diff options
author | Moonchild <moonchild@palemoon.org> | 2020-08-28 06:46:12 +0000 |
---|---|---|
committer | Moonchild <moonchild@palemoon.org> | 2020-08-30 11:58:32 +0000 |
commit | 549c8b9283314fb98ee6f6068ad55f1ab38f7c5f (patch) | |
tree | 89f46d7bfc57fde52226e029a824ff6d23a0915c | |
parent | 77e8ba7eaf3ca00f25d0507cf17de2f50741f335 (diff) | |
download | UXP-549c8b9283314fb98ee6f6068ad55f1ab38f7c5f.tar UXP-549c8b9283314fb98ee6f6068ad55f1ab38f7c5f.tar.gz UXP-549c8b9283314fb98ee6f6068ad55f1ab38f7c5f.tar.lz UXP-549c8b9283314fb98ee6f6068ad55f1ab38f7c5f.tar.xz UXP-549c8b9283314fb98ee6f6068ad55f1ab38f7c5f.zip |
[media] Only include source error details in debugging scenarios.
Unless a user is debugging media errors, this detail is unnecessary to report
and could include sensitive data which could be abused by third-party
requesters. This aligns it with the standard success/error paradigms in normal
browsing situations.
-rw-r--r-- | dom/html/HTMLMediaElement.cpp | 14 | ||||
-rw-r--r-- | modules/libpref/init/all.js | 8 |
2 files changed, 21 insertions, 1 deletions
diff --git a/dom/html/HTMLMediaElement.cpp b/dom/html/HTMLMediaElement.cpp index bc63eab51..4abc202a8 100644 --- a/dom/html/HTMLMediaElement.cpp +++ b/dom/html/HTMLMediaElement.cpp @@ -9,6 +9,7 @@ #include "mozilla/dom/HTMLSourceElement.h" #include "mozilla/dom/ElementInlines.h" #include "mozilla/dom/Promise.h" +#include "mozilla/Preferences.h" #include "mozilla/ArrayUtils.h" #include "mozilla/MathAlgorithms.h" #include "mozilla/AsyncEventDispatcher.h" @@ -1245,7 +1246,18 @@ void HTMLMediaElement::NoSupportedMediaSourceError(const nsACString& aErrorDetai if (mDecoder) { ShutdownDecoder(); } - mErrorSink->SetError(MEDIA_ERR_SRC_NOT_SUPPORTED, aErrorDetails); + + // aErrorDetails can include sensitive details like MimeType or HTTP Status + // Code. We should not leak this and pass a Generic Error Message unless the + // user has explicitly enabled error reporting for debugging purposes. + bool reportDetails = Preferences::GetBool("media.sourceErrorDetails.enabled", false); + if (reportDetails) { + mErrorSink->SetError(MEDIA_ERR_SRC_NOT_SUPPORTED, aErrorDetails); + } else { + mErrorSink->SetError(MEDIA_ERR_SRC_NOT_SUPPORTED, + NS_LITERAL_CSTRING("Failed to open media")); + } + ChangeDelayLoadStatus(false); UpdateAudioChannelPlayingState(); RejectPromises(TakePendingPlayPromises(), NS_ERROR_DOM_MEDIA_NOT_SUPPORTED_ERR); diff --git a/modules/libpref/init/all.js b/modules/libpref/init/all.js index 7dbeec54a..672f18e22 100644 --- a/modules/libpref/init/all.js +++ b/modules/libpref/init/all.js @@ -5446,3 +5446,11 @@ pref("prompts.authentication_dialog_abuse_limit", 0); // Whether module scripts (<script type="module">) are enabled for content. pref("dom.moduleScripts.enabled", true); +// Report details when a media source error occurs? +// Enabled by default in debug builds, otherwise should be explicitly enabled +// by the user to prevent XO leaking of the response status (CVE-2020-15666) +#ifdef DEBUG +pref("media.sourceErrorDetails.enabled", true); +#else +pref("media.sourceErrorDetails.enabled", false); +#endif |