Closed Bug 387881 (CVE-2007-5338) Opened 14 years ago Closed 13 years ago
Arbitrary code execution by polluting implicit XPCNative
Wrapper (using Script object)
Does script_compile need the same fix as bug 369211? This is 1.8/1.8.0 branches only, since Script object has been removed on trunk.
OS: Windows XP → All
Hardware: PC → All
Yeah, this just mimics what we do for eval.
Attachment #275053 - Flags: review?(brendan)
Attachment #275053 - Flags: review?(brendan) → review+
Whiteboard: [sg:critical] → [sg:critical] pre 1.9
Attachment #275053 - Flags: approval126.96.36.199? → approval188.8.131.52?
Attachment #275053 - Flags: approval184.108.40.206? → approval220.127.116.11?
Comment on attachment 275053 [details] [diff] [review] Fix approved for 18.104.22.168 and 22.214.171.124, a=dveditz for release-drivers
Is this approved patch going to land?
Blake: what's the status of this patch? Can I land it for you?
Checked this in on the 1.8 branch for mrbkap.
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Verified using testcases in comment #4 and comment #5 on: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:126.96.36.199) Gecko/2007100816 Firefox/188.8.131.52 Components.Stack dialog no longer appears.
Whiteboard: [sg:critical] pre 1.9 → [sg:critical] pre 1.9, testcases embargoed during upgrade cycle
Comment on attachment 275053 [details] [diff] [review] Fix Minusing for Thunderbird-focused 184.108.40.206 release, moving request to future release
Attachment #275053 - Flags: approval220.127.116.11+ → approval18.104.22.168?
Comment on attachment 275053 [details] [diff] [review] Fix a=caillon for 22.214.171.124
Attachment #275053 - Flags: approval126.96.36.199? → approval188.8.131.52+
fix committed to 1.8.0 branch Checking in js/src/jsscript.c; /cvsroot/mozilla/js/src/jsscript.c,v <-- jsscript.c new revision: 184.108.40.206.2.8; previous revision: 220.127.116.11.2.7 done
You need to log in before you can comment on or make changes to this bug.