summaryrefslogtreecommitdiffstats
path: root/modules/libpref
diff options
context:
space:
mode:
authorMoonchild <moonchild@palemoon.org>2020-08-28 06:46:12 +0000
committerMoonchild <moonchild@palemoon.org>2020-08-30 11:58:32 +0000
commit549c8b9283314fb98ee6f6068ad55f1ab38f7c5f (patch)
tree89f46d7bfc57fde52226e029a824ff6d23a0915c /modules/libpref
parent77e8ba7eaf3ca00f25d0507cf17de2f50741f335 (diff)
downloadUXP-549c8b9283314fb98ee6f6068ad55f1ab38f7c5f.tar
UXP-549c8b9283314fb98ee6f6068ad55f1ab38f7c5f.tar.gz
UXP-549c8b9283314fb98ee6f6068ad55f1ab38f7c5f.tar.lz
UXP-549c8b9283314fb98ee6f6068ad55f1ab38f7c5f.tar.xz
UXP-549c8b9283314fb98ee6f6068ad55f1ab38f7c5f.zip
[media] Only include source error details in debugging scenarios.
Unless a user is debugging media errors, this detail is unnecessary to report and could include sensitive data which could be abused by third-party requesters. This aligns it with the standard success/error paradigms in normal browsing situations.
Diffstat (limited to 'modules/libpref')
-rw-r--r--modules/libpref/init/all.js8
1 files changed, 8 insertions, 0 deletions
diff --git a/modules/libpref/init/all.js b/modules/libpref/init/all.js
index 7dbeec54a..672f18e22 100644
--- a/modules/libpref/init/all.js
+++ b/modules/libpref/init/all.js
@@ -5446,3 +5446,11 @@ pref("prompts.authentication_dialog_abuse_limit", 0);
// Whether module scripts (<script type="module">) are enabled for content.
pref("dom.moduleScripts.enabled", true);
+// Report details when a media source error occurs?
+// Enabled by default in debug builds, otherwise should be explicitly enabled
+// by the user to prevent XO leaking of the response status (CVE-2020-15666)
+#ifdef DEBUG
+pref("media.sourceErrorDetails.enabled", true);
+#else
+pref("media.sourceErrorDetails.enabled", false);
+#endif