Closed Bug 1701796 Opened 3 years ago Closed 3 years ago

Invalid Win32k use in content process [xul!mozilla::widget::WinUtils::IsTouchDeviceSupportPresent]

Categories

(Core :: Security: Process Sandboxing, defect, P1)

Product:
Core
Component:
Security: Process Sandboxing
Platform:
All
Windows
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
93 Branch
Tracking Flags:
Tracking Status
firefox93 --- fixed

People

(Reporter: cmartin, Assigned: bobowen)

References

(Blocks 1 open bug)

Details

Attachments

(1 file)

Bug 1701796: Move IsTouchDeviceSupportPresent to LookAndFeel remoting to prevent win32k usage in the content process. r=emilio!
48 bytes, text/x-phabricator-request
Details | Review

GetSystemMetrics() is called here

Call stack:

win32u!NtUserCallNoParam
USER32!GetSystemMetrics+0x131
xul!mozilla::widget::WinUtils::IsTouchDeviceSupportPresent+0xf [c:\moz\mozilla-central\widget\windows\WinUtils.cpp @ 1795]
xul!mozilla::dom::TouchEvent::PlatformSupportsTouch+0x26 [c:\moz\mozilla-central\dom\events\TouchEvent.cpp @ 208]
xul!mozilla::dom::TouchEvent::PrefEnabled+0x95 [c:\moz\mozilla-central\dom\events\TouchEvent.cpp @ 242]
xul!mozilla::PresShell::AccessibleCaretEnabled+0x18e [c:\moz\mozilla-central\layout\base\PresShell.cpp @ 782]
xul!mozilla::PresShell::Init+0x2e9 [c:\moz\mozilla-central\layout\base\PresShell.cpp @ 967]
xul!mozilla::dom::Document::CreatePresShell+0x9c [c:\moz\mozilla-central\dom\base\Document.cpp @ 6629]
xul!nsDocumentViewer::InitPresentationStuff+0x5b [c:\moz\mozilla-central\layout\base\nsDocumentViewer.cpp @ 724]
xul!nsDocumentViewer::InitInternal+0x3c1 [c:\moz\mozilla-central\layout\base\nsDocumentViewer.cpp @ 929]
xul!nsDocumentViewer::Init+0x20 [c:\moz\mozilla-central\layout\base\nsDocumentViewer.cpp @ 700]
xul!nsDocShell::SetupNewViewer+0x355 [c:\moz\mozilla-central\docshell\base\nsDocShell.cpp @ 8315]
xul!nsDocShell::Embed+0x42 [c:\moz\mozilla-central\docshell\base\nsDocShell.cpp @ 5805]
xul!nsDocShell::CreateAboutBlankContentViewer+0x567 [c:\moz\mozilla-central\docshell\base\nsDocShell.cpp @ 6892]
xul!nsDocShell::CreateContentViewerForActor+0x53 [c:\moz\mozilla-central\docshell\base\nsDocShell.cpp @ 6929]
xul!nsWebBrowser::Create+0x3ba [c:\moz\mozilla-central\toolkit\components\browser\nsWebBrowser.cpp @ 162]
xul!mozilla::dom::BrowserChild::Init+0xc8 [c:\moz\mozilla-central\dom\ipc\BrowserChild.cpp @ 468]
xul!mozilla::dom::ContentChild::RecvConstructBrowser+0x244 [c:\moz\mozilla-central\dom\ipc\ContentChild.cpp @ 1738]

Assignee: nobody → cmartin
Status: NEW → ASSIGNED
Severity: -- → S4
Priority: -- → P2
Assignee: cmartin → bobowencode
Priority: P2 → P1
Regressions: 1727617

https://hg.mozilla.org/mozilla-central/rev/ad7f37e5923e

Status: ASSIGNED → RESOLVED
Closed: 3 years ago
status-firefox93: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 93 Branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: