Closed
Bug 336303
Opened 18 years ago
Closed 18 years ago
[FIX]nsPrincipal::GetOrigin should dig into nested URIs
Categories
(Core :: Security, defect, P2)
Tracking
()
RESOLVED
FIXED
mozilla1.9alpha1
People
(Reporter: bzbarsky, Assigned: bzbarsky)
References
Details
(Keywords: fixed1.8.0.15, verified1.8.1.13)
Attachments
(2 files, 2 obsolete files)
7.17 KB,
patch
|
Details | Diff | Splinter Review | |
6.79 KB,
patch
|
bzbarsky
:
review+
bzbarsky
:
superreview+
samuel.sidler+old
:
approval1.8.1.13+
caillon
:
approval1.8.0.next+
|
Details | Diff | Splinter Review |
That would allow us to remove the "ugly manual de-nesting of jar: in nsScriptSecurityManager::LookupPolicy".
Assignee | ||
Comment 1•18 years ago
|
||
I checked the GetOrigin callers. All except for GetCodebasePrincipal are just fine with this change; I believe GetCodebasePrincipal is fine too.
Attachment #220558 -
Flags: superreview?(jst)
Attachment #220558 -
Flags: review?(dveditz)
Assignee | ||
Updated•18 years ago
|
Priority: -- → P2
Summary: nsPrincipal::GetOrigin should dig into nested URIs → [FIX]nsPrincipal::GetOrigin should dig into nested URIs
Target Milestone: --- → mozilla1.9alpha
Comment 2•18 years ago
|
||
Comment on attachment 220558 [details] [diff] [review] Proposed fix presumably there's a caps/include/nsPrincipal.h patch that adds the mOrigin member? r=dveditz
Attachment #220558 -
Flags: review?(dveditz) → review+
Assignee | ||
Comment 3•18 years ago
|
||
Attachment #220558 -
Attachment is obsolete: true
Attachment #220780 -
Flags: superreview?(jst)
Attachment #220558 -
Flags: superreview?(jst)
Comment 4•18 years ago
|
||
Comment on attachment 220780 [details] [diff] [review] Er, yes. ;) sr=jst
Attachment #220780 -
Flags: superreview?(jst) → superreview+
Assignee | ||
Comment 5•18 years ago
|
||
Attachment #220780 -
Attachment is obsolete: true
Assignee | ||
Comment 6•18 years ago
|
||
Fixed.
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED
Updated•16 years ago
|
Blocks: CVE-2008-1195
Flags: blocking1.8.1.13+
Comment 7•16 years ago
|
||
Attachment #308264 -
Flags: superreview?(bzbarsky)
Attachment #308264 -
Flags: review?(bzbarsky)
Attachment #308264 -
Flags: approval1.8.1.13?
Assignee | ||
Comment 8•16 years ago
|
||
Comment on attachment 308264 [details] [diff] [review] 1.8 branch version Looks good. r+sr=bzbarsky
Attachment #308264 -
Flags: superreview?(bzbarsky)
Attachment #308264 -
Flags: superreview+
Attachment #308264 -
Flags: review?(bzbarsky)
Attachment #308264 -
Flags: review+
Comment 9•16 years ago
|
||
Comment on attachment 308264 [details] [diff] [review] 1.8 branch version Approved for 1.8.1.13. a=ss
Attachment #308264 -
Flags: approval1.8.1.13? → approval1.8.1.13+
Comment 10•16 years ago
|
||
Fix checked into 1.8 branch
Flags: blocking1.8.0.15?
Keywords: fixed1.8.1.13
Comment 11•16 years ago
|
||
qa: this can be tested with the test case in bug 402995
Updated•16 years ago
|
Flags: blocking1.8.0.15? → blocking1.8.0.15+
Updated•16 years ago
|
Attachment #308264 -
Flags: approval1.8.0.15?
Comment 12•16 years ago
|
||
Comment on attachment 308264 [details] [diff] [review] 1.8 branch version a=caillon for the 1.8.0 branch
Attachment #308264 -
Flags: approval1.8.0.15? → approval1.8.0.15+
Comment 13•16 years ago
|
||
I verified bug 402995 using Firefox 2.0.0.12 on Ubuntu 7.10 with JRE 1.6.0_03-b05. I then validated the fix for 402995 using Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.13) Gecko/2008031115 Firefox/2.0.0.13, which is the RC1 for 2.0.0.13. The bug no longer reproduces in either of the jar: versions. Marking as verified for 1.8.1.13
Keywords: fixed1.8.1.13 → verified1.8.1.13
Comment 14•16 years ago
|
||
MOZILLA_1_8_0_BRANCH: Checking in caps/include/nsPrincipal.h; /cvsroot/mozilla/caps/include/nsPrincipal.h,v <-- nsPrincipal.h new revision: 1.17.10.1; previous revision: 1.17 done Checking in caps/src/nsPrincipal.cpp; /cvsroot/mozilla/caps/src/nsPrincipal.cpp,v <-- nsPrincipal.cpp new revision: 1.37.2.1.2.2; previous revision: 1.37.2.1.2.1 done Checking in caps/src/nsScriptSecurityManager.cpp; /cvsroot/mozilla/caps/src/nsScriptSecurityManager.cpp,v <-- nsScriptSecurityManager.cpp new revision: 1.266.2.7.2.13; previous revision: 1.266.2.7.2.12 done
Keywords: fixed1.8.0.15
You need to log in
before you can comment on or make changes to this bug.
Description
•