer types are not convertible. r=froydnj 2019-12-11 10:11:45 +00:00
Result.h
ResultExtensions.h
ReverseIterator.h
RollingMean.h
Saturate.h
Scoped.h
ScopeExit.h
SegmentedVector.h
SHA1.cpp
SHA1.h
SharedLibrary.h
SmallPointerArray.h
Span.h Bug 1607816 - Replace mozilla::{Max, Min}Value with std::numeric_limits. r=froydnj 2020-01-08 16:30:40 +00:00
SplayTree.h
Sprintf.h
SPSCQueue.h
StaticAnalysisFunctions.h
STYLE
TaggedAnonymousMemory.cpp
TaggedAnonymousMemory.h
TemplateLib.h
TextUtils.h
ThreadLocal.h
ThreadSafeWeakPtr.h Bug 1607595 - Remove uses of mozilla::IsBaseOf. r=froydnj 2020-01-08 14:52:10 +00:00
ToString.h
Tuple.h
TypedEnumBits.h
Types.h
TypeTraits.h Bug 1608064 - Replace Is{Rvalue,Lvalue,}Reference with <type_traits> equivalents. r=froydnj 2020-01-10 10:40:34 +00:00
UniquePtr.h Bug 1608064 - Replace Is{Rvalue,Lvalue,}Reference with <type_traits> equivalents. r=froydnj 2020-01-10 10:40:34 +00:00
UniquePtrExtensions.cpp
UniquePtrExtensions.h
Unused.cpp
Unused.h
Utf8.cpp
Utf8.h Bug 1607816 - Replace mozilla::{Max, Min}Value with std::numeric_limits. r=froydnj 2020-01-08 16:30:40 +00:00
Variant.h
Vector.h
WeakPtr.h Bug 1607595 - Remove uses of mozilla::IsBaseOf. r=froydnj 2020-01-08 14:52:10 +00:00
WindowsVersion.h
WrappingOperations.h
XorShift128PlusRNG.h