Closed Bug 213847 Opened 22 years ago Closed 22 years ago

Error: uncaught exception: enablePrivilege not granted

Categories

(Core :: Security, defect, P1)

Product:
Core
Component:
Security
Platform:
x86
Windows XP
Type:
defect

Tracking

()

Status:
VERIFIED FIXED
Milestone:
mozilla1.5beta

People

(Reporter: iannbugzilla, Assigned: caillon)

References

(
URL
)

Details

(Keywords: regression)

Attachments

(1 file)

Probable fix
1.11 KB, patch
bzbarsky
: review+
bzbarsky
: superreview+
Details | Diff | Splinter Review
Using BuildID 2003072404 on WinXPSP1 with BClary's UA sidebar installed 1. Try changing UA string Expected result 1. Popup window asking for granting permision Actual result 1. Following message appears in JavaScript Console: Error: uncaught exception: enablePrivilege not granted 2. No popup window Works fine in BuildID 2003072304 and prior
Ok a few more details: Sidebar can be downloaded from http://mozilla-evangelism.bclary.com/sidebars/ (I've put it in the URL field). Popup box should say: A script from "http://mozilla-evangelism.bclary.com" has requested privleges. You should grant these privileges only if you are comfortable downloading and executing a program from this source. Do you wish to allow these privileges? [Yes] [No]
URL: http://mozilla-evangelism.bclary.com/...
I told you to assign this to me...
Assignee: security-bugs → caillon
Attached patch Probable fixSplinter Review
This should fix things. I haven't tested this at all though, since my power at home went out earlier today and my build did not finish yet with my changes from last night.
Going to sleep now. I'll test this in the morning when my build is finished.
Status: NEW → ASSIGNED
Keywords: regression
Priority: -- → P1
Target Milestone: --- → mozilla1.5beta
Attachment #128495 - Flags: superreview+
Attachment #128495 - Flags: review+
Checked in.
Status: ASSIGNED → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
Uh, this is not too good. We should avoid asking the user. The user does not know, and will most likely allow it. "Given the choice of dancing pigs and security..." Why don't we know what to do? Can we fix the real problem instead of making it the user's headache?
Heikki, this is the "expected" behavior. If we don't ask, then any random evil.com site could just pop one line of code on their site and gain full XPConnect priveleges without the user knowing.
Also of note, this was behavior before my landing of 83536. I just missed this case.
Ok, if it used to be like that I'll consent. I definitely did not mean to grant privileges in cases they shouldn't. What I meant was: if there is any way to automatically determine the correct way of action, use it. In principle we should never ask the user, because s/he does not know.
Heikki, understood. Actually, in order for us to get this popup, the user needs to manually add something to their prefs which basically says "ask me instead of always denying." See the instructions at the URL given in the bug.
verified 2003072704 trunk win2k
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: