Closed
Bug 1451405
Opened 6 years ago
Closed 6 years ago
debug-only image observers run script during painting.
Categories
(Core :: DOM: Core & HTML, enhancement)
Core
DOM: Core & HTML
Tracking
()
RESOLVED
FIXED
mozilla61
| Tracking | Status | |
|---|---|---|
| firefox-esr52 | --- | unaffected |
| firefox59 | --- | wontfix |
| firefox60 | --- | wontfix |
| firefox61 | --- | fixed |
People
(Reporter: emilio, Assigned: emilio)
Details
(Keywords: csectype-uaf, sec-other, Whiteboard: [adv-main61-][post-critsmash-triage])
Attachments
(1 file)
|
2.33 KB,
patch
|
bzbarsky
:
review+
|
Details | Diff | Splinter Review |
Which breaks assertions we want to add.
|
Assignee | |
Comment 1•6 years ago
|
||
Notify off a script runner for this stuff.
Attachment #8964984 -
Flags: review?(bzbarsky)
|
|
Assignee | |
Updated•6 years ago
|
Group: core-security
|
||
Comment 2•6 years ago
|
||
Comment on attachment 8964984 [details] [diff] [review] Patch. >+ RefPtr<nsIURI> uri = mURI->ToIURI(); Why not nsCOMPtr? Normally that's what we would use with an nsI* thing. r=me with that fixed or explained.
Attachment #8964984 -
Flags: review?(bzbarsky) → review+
|
|
||
Comment 3•6 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/c989bd874ddb726eb0d2c6390441d844e11098b2 https://hg.mozilla.org/mozilla-central/rev/c989bd874ddb
Status: NEW → RESOLVED
Closed: 6 years ago
status-firefox61:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla61
|
||
Updated•6 years ago
|
Group: core-security → dom-core-security
status-firefox59:
--- → wontfix
status-firefox60:
--- → wontfix
status-firefox-esr52:
--- → unaffected
|
||
Updated•6 years ago
|
Group: dom-core-security → core-security-release
|
||
Comment 4•6 years ago
|
||
(In reply to Sebastian Hengst [:aryx] (needinfo on intermittent or backout) from comment #3) > https://hg.mozilla.org/integration/mozilla-inbound/rev/ > c989bd874ddb726eb0d2c6390441d844e11098b2 > https://hg.mozilla.org/mozilla-central/rev/c989bd874ddb How did this even get checked in without a sec-approval and a security rating?
Flags: needinfo?(emilio)
|
|
||
Comment 5•6 years ago
|
||
Dan points out from the summary that this may be debug only? If so, I guess it made sense to check in. Emilio, can you confirm?
|
|
||
Comment 6•6 years ago
|
||
Not visible in the patch itself but this is in an "ifdef DEBUG" block and doesn't affect releases.
Flags: needinfo?(emilio)
Keywords: csectype-uaf,
sec-other
|
|
Assignee | |
Comment 7•6 years ago
|
||
It's debug only, yes.
|
|
||
Updated•6 years ago
|
Whiteboard: [adv-main61-]
|
||
Updated•6 years ago
|
Flags: qe-verify-
Whiteboard: [adv-main61-] → [adv-main61-][post-critsmash-triage]
|
||
Updated•5 years ago
|
Component: DOM → DOM: Core & HTML
|
|
||
Updated•5 years ago
|
Group: core-security-release
You need to log in
before you can comment on or make changes to this bug.
Description
•