Closed Bug 1228116 Opened 4 years ago Closed 4 years ago

Relax Security checks for DTD loads

Categories

(Core :: DOM: Security, defect)

defect
Not set

Tracking

()

RESOLVED FIXED
mozilla45

People

(Reporter: ckerschb, Assigned: ckerschb)

References

(Blocks 1 open bug)

Details

Attachments

(2 files)

No description provided.
Assignee: nobody → mozilla
Status: NEW → ASSIGNED
Blocks: 1228117
Blocks: 1226869
Lets revert to the old policy for now so that addons work in Nightly builds and determine the right policy within Bug 1228117.

Please note that we also have to back out the following test:
  browser/base/content/test/general/test_bug1182546.html
which landed with bug 1182546.
Attachment #8692157 - Flags: review?(jonas)
Blocks: 1226823
Blocks: 1182546
Comment on attachment 8692157 [details] [diff] [review]
bug_1228116_relax_dtd_loads.patch

Review of attachment 8692157 [details] [diff] [review]:
-----------------------------------------------------------------

I'd be worried about releasing this. In particular I'm worried that SWs or something else is able to trigger loads which use TYPE_DTD.

However it's fine to do for now in order to unbreak addons.
Attachment #8692157 - Flags: review?(jonas) → review+
Don't know if I really need a review for that backout!
Attachment #8692163 - Flags: review?(jonas)
Comment on attachment 8692163 [details] [diff] [review]
bug_1228116_backout_dtd_test.patch

Review of attachment 8692163 [details] [diff] [review]:
-----------------------------------------------------------------

r+ from Jonas on the backout of the test - granted over IRC.
Attachment #8692163 - Flags: review?(jonas) → review+
Please note that the patches within this bug are just a *TEMPORARY* fix so that affected addons work again using Nightly builds. We should immediately start and investigate Bug 1228117 to determine the right security policy for DTD loads.
These landed yesterday, but the bug didn't got marked (I guess it's because the message has 'backout' in it)
https://hg.mozilla.org/mozilla-central/rev/7ace0805c2d3
https://hg.mozilla.org/mozilla-central/rev/cbed8d23f380
Status: ASSIGNED → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla45
You need to log in before you can comment on or make changes to this bug.