Closed
Bug 1184065
Opened 9 years ago
Closed 9 years ago
DestinationInsertionPointList doesn't QI to nsWrapperCache, nor trace the wrapper
Categories
(Core :: DOM: Core & HTML, defect)
Tracking
()
RESOLVED
FIXED
mozilla42
People
(Reporter: smaug, Assigned: smaug)
References
Details
(Keywords: sec-high, Whiteboard: [post-critsmash-triage])
Attachments
(1 file)
1.77 KB,
patch
|
wchen
:
review+
lmandel
:
approval-mozilla-aurora-
lmandel
:
approval-mozilla-beta-
lmandel
:
approval-mozilla-esr38-
abillings
:
sec-approval+
|
Details | Diff | Splinter Review |
No description provided.
Attachment #8634026 -
Flags: review?(wchen)
Assignee | ||
Comment 1•9 years ago
|
||
Comment on attachment 8634026 [details] [diff] [review]
patch
[Security approval request comment]
This is similar to https://bugzilla.mozilla.org/show_bug.cgi?id=1183901#c3
Attachment #8634026 -
Flags: sec-approval?
Updated•9 years ago
|
Attachment #8634026 -
Flags: review?(wchen) → review+
Comment 2•9 years ago
|
||
sec-approval+. We should take this on affected branches as well.
status-firefox39:
--- → wontfix
status-firefox40:
--- → affected
status-firefox41:
--- → affected
status-firefox42:
--- → affected
status-firefox-esr31:
--- → affected
status-firefox-esr38:
--- → affected
tracking-firefox40:
--- → +
tracking-firefox41:
--- → +
tracking-firefox42:
--- → +
tracking-firefox-esr31:
--- → ?
tracking-firefox-esr38:
--- → 40+
Updated•9 years ago
|
Attachment #8634026 -
Flags: sec-approval? → sec-approval+
Assignee | ||
Comment 3•9 years ago
|
||
Comment on attachment 8634026 [details] [diff] [review]
patch
[Approval Request Comment]
https://bugzilla.mozilla.org/show_bug.cgi?id=1183901#c3
The patch seems to apply cleanly to esr38 too.
Attachment #8634026 -
Flags: approval-mozilla-esr38?
Attachment #8634026 -
Flags: approval-mozilla-beta?
Attachment #8634026 -
Flags: approval-mozilla-aurora?
Assignee | ||
Comment 4•9 years ago
|
||
Comment 5•9 years ago
|
||
Status: NEW → RESOLVED
Closed: 9 years ago
status-b2g-master:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla42
Comment 6•9 years ago
|
||
I have the same question here as in https://bugzilla.mozilla.org/show_bug.cgi?id=1183901#c8. If the browser is not affected in the default configuration, do we need to uplift the fix?
Comment 7•9 years ago
|
||
abillings - Can we let this fix ride the trains like bug 1183901?
Flags: needinfo?(abillings)
Comment 8•9 years ago
|
||
Yes, it can ride the trains too.
tracking-firefox40:
+ → ---
tracking-firefox41:
+ → ---
tracking-firefox-esr31:
? → ---
tracking-firefox-esr38:
40+ → ---
Flags: needinfo?(abillings)
Comment 9•9 years ago
|
||
Comment on attachment 8634026 [details] [diff] [review]
patch
As per comment 8, we're going to let this ride the trains.
Attachment #8634026 -
Flags: approval-mozilla-esr38?
Attachment #8634026 -
Flags: approval-mozilla-esr38-
Attachment #8634026 -
Flags: approval-mozilla-beta?
Attachment #8634026 -
Flags: approval-mozilla-beta-
Attachment #8634026 -
Flags: approval-mozilla-aurora?
Attachment #8634026 -
Flags: approval-mozilla-aurora-
Comment 10•9 years ago
|
||
Comment on attachment 8634026 [details] [diff] [review]
patch
NOTE: Please see https://wiki.mozilla.org/Release_Management/B2G_Landing to better understand the B2G approval process and landings.
[Approval Request Comment]
Bug caused by (feature/regressing bug #): bug 854736
User impact if declined: crashes in certified apps that use WebComponents
Testing completed: just tree herder
Risk to taking this patch (and alternatives if risky): low, this is pretty standard stuff
String or UUID changes made by this patch: none
(This is similar to bug 1183901.)
Attachment #8634026 -
Flags: approval‑mozilla‑b2g37_v2_2r?
Attachment #8634026 -
Flags: approval-mozilla-b2g37?
Attachment #8634026 -
Flags: approval-mozilla-b2g34?
Attachment #8634026 -
Flags: approval-mozilla-b2g32?
Comment 11•9 years ago
|
||
Comment on attachment 8634026 [details] [diff] [review]
patch
This is sec-high, so it has auto-approval for uplift to affected active B2G branches.
Attachment #8634026 -
Flags: approval‑mozilla‑b2g37_v2_2r?
Attachment #8634026 -
Flags: approval-mozilla-b2g37?
Attachment #8634026 -
Flags: approval-mozilla-b2g34?
Attachment #8634026 -
Flags: approval-mozilla-b2g32?
Updated•9 years ago
|
status-b2g-v2.0:
--- → wontfix
status-b2g-v2.0M:
--- → wontfix
status-b2g-v2.1:
--- → wontfix
status-b2g-v2.1S:
--- → affected
status-b2g-v2.2:
--- → affected
status-b2g-v2.2r:
--- → affected
Comment 12•9 years ago
|
||
Updated•9 years ago
|
Group: dom-core-security → release-core-security
Assignee | ||
Comment 14•9 years ago
|
||
bug 1183604 made us assert hard on debug builds if this kind of mistake happens in the future.
Flags: needinfo?(bugs)
Updated•9 years ago
|
Whiteboard: [post-critsmash-triage]
Assignee | ||
Comment 16•9 years ago
|
||
yeah, this is web components stuff too, so, not enabled by default.
Flags: needinfo?(bugs)
Updated•9 years ago
|
Updated•9 years ago
|
Group: core-security-release
Updated•6 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•