Closed Bug 1029239 Opened 11 years ago Closed 9 years ago

(shumway) Incorrect wIldcard subdomain match

Categories

(Firefox Graveyard :: Shumway, defect)

Product:
Firefox Graveyard
Component:
Shumway
Version:
32 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED INCOMPLETE

People

(Reporter: mwobensmith, Assigned: yury)

References

Details

(Whiteboard: [shumway])

Consider the case of content on http://a.b.c.com accessing a site with this policy file: <cross-domain-policy> <allow-access-from domain="*.a.b.c.com" /> </cross-domain-policy> Expected: Should load data without error Actual: Does not load, IOError generated Policy file spec - see Appendix - Domain matching: http://www.senocular.com/pub/adobe/crossdomain/policyfiles.html
Summarized.... Expected: a.b.c.com == *.a.b.c.com foo.a.b.c.com == *.a.b.c.com Actual: a.b.c.com != *.a.b.c.com foo.a.b.c.com == *.a.b.c.com Also, note that this seems to affect wildcards in the 5th token. The matching rules appear to work when using less.
Whiteboard: [shumway]
Blocks: 1029228
Till recommends that Yury look into these security issues.
Assignee: nobody → ydelendik
Product: Firefox → Firefox Graveyard
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.