Closed Bug 77825 Opened 23 years ago Closed 23 years ago

[XPCDOM] Accessing window.location doesn't call canAccess()

Tracking

()

Status:

VERIFIED FIXED

People

(Reporter: security-bugs, Assigned: jst)

Details

Mitchell Stoltz (not reading bugmail)

Reporter

Description

•

23 years ago

Accesses of window.location aren't causing a call to canAccess() in the security
manager, nor are accesses of properties defined in scripts.

Mitchell Stoltz (not reading bugmail)

Reporter

Comment 1

•

23 years ago

Upping severity to blocker. If not fixed, this will allow some pretty bad
privacy violations.

Severity: normal → blocker

Johnny Stenback (:jst)

Assignee

Comment 2

•

23 years ago

Mitch, what security manager methods should I call in the scriptable helper
code? And when? On setting a property and getting a property, any other cases?

Mitchell Stoltz (not reading bugmail)

Reporter

Comment 3

•

23 years ago

Look at nsIXPCSecurityManager; the names of the functions are pretty
self-explanatory. THose are the functions we should be calling.

Johnny Stenback (:jst)

Assignee

Comment 4

•

23 years ago

Fixed.

Status: NEW → RESOLVED

Closed: 23 years ago

Resolution: --- → FIXED

Prashant Desale

Comment 5

•

23 years ago

Johhney or Mitch, could you please verify this one ?

Mitchell Stoltz (not reading bugmail)

Reporter

Comment 6

•

23 years ago

Verified. I've re-tested this.

Status: RESOLVED → VERIFIED

timeless

Updated

•

16 years ago

Component: DOM: Core → DOM: Core & HTML

QA Contact: desale → general

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

[XPCDOM] Accessing window.location doesn't call canAccess()

Categories

(Core :: DOM: Core & HTML, defect)

Tracking

()

People

(Reporter: security-bugs, Assigned: jst)

References

Details

Crash Data

Security

(public)

User Story

Description

Comment 1

Comment 2

Comment 3

Comment 4

Comment 5

Comment 6

Updated