Closed Bug 296902 Opened 19 years ago Closed 19 years ago

Check whether XPCNativeWrapper needs security checks

Categories

(Core :: DOM: Core & HTML, defect)

Product:
Core
Component:
DOM: Core & HTML
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
VERIFIED FIXED

People

(Reporter: bzbarsky, Unassigned)

References

Details

We have various same-origin type security checks in DOMClassInfo that I don't
see happening in XPCNativeWrapper.  Since content can manually construct
XPCNativeWrapper objects, perhaps we need some checks?  Note that I haven't
managed to actually produce an XSS exploit yet, so maybe we're OK; I just can't
figure out _why_ exceptions are getting thrown when they are.
Maybe shutdown or moz_bug_r_a4 could turn this into an exploit
Someone remind me of the other bug bz filed, asking for XPCNativeWrapper to call
the scriptable helper hooks, for hi-fi DOM level 0 emulation.

/be
bc kindly pointed out bug 296967 over IRC.

/be
Depends on: 296967
(In reply to comment #1)
> Maybe shutdown or moz_bug_r_a4 could turn this into an exploit

I've filed bug 299450. please check.
Depends on: 299450
Flags: blocking1.8b4?
This is fixed now that its dependencies are fixed.  bz can verify next week.

/be
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
If this gets reopened, we probably need to see it on the blocker list.
Flags: blocking1.8b4? → blocking1.8b4+
Yeah, I think with the dependencies fixed this is all good.
Status: RESOLVED → VERIFIED
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.