Open Bug 336911 Opened 15 years ago Updated 2 years ago
Dialog //chrome without check existence
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; de; rv:184.108.40.206) Gecko/20060426 Firefox/220.127.116.11 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; de; rv:18.104.22.168) Gecko/20060426 Firefox/22.214.171.124 If you open a modal_dialog in XPI like: window.openDialog("chrome://inspector/content/xxx.xul","dlg","modal"); but the File xxx.xul does not exist, you have to kill mozilla with the Task Manager. Write an instruction like that into an overlay, for most of the people, which are not capable to remove an existing extension by hand, the browser is not usable anymore. I think this is a hazardous bug. Reproducible: Always Expected Results: Please check in window.openDialog() for the existence of the xul-file to load. greeting also
We should handle that case more gracefully for sure, but it's not a security vulnerability. If you've installed a malicious extension they could do far worse than just hang you.
Assignee: guifeatures → general
Component: XP Apps: GUI Features → DOM
Product: Mozilla Application Suite → Core
QA Contact: ian
Version: unspecified → 1.8 Branch
https://bugzilla.mozilla.org/show_bug.cgi?id=1472046 Move all DOM bugs that haven’t been updated in more than 3 years and has no one currently assigned to P5. If you have questions, please contact :mdaly.
Priority: -- → P5
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.