canmove, Confirmed users
4,854
edits
Security/Reviews/PluginOverlayAPI: Difference between revisions
no edit summary
No edit summary |
No edit summary |
||
| Line 25: | Line 25: | ||
(iframe box testing http://pastebin.mozilla.org/1735309 ) | (iframe box testing http://pastebin.mozilla.org/1735309 ) | ||
|SecReview alt solutions=Alternative solution: to provide an API to the extension that will fully intercept a flash object instantiation we need: | |SecReview alt solutions=Alternative solution: to provide an API to the extension that will fully intercept a flash object instantiation we need: | ||
# add entries to the window.navigator.plugins (with the same name, descript, version and mime type as flash); | |||
# intercept/forward all <object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000"> instantiations; | |||
# and, suppress the plugins priority for the document loader factory. | |||
|SecReview solution chosen=Less intervention into existing plugin loading base (nsObjectLoadingContent) | |SecReview solution chosen=Less intervention into existing plugin loading base (nsObjectLoadingContent) | ||
|SecReview threat brainstorming=* iframe created for preview loads data: URI - inherits principal of resource:// URI which has some level of privilege - could try and use a null principal or iframe sandbox when it lands ? | |SecReview threat brainstorming=* iframe created for preview loads data: URI - inherits principal of resource:// URI which has some level of privilege - could try and use a null principal or iframe sandbox when it lands ? | ||
* preview iframe might be able to somehow interact with page/DOM after the user has decided to load the actual plugin if it's not cleaned up | * preview iframe might be able to somehow interact with page/DOM after the user has decided to load the actual plugin if it's not cleaned up | ||
}} | }} | ||
{{SecReviewActionStatus | {{SecReviewActionStatus | ||