From 7d6032bb76742352eba459fa2616f91f8c59b51c Mon Sep 17 00:00:00 2001
From: Sebastian Streich <sstreich@mozilla.com>
Date: Tue, 14 Jul 2020 11:16:24 +0000
Subject: [PATCH] Bug 1450853 - Use Generic Error for 3rdparty MediaElement
 r=ckerschb,smaug

***
Add test

Differential Revision: https://phabricator.services.mozilla.com/D80080
---
 dom/html/HTMLMediaElement.cpp                 | 15 ++++-
 dom/security/test/general/mochitest.ini       |  1 +
 .../test/general/test_bug1450853.html         | 58 +++++++++++++++++++
 3 files changed, 73 insertions(+), 1 deletion(-)
 create mode 100644 dom/security/test/general/test_bug1450853.html

diff --git a/dom/html/HTMLMediaElement.cpp b/dom/html/HTMLMediaElement.cpp
index 4ff63f47c815..3a1e0a55acc7 100644
--- a/dom/html/HTMLMediaElement.cpp
+++ b/dom/html/HTMLMediaElement.cpp
@@ -2351,7 +2351,20 @@ void HTMLMediaElement::NoSupportedMediaSourceError(
   if (mDecoder) {
     ShutdownDecoder();
   }
-  mErrorSink->SetError(MEDIA_ERR_SRC_NOT_SUPPORTED, aErrorDetails);
+
+  bool isThirdPartyLoad = false;
+  nsresult rv = mSrcAttrTriggeringPrincipal->IsThirdPartyURI(mLoadingSrc,
+                                                             &isThirdPartyLoad);
+  if (NS_SUCCEEDED(rv) && isThirdPartyLoad) {
+    // aErrorDetails can include sensitive details like MimeType or HTTP Status
+    // Code. In case we're loading a 3rd party resource we should not leak this
+    // and pass a Generic Error Message
+    mErrorSink->SetError(MEDIA_ERR_SRC_NOT_SUPPORTED,
+                         "Failed to open media"_ns);
+  } else {
+    mErrorSink->SetError(MEDIA_ERR_SRC_NOT_SUPPORTED, aErrorDetails);
+  }
+
   RemoveMediaTracks();
   ChangeDelayLoadStatus(false);
   UpdateAudioChannelPlayingState();
diff --git a/dom/security/test/general/mochitest.ini b/dom/security/test/general/mochitest.ini
index ecd25146274c..b6ebeae1484e 100644
--- a/dom/security/test/general/mochitest.ini
+++ b/dom/security/test/general/mochitest.ini
@@ -63,3 +63,4 @@ support-files = file_xfo_error_page.sjs
 [test_sec_fetch_websocket.html]
 skip-if = toolkit == 'android' # no websocket support Bug 982828
 support-files = file_sec_fetch_websocket_wsh.py
+[test_bug1450853.html]
\ No newline at end of file
diff --git a/dom/security/test/general/test_bug1450853.html b/dom/security/test/general/test_bug1450853.html
new file mode 100644
index 000000000000..ffbc654d8fca
--- /dev/null
+++ b/dom/security/test/general/test_bug1450853.html
@@ -0,0 +1,58 @@
+<!DOCTYPE html>
+<html>
+<!--
+https://bugzilla.mozilla.org/show_bug.cgi?id=1450853
+-->
+<head>
+<meta charset="utf-8">
+<title>Test for Cross-origin resouce status leak via MediaError</title>
+<script src="/tests/SimpleTest/SimpleTest.js"></script>
+<script src="/tests/SimpleTest/ChromeTask.js"></script>
+<link rel="stylesheet" type="text/css" href="chrome://mochikit/content/tests/SimpleTest/test.css"/>
+
+<audio autoplay id="audio"></audio>
+
+<script type="application/javascript">
+
+/** Test for Bug 1450853 **/
+CONST_GENERIC_ERROR_MESSAGE = "Failed to open media";
+
+add_task(function() {
+  return new Promise((resolve) => {
+      let audioElement = document.getElementById("audio");
+
+      audioElement.onerror = function() {
+      let err = this.error;    
+      let message = err.message;
+      info(`Got Audio Error -> ${message}`);
+      ok(message.includes("404"), "Same-Origin Error Message may contain status data");
+      resolve();
+    };
+  audioElement.src = "/media/test.mp3";
+  });
+});
+
+add_task(function() {
+  return new Promise((resolve) => {
+      let audioElement = document.getElementById("audio");
+
+      audioElement.onerror = function() {
+      let err = this.error;    
+      let message = err.message;
+      
+      info(`Got Audio Error -> ${message}`);
+      is(message,CONST_GENERIC_ERROR_MESSAGE, "Cross-Origin Error Message is only Generic");
+      resolve();
+    };
+  audioElement.src = "https://example.com/media/test.mp3";
+  });
+});
+
+</script>
+</head>
+
+<body>
+    <a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=1450853">Mozilla Bug 1450853</a>
+    <iframe width="0" height="0"></iframe>
+  </body>
+</html>