Mozilla asks for security privileges where it shouldn't

RESOLVED FIXED

Status

()

defect
--
critical
RESOLVED FIXED
16 years ago
8 years ago

People

(Reporter: mcsmurf, Assigned: caillon)

Tracking

({regression})

Trunk
x86
Windows 2000
Points:
---
Bug Flags:
blocking1.6b +

Firefox Tracking Flags

(Not tracked)

Details

()

Attachments

(1 attachment)

First open URL with a current Mozilla trunk build, then mark some text and 
press "Cut". Mozilla asks for permissions because the script asks for it 
(UniversalXPConnect). Normally this shouldn't happen because this script isn't 
signed and signed.applets.codebase_principal_support is set to "false". Mozilla 
1.5 behaved correctly, so regression
Flags: blocking1.6b?
Summary: Mozilla asks for security privileges where it shouldnt → Mozilla asks for security privileges where it shouldnt
Summary: Mozilla asks for security privileges where it shouldnt → Mozilla asks for security privileges where it shouldn't
fwiw Bug 202253 removed some extra privs from mozilla.org ... but that doesn't
seem related. I don't have a current mozilla with me as I'm traveling.
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → INVALID
erm, i didn't mean to do that
Status: RESOLVED → REOPENED
Resolution: INVALID → ---
Caillon, do you have time to look into this?

Marking blocking1.6b until we know more.

/be
Flags: blocking1.6b? → blocking1.6b+
I finally tracked down this bug *g* (what a work!) to the checkin frame between
2003-10-21-05 and 2003-10-22-05. Someone can go thorugh these checkins and see
what could be responsible for this?
note that one of those checkins is:
"Re-land patch for bug 83536, merging principal objects.
Also includes fixes from bug 216041.
r=bzbarsky
sr=jst"
(from caillon)
nsCodebasePrincipal.cpp was removed entirely by caillon in his checkin for bug
83536. I don't understand the code enough to make sense of why ;)  IMO this is a
serious problem... the warning dialog is not nearly scary enough.
Taking bug.
Assignee: security-bugs → caillon
Status: REOPENED → NEW
Posted patch FixSplinter Review
Hm, how did this silly mistake get by me and reviewers?  These checks somehow
fell out of my principal merge patch.  They go back in.
Attachment #136709 - Flags: superreview?(bz-vacation)
Attachment #136709 - Flags: review?(jst)
Comment on attachment 136709 [details] [diff] [review]
Fix

How about "allow" instead of "truth"?  sr=bzbarsky with that.
Attachment #136709 - Flags: superreview?(bz-vacation) → superreview+
Comment on attachment 136709 [details] [diff] [review]
Fix

What bz said. r=jst
Attachment #136709 - Flags: review?(jst) → review+
Attachment #136709 - Flags: approval1.6b? → approval1.6b+
Fix checked in.
Status: NEW → RESOLVED
Closed: 16 years ago16 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.