xiaoxiaoflood
commented
1 year ago Thank you for reaching out.
I believe no code in this repo sets pref in content process, but it's good to know anyway.
Open tomrittervg opened 1 year ago
xiaoxiaoflood
commented
1 year ago Thank you for reaching out.
I believe no code in this repo sets pref in content process, but it's good to know anyway.
In https://bugzilla.mozilla.org/show_bug.cgi?id=1772345 I just enabled two new prefs that will sanitize preference strings in content processes. Some of the logic used there is "If it's string pref, and a dynamic pref - sanitize it and crash the content process if it's accessed." Dynamic Pref meaning it's not a pref specified in our preference files. Mozilla frustratingly has many of these ourselves, where we either check a pref that's usually for testing without specifying it in the preference files, or we construct a pref name at runtime and use it to store data. So I'm whittling down this list. This is pretty safe because with WebExtensions, only Mozilla has the capability to set prefs so it's just our code.
Except..... for you folks. I found the pref
FireGestures.FGgTranslator.optionJSONin the crash stats which I then found over here.I can't recommend disabling these security prefs, just like I can't recommend or give much support to userChromeJS but if your content processes are crashing after a Nightly update today; this might be why.