Various nsGlobalWindow methods access subject principal without script on the stack

RESOLVED FIXED in Firefox 44

Status

()

Core
DOM
RESOLVED FIXED
3 years ago
3 years ago

People

(Reporter: bholley, Assigned: bholley)

Tracking

unspecified
mozilla44
Points:
---

Firefox Tracking Flags

(firefox44 fixed)

Details

Attachments

(2 attachments, 1 obsolete attachment)

(Assignee)

Comment 1

3 years ago
Created attachment 8673476 [details] [diff] [review]
Part 1 - Rejigger entry points for nsGlobalWindow::Close. v1
Attachment #8673476 - Flags: review?(bzbarsky)
(Assignee)

Comment 2

3 years ago
Created attachment 8673477 [details] [diff] [review]
Part 2 - Remove CanCallerAccess check for XPIDL version of nsGlobalWindow::AddEventListener. v1
Attachment #8673477 - Flags: review?(bzbarsky)
Comment on attachment 8673476 [details] [diff] [review]
Part 1 - Rejigger entry points for nsGlobalWindow::Close. v1

r=me
Attachment #8673476 - Flags: review?(bzbarsky) → review+
Comment on attachment 8673477 [details] [diff] [review]
Part 2 - Remove CanCallerAccess check for XPIDL version of nsGlobalWindow::AddEventListener. v1

r=me
Attachment #8673477 - Flags: review?(bzbarsky) → review+
(Assignee)

Comment 6

3 years ago
Created attachment 8673885 [details] [diff] [review]
Part 2 - Remove CanCallerAccess check for XPIDL version of nsGlobalWindow::AddEventListener. v2

I mistakenly read this check as || instead of &&.
Attachment #8673885 - Flags: review?(bzbarsky)
(Assignee)

Updated

3 years ago
Attachment #8673477 - Attachment is obsolete: true
Comment on attachment 8673885 [details] [diff] [review]
Part 2 - Remove CanCallerAccess check for XPIDL version of nsGlobalWindow::AddEventListener. v2

r=me
Attachment #8673885 - Flags: review?(bzbarsky) → review+
https://hg.mozilla.org/mozilla-central/rev/e9ff33b716e5
https://hg.mozilla.org/mozilla-central/rev/3c650d3ef120
Status: NEW → RESOLVED
Last Resolved: 3 years ago
status-firefox44: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla44
You need to log in before you can comment on or make changes to this bug.