Closed Bug 1300817 Opened 3 years ago Closed 3 years ago

nsWindowWatcher::OpenWindowInternal() can read OriginAttributes off of the system principal

Categories

(Core :: DOM: Core & HTML, defect)

defect
Not set

Tracking

()

RESOLVED FIXED
mozilla51
Tracking Status
firefox51 --- fixed

People

(Reporter: ehsan, Assigned: ehsan)

References

Details

Attachments

(1 file)

See <http://searchfox.org/mozilla-central/source/embedding/components/windowwatcher/nsWindowWatcher.cpp#1118>

This is definitely the wrong thing to do for expanded principals, as demonstrated by bug 1297687.  It is also the wrong thing to do with the system principal.

Since this code can run from the scriptable nsIWindowWatcher.openWindow(), it can cause bugs with add-ons calling it from such principals mentioned above.
Comment on attachment 8788959 [details] [diff] [review]
Avoid inheriting the origin attributes of the subject principal if it's expanded

That doesn't address subjectPrincipal being system. Why is that ok?

r=me with that explained.
Attachment #8788959 - Flags: review?(bzbarsky) → review+
Err, it's not OK.  I meant to do that in a separate patch for easier bisectability but I forgot.  Sorry!  :/

Filed as bug 1301201.
See Also: → 1301201
Pushed by eakhgari@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/fdfb1d87051b
Avoid inheriting the origin attributes of the subject principal if it's expanded; r=bzbarsky
https://hg.mozilla.org/mozilla-central/rev/fdfb1d87051b
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla51
Assignee: nobody → ehsan
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.