Closed Bug 313724 Opened 14 years ago Closed 14 years ago
Scripts can nullify explicit local roots by setting caller
Some explicit local roots are available to scripts through caller.arguments[n] (see bug 313370 comment 8). Furthermore, scripts can modify caller.arguments[n], nullifying such a local root. The resulting lack of a local root creates the potential for a security hole (see bug 311497 comment 10).
"Prevent setting args of natives (natives are what use local roots)" Checked into trunk and MOZILLA_1_8_BRANCH half an hour ago. This is the MOZILLA_1_8_BRANCH version of the patch.
Status: NEW → RESOLVED
Closed: 14 years ago
OS: Windows XP → All
Hardware: PC → All
Resolution: --- → FIXED
needs to go in the "security" suite, not the js test library.
Comment on attachment 211457 [details] [diff] [review] backported for the 1.7 branch r=me, didn't seem hard ;-). /be
Attachment #211457 - Flags: review?(brendan) → review+
Comment on attachment 211457 [details] [diff] [review] backported for the 1.7 branch a=timr for drivers
QA could use some help with the best way to verify this bug for 1.0.8. Thanks.
Jesse mentioned that we don't have a test case for this and he wasn't certain how to put one together, so doubtful QA can verify this bug. (In reply to comment #7) > QA could use some help with the best way to verify this bug for 1.0.8. Thanks. >
You need to log in before you can comment on or make changes to this bug.