Closed
Bug 843770
Opened 11 years ago
Closed 11 years ago
Call SetDllDirectory(L"") as a precaution in updater
Categories
(Toolkit :: Application Update, defect)
Tracking
()
RESOLVED
FIXED
mozilla22
People
(Reporter: bbondy, Assigned: bbondy)
Details
(Keywords: sec-moderate, Whiteboard: [adv-main22-])
Attachments
(1 file)
1.18 KB,
patch
|
robert.strong.bugs
:
review+
|
Details | Diff | Splinter Review |
There are no known security attaccks, but it's a good idea to call SetDllDirectory("") as a precaution. This call will remove the current directory for dynamically loaded DLLs if we ever introduce the use of some.
Assignee | ||
Comment 1•11 years ago
|
||
I decided to put it here because that way we don't need extra ugly ifdef's inside updater.cpp. This file is already windows only and it is called before main() is even entered.
Attachment #716728 -
Flags: review?(robert.bugzilla)
Assignee | ||
Updated•11 years ago
|
No longer depends on: CVE-2013-0797
Updated•11 years ago
|
Keywords: sec-moderate
Updated•11 years ago
|
Attachment #716728 -
Flags: review?(robert.bugzilla) → review+
Assignee | ||
Comment 2•11 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/3e5f2cfbf3b4
Target Milestone: --- → mozilla22
Comment 3•11 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/3e5f2cfbf3b4
Comment 4•11 years ago
|
||
Do we need this on ESR-17?
status-firefox20:
--- → affected
status-firefox21:
--- → affected
status-firefox-esr17:
--- → affected
tracking-firefox21:
--- → ?
tracking-firefox-esr17:
--- → ?
Assignee | ||
Comment 5•11 years ago
|
||
I don't think we need it uplifted anywhere since there is no specific known attack we're protecting against.
Comment 6•11 years ago
|
||
(In reply to Brian R. Bondy [:bbondy] from comment #5) > I don't think we need it uplifted anywhere since there is no specific known > attack we're protecting against. Sounds reasonable, especially since this is sec-moderate.
tracking-firefox-esr17:
? → ---
Updated•11 years ago
|
tracking-firefox-esr17:
--- → -
Updated•11 years ago
|
Updated•11 years ago
|
status-b2g18:
--- → unaffected
Updated•11 years ago
|
Whiteboard: [adv-main22-]
Updated•10 years ago
|
Group: core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•