Open Bug 336911 Opened 15 years ago Updated 2 years ago

openDialog //chrome without check existence

Categories

(Core :: DOM: Core & HTML, defect, P5)

1.8 Branch
x86
Windows 2000
defect

Tracking

()

UNCONFIRMED

People

(Reporter: also, Unassigned)

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.0; de; rv:1.8.0.3) Gecko/20060426 Firefox/1.5.0.3
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; de; rv:1.8.0.3) Gecko/20060426 Firefox/1.5.0.3

If you open a modal_dialog in XPI like:

window.openDialog("chrome://inspector/content/xxx.xul","dlg","modal");

but the File xxx.xul does not exist, you have to kill mozilla with the Task Manager. Write an instruction like that into an overlay, for most of the people, which are not capable to remove an existing extension by hand, the browser is not usable anymore. I think this is a hazardous bug.

Reproducible: Always



Expected Results:  
Please check in window.openDialog() for the existence of the xul-file to load.

greeting
also
We should handle that case more gracefully for sure, but it's not a security vulnerability. If you've installed a malicious extension they could do far worse than just hang you.
Assignee: guifeatures → general
Group: security
Component: XP Apps: GUI Features → DOM
Product: Mozilla Application Suite → Core
QA Contact: ian
Version: unspecified → 1.8 Branch
Assignee: general → nobody
QA Contact: ian → general
https://bugzilla.mozilla.org/show_bug.cgi?id=1472046

Move all DOM bugs that haven’t been updated in more than 3 years and has no one currently assigned to P5.

If you have questions, please contact :mdaly.
Priority: -- → P5
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.