Closed Bug 1214491 Opened 4 years ago Closed 4 years ago

Various nsGlobalWindow methods access subject principal without script on the stack

Categories

(Core :: DOM: Core & HTML, defect)

defect
Not set

Tracking

()

RESOLVED FIXED
mozilla44
Tracking Status
firefox44 --- fixed

People

(Reporter: bholley, Assigned: bholley)

References

Details

Attachments

(2 files, 1 obsolete file)

Comment on attachment 8673476 [details] [diff] [review]
Part 1 - Rejigger entry points for nsGlobalWindow::Close. v1

r=me
Attachment #8673476 - Flags: review?(bzbarsky) → review+
Comment on attachment 8673477 [details] [diff] [review]
Part 2 - Remove CanCallerAccess check for XPIDL version of nsGlobalWindow::AddEventListener. v1

r=me
Attachment #8673477 - Flags: review?(bzbarsky) → review+
I mistakenly read this check as || instead of &&.
Attachment #8673885 - Flags: review?(bzbarsky)
Attachment #8673477 - Attachment is obsolete: true
Comment on attachment 8673885 [details] [diff] [review]
Part 2 - Remove CanCallerAccess check for XPIDL version of nsGlobalWindow::AddEventListener. v2

r=me
Attachment #8673885 - Flags: review?(bzbarsky) → review+
https://hg.mozilla.org/mozilla-central/rev/e9ff33b716e5
https://hg.mozilla.org/mozilla-central/rev/3c650d3ef120
Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla44
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.