[media] Only include source error details in debugging scenarios.

Unless a user is debugging media errors, this detail is unnecessary to report and could include sensitive data which could be abused by third-party requesters. This aligns it with the standard success/error paradigms in normal browsing situations.
author: Moonchild <moonchild@palemoon.org> 2020-08-28 06:46:12 +0000
committer: Moonchild <moonchild@palemoon.org> 2020-08-28 06:46:12 +0000
commit: 4358ff62a563938549c79684044cd423e94737c1 (patch)
tree: f50b26e17c2ee544decae21f5e6fde58c9eefcfe /modules
parent: 6eb0dd86111cc2a7c55dfdc3eeb29a34c52e8035 (diff)
download: uxp-4358ff62a563938549c79684044cd423e94737c1.tar.gz
1 files changed, 8 insertions, 0 deletions
diff --git a/modules/libpref/init/all.js b/modules/libpref/init/all.js
index 2a50d3704c..5eed08f865 100644
--- a/modules/libpref/init/all.js
+++ b/modules/libpref/init/all.js
@@ -5440,3 +5440,11 @@ pref("prompts.authentication_dialog_abuse_limit", 0);
 // Whether module scripts (<script type="module">) are enabled for content.
 pref("dom.moduleScripts.enabled", true);
 
+// Report details when a media source error occurs?
+// Enabled by default in debug builds, otherwise should be explicitly enabled
+// by the user to prevent XO leaking of the response status (CVE-2020-15666)
+#ifdef DEBUG
+pref("media.sourceErrorDetails.enabled", true);
+#else
+pref("media.sourceErrorDetails.enabled", false);
+#endif
author	Moonchild <moonchild@palemoon.org>	2020-08-28 06:46:12 +0000
committer	Moonchild <moonchild@palemoon.org>	2020-08-28 06:46:12 +0000
commit	4358ff62a563938549c79684044cd423e94737c1 (patch)
tree	f50b26e17c2ee544decae21f5e6fde58c9eefcfe /modules
parent	6eb0dd86111cc2a7c55dfdc3eeb29a34c52e8035 (diff)
download	uxp-4358ff62a563938549c79684044cd423e94737c1.tar.gz