Closed
Bug 227079
Opened 21 years ago
Closed 21 years ago
Mozilla asks for security privileges where it shouldn't
Categories
(Core :: Security: CAPS, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: mcsmurf, Assigned: caillon)
References
()
Details
(Keywords: regression)
Attachments
(1 file)
|
2.19 KB,
patch
|
jst
:
review+
bzbarsky
:
superreview+
dbaron
:
approval1.6b+
|
Details | Diff | Splinter Review |
First open URL with a current Mozilla trunk build, then mark some text and press "Cut". Mozilla asks for permissions because the script asks for it (UniversalXPConnect). Normally this shouldn't happen because this script isn't signed and signed.applets.codebase_principal_support is set to "false". Mozilla 1.5 behaved correctly, so regression
|
Reporter | |
Updated•21 years ago
|
Flags: blocking1.6b?
Summary: Mozilla asks for security privileges where it shouldnt → Mozilla asks for security privileges where it shouldnt
|
||
Updated•21 years ago
|
Summary: Mozilla asks for security privileges where it shouldnt → Mozilla asks for security privileges where it shouldn't
fwiw Bug 202253 removed some extra privs from mozilla.org ... but that doesn't seem related. I don't have a current mozilla with me as I'm traveling.
Status: NEW → RESOLVED
Closed: 21 years ago
Resolution: --- → INVALID
erm, i didn't mean to do that
Status: RESOLVED → REOPENED
Resolution: INVALID → ---
|
||
Comment 3•21 years ago
|
||
Caillon, do you have time to look into this? Marking blocking1.6b until we know more. /be
Flags: blocking1.6b? → blocking1.6b+
|
|
Reporter | |
Comment 4•21 years ago
|
||
I finally tracked down this bug *g* (what a work!) to the checkin frame between 2003-10-21-05 and 2003-10-22-05. Someone can go thorugh these checkins and see what could be responsible for this?
|
||
Comment 5•21 years ago
|
||
http://bonsai.mozilla.org/cvsquery.cgi?treeid=default&module=all&branch=HEAD&branchtype=match&dir=&file=&filetype=match&who=&whotype=match&sortby=Date&hours=2&date=explicit&mindate=10%2F21%2F2003+05%3A00&maxdate=10%2F22%2F2003+05%3A00&cvsroot=%2Fcvsroot is the bonsai link for the timeframe mcsmurf mentioned
|
|
||
Comment 6•21 years ago
|
||
note that one of those checkins is: "Re-land patch for bug 83536, merging principal objects. Also includes fixes from bug 216041. r=bzbarsky sr=jst" (from caillon)
|
||
Comment 7•21 years ago
|
||
nsCodebasePrincipal.cpp was removed entirely by caillon in his checkin for bug 83536. I don't understand the code enough to make sense of why ;) IMO this is a serious problem... the warning dialog is not nearly scary enough.
|
Assignee | |
Comment 8•21 years ago
|
||
Taking bug.
Assignee: security-bugs → caillon
Status: REOPENED → NEW
|
|
Assignee | |
Comment 9•21 years ago
|
||
Hm, how did this silly mistake get by me and reviewers? These checks somehow fell out of my principal merge patch. They go back in.
|
|
Assignee | |
Updated•21 years ago
|
Attachment #136709 -
Flags: superreview?(bz-vacation)
Attachment #136709 -
Flags: review?(jst)
|
||
Comment 10•21 years ago
|
||
Comment on attachment 136709 [details] [diff] [review] Fix How about "allow" instead of "truth"? sr=bzbarsky with that.
Attachment #136709 -
Flags: superreview?(bz-vacation) → superreview+
|
||
Comment 11•21 years ago
|
||
Comment on attachment 136709 [details] [diff] [review] Fix What bz said. r=jst
Attachment #136709 -
Flags: review?(jst) → review+
|
|
Assignee | |
Updated•21 years ago
|
Attachment #136709 -
Flags: approval1.6b?
Attachment #136709 -
Flags: approval1.6b? → approval1.6b+
|
|
Assignee | |
Comment 12•21 years ago
|
||
Fix checked in.
Status: NEW → RESOLVED
Closed: 21 years ago → 21 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•