Closed Bug 13322 Opened 26 years ago Closed 26 years ago

Check assignments to __parent__

Categories

(Core :: Security, defect, P3)

Product:
Core
Component:
Security
Platform:
All
Windows NT
Type:
defect

Tracking

()

Status:
VERIFIED FIXED

People

(Reporter: norrisboyd, Assigned: norrisboyd)

References

(
URL
)

Details

(Whiteboard: help wanted: shaver, brendan, rogerl could all move this code over)

Since the parent chain is used to compute the object principal, scripts must not be allowed to change the parent property in a way that alters the computed object principal. There is code in the 4.x tree that enforces this: just need to port that code.
Blocks: 7252
Status: NEW → ASSIGNED
Target Milestone: M14
Whiteboard: help wanted: shaver, brendan, rogerl could all move this code over
Group: netscapeconfidential?
Changing this bug to "Netscape Confidential" since it affects 4.61.
Status: ASSIGNED → RESOLVED
Closed: 26 years ago
Resolution: --- → FIXED
As discussed with Brendan, made __parent__ readonly.
Verified.
No longer blocks: 7252
Status: RESOLVED → VERIFIED
Bulk moving all Browser Security bugs to new Security: General component. The previous Security component for Browser will be deleted.
Component: Security → Security: General
Opening fixed security bugs to the public.
Group: netscapeconfidential?
You need to log in before you can comment on or make changes to this bug.