mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-18 15:55:36 +00:00
8ec2442bf5
Loads targeting cross-process BrowsingContexts are by definition cross-origin, which should preclude any javascript: loads. While those loads are currently prevented by principal checks in the final target process, sending IPC messages for the attempts is unnecessary, and potentially opens a door to privilege escalation exploits by a compromised content process. This patch prevents any cross-process load requests from being sent by content processes, and adds checks in the parent process to kill any (potentially compromised) content process which attempts to send them. Differential Revision: https://phabricator.services.mozilla.com/D103529 |
||
---|---|---|
.. | ||
browser | ||
chrome | ||
iframesandbox | ||
mochitest | ||
navigation | ||
unit | ||
unit_ipc | ||
moz.build |