Closed
Bug 1572568
Opened 6 years ago
Closed 1 year ago
Switch security.allow_eval_with_system_principal to false
Categories
(Thunderbird :: General, task)
Thunderbird
General
Tracking
(Not tracked)
RESOLVED
FIXED
125 Branch
People
(Reporter: jorgk-bmo, Assigned: standard8)
References
(Blocks 1 open bug)
Details
Attachments
(2 files)
|
1.08 KB,
patch
|
Details | Diff | Splinter Review | |
|
48 bytes,
text/x-phabricator-request
|
Details | Review |
Currently it's eval is still allowed in
https://searchfox.org/mozilla-central/rev/9775cca0a10a9b5c5f4e15c8f7b3eff5bf91bbd0/modules/libpref/init/StaticPrefList.yaml#5973
We should follow FF and switch it off on Nightly, like here:
https://searchfox.org/mozilla-central/rev/9775cca0a10a9b5c5f4e15c8f7b3eff5bf91bbd0/browser/app/profile/firefox.js#505
|
Reporter | |
Comment 1•6 years ago
|
||
Assignee: nobody → jorgk
Pushed by mozilla@jorgk.com:
https://hg.mozilla.org/comm-central/rev/6dcb86ddf89f
Disallow eval() with system principal in Daily/Nightly build. r=me
|
|
Reporter | |
Comment 3•6 years ago
|
||
Not actively working on this. The patch I landed on TB 70 hasn't caused any complaints so far, going to beta soon.
We'll revisit this bug when there is need for more action.
Assignee: jorgk → nobody
Target Milestone: --- → Thunderbird 70.0
|
||
Updated•3 years ago
|
Severity: normal → S3
|
Assignee | |
Comment 4•1 year ago
|
||
|
||
Updated•1 year ago
|
Assignee: nobody → standard8
Status: NEW → ASSIGNED
|
|
Assignee | |
Updated•1 year ago
|
Keywords: leave-open → checkin-needed-tb
Pushed by geoff@darktrojan.net:
https://hg.mozilla.org/comm-central/rev/f027bba1b06b
Disallow eval() with system principal on Thunderbird builds. r=mkmelin
|
|
Assignee | |
Updated•1 year ago
|
Target Milestone: Thunderbird 70.0 → 125 Branch
You need to log in
before you can comment on or make changes to this bug.
Description
•