Open Bug 336911 Opened 16 years ago Updated 3 years ago

openDialog //chrome without check existence


(Core :: DOM: Core & HTML, defect, P5)

1.8 Branch
Windows 2000





(Reporter: also, Unassigned)


User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.0; de; rv: Gecko/20060426 Firefox/
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; de; rv: Gecko/20060426 Firefox/

If you open a modal_dialog in XPI like:


but the File xxx.xul does not exist, you have to kill mozilla with the Task Manager. Write an instruction like that into an overlay, for most of the people, which are not capable to remove an existing extension by hand, the browser is not usable anymore. I think this is a hazardous bug.

Reproducible: Always

Expected Results:  
Please check in window.openDialog() for the existence of the xul-file to load.

We should handle that case more gracefully for sure, but it's not a security vulnerability. If you've installed a malicious extension they could do far worse than just hang you.
Assignee: guifeatures → general
Group: security
Component: XP Apps: GUI Features → DOM
Product: Mozilla Application Suite → Core
QA Contact: ian
Version: unspecified → 1.8 Branch
Assignee: general → nobody
QA Contact: ian → general

Move all DOM bugs that haven’t been updated in more than 3 years and has no one currently assigned to P5.

If you have questions, please contact :mdaly.
Priority: -- → P5
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.