Closed Bug 227079 Opened 21 years ago Closed 21 years ago

Mozilla asks for security privileges where it shouldn't

Categories

(Core :: Security: CAPS, defect)

x86
Windows 2000
defect
Not set
critical

Tracking

()

RESOLVED FIXED

People

(Reporter: mcsmurf, Assigned: caillon)

References

()

Details

(Keywords: regression)

Attachments

(1 file)

First open URL with a current Mozilla trunk build, then mark some text and press "Cut". Mozilla asks for permissions because the script asks for it (UniversalXPConnect). Normally this shouldn't happen because this script isn't signed and signed.applets.codebase_principal_support is set to "false". Mozilla 1.5 behaved correctly, so regression
Flags: blocking1.6b?
Summary: Mozilla asks for security privileges where it shouldnt → Mozilla asks for security privileges where it shouldnt
Summary: Mozilla asks for security privileges where it shouldnt → Mozilla asks for security privileges where it shouldn't
fwiw Bug 202253 removed some extra privs from mozilla.org ... but that doesn't seem related. I don't have a current mozilla with me as I'm traveling.
Status: NEW → RESOLVED
Closed: 21 years ago
Resolution: --- → INVALID
erm, i didn't mean to do that
Status: RESOLVED → REOPENED
Resolution: INVALID → ---
Caillon, do you have time to look into this? Marking blocking1.6b until we know more. /be
Flags: blocking1.6b? → blocking1.6b+
I finally tracked down this bug *g* (what a work!) to the checkin frame between 2003-10-21-05 and 2003-10-22-05. Someone can go thorugh these checkins and see what could be responsible for this?
note that one of those checkins is: "Re-land patch for bug 83536, merging principal objects. Also includes fixes from bug 216041. r=bzbarsky sr=jst" (from caillon)
nsCodebasePrincipal.cpp was removed entirely by caillon in his checkin for bug 83536. I don't understand the code enough to make sense of why ;) IMO this is a serious problem... the warning dialog is not nearly scary enough.
Taking bug.
Assignee: security-bugs → caillon
Status: REOPENED → NEW
Attached patch FixSplinter Review
Hm, how did this silly mistake get by me and reviewers? These checks somehow fell out of my principal merge patch. They go back in.
Attachment #136709 - Flags: superreview?(bz-vacation)
Attachment #136709 - Flags: review?(jst)
Comment on attachment 136709 [details] [diff] [review] Fix How about "allow" instead of "truth"? sr=bzbarsky with that.
Attachment #136709 - Flags: superreview?(bz-vacation) → superreview+
Comment on attachment 136709 [details] [diff] [review] Fix What bz said. r=jst
Attachment #136709 - Flags: review?(jst) → review+
Attachment #136709 - Flags: approval1.6b? → approval1.6b+
Fix checked in.
Status: NEW → RESOLVED
Closed: 21 years ago21 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: