Closed
Bug 1427727
Opened 6 years ago
Closed 3 years ago
Make setSlot/setElement more robust
Categories
(Core :: JavaScript Engine, enhancement, P2)
Core
JavaScript Engine
Tracking
()
RESOLVED
FIXED
Tracking | Status | |
---|---|---|
firefox59 | --- | wontfix |
People
(Reporter: jandem, Unassigned)
Details
(Keywords: sec-audit)
We sometimes have TI bugs like bug 1427126 because people use setSlot/setElement instead of setSlotWithType/setElementWithType. This is a footgun we should fix. I think we should: * Rename setSlot and setElement to something more scary, like setSlotNoTypeUpdate. * Make these functions assert TI correctness.
Reporter | ||
Updated•6 years ago
|
Flags: needinfo?(jdemooij)
Updated•6 years ago
|
status-firefox59:
--- → fix-optional
Priority: -- → P2
Reporter | ||
Comment 2•6 years ago
|
||
I'm not working on this right now. I still think it's worth doing at some point, but we're not aware of any issues atm.
Flags: needinfo?(jdemooij)
Comment 3•3 years ago
|
||
TI was removed and that gun is no longer pointed at any feet.
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
Updated•3 years ago
|
Group: javascript-core-security → core-security-release
Updated•2 years ago
|
Group: core-security-release
You need to log in
before you can comment on or make changes to this bug.
Description
•