1300817 - nsWindowWatcher::OpenWindowInternal() can read OriginAttributes off of the system principal

Status: RESOLVED FIXED

(Core :: DOM: Core & HTML, defect)

Description

[(no longer active)]

See <http://searchfox.org/mozilla-central/source/embedding/components/windowwatcher/nsWindowWatcher.cpp#1118>

This is definitely the wrong thing to do for expanded principals, as demonstrated by bug 1297687.  It is also the wrong thing to do with the system principal.

Since this code can run from the scriptable nsIWindowWatcher.openWindow(), it can cause bugs with add-ons calling it from such principals mentioned above.

Comment 1

[(no longer active)]

Attachment: Avoid inheriting the origin attributes of the subject principal if it's expanded

Comment 2

[Boris Zbarsky [:bzbarsky]]

Comment on attachment 8788959 [details] [diff] [review]
Avoid inheriting the origin attributes of the subject principal if it's expanded

That doesn't address subjectPrincipal being system. Why is that ok?

r=me with that explained.

Comment 3

[(no longer active)]

Err, it's not OK.  I meant to do that in a separate patch for easier bisectability but I forgot.  Sorry!  :/

Filed as bug 1301201.

Comment 4

[Pulsebot]

Pushed by eakhgari@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/fdfb1d87051b
Avoid inheriting the origin attributes of the subject principal if it's expanded; r=bzbarsky

Comment 5

[Carsten Book [:Tomcat]]

https://hg.mozilla.org/mozilla-central/rev/fdfb1d87051b