179777 - Access to arguments.callee.caller from top level silenty stops script execution

Status: RESOLVED DUPLICATE of bug 158592

(Core :: Security: CAPS, defect)

Description

[Colin Surprenant]

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2b) Gecko/20021016
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2b) Gecko/20021016

The arguments.callee.caller property in not accessible from top level functions
and event handlers. For these the property should be null but instead its access
silently stops the script execution, no JavaScript errors, not possible to trap.
On IE6 the property is null.

Problem confirmed on Mozilla 1.2b (2002101612) in Win32 and Linux.

Reproducible: Always

Steps to Reproduce:

Comment 1

[Colin Surprenant]

Attachment: arguments.callee.caller bug simple test case

This test case to show the bug in these 3 contexts:
1- Access to arguments.callee.caller from the body onload handler
2- Access to arguments.callee.caller in a try/catch from a top level function
3- Access to arguments.callee.caller from a onclick handler

Normally, the body onload handler should display an alert showing
arguments.callee.caller. The top level function invokes an alert in both the
try and catch, and after the try/catch. Finally, the onlick handler should
display an alert showing arguments.callee.caller.

Comment 2

[Phil Schwartau]

Colin: good catch. This is actually not a JS Engine problem,
but turns out to be caused by security code in the browser.

See bug 158592 "Stack Trace code causes process thread to die.";
in particular, bug 158592 comment #5.

Reassigning to Security:CAPS -

Comment 3

[Phil Schwartau]

Colin: thank you for this report. You have been cc'ed on bug 158592
so you can follow progress on this. Please reopen that bug if the 
fix for it does not cure what you have observed here -

*** This bug has been marked as a duplicate of 158592 ***