The default bug view has changed. See this FAQ.

Accessing innerWidth of a tabbrowser contentWindow throws NS_ERROR_XPC_SECURITY_MANAGER_VETO

RESOLVED FIXED

Status

()

Core
XPConnect
RESOLVED FIXED
10 years ago
9 years ago

People

(Reporter: mcsmurf, Assigned: mrbkap)

Tracking

({regression, verified1.8.1.15})

Trunk
x86
Windows XP
regression, verified1.8.1.15
Points:
---
Bug Flags:
blocking1.8.1.15 +
wanted1.8.1.x +
in-testsuite ?

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Reporter)

Description

10 years ago
Accessing innerWidth of a tabbrowser contentWindow throws NS_ERROR_XPC_SECURITY_MANAGER_VETO

To reproduce:
0. Fetch a Firefox(!) trunk build
1. Switch signed.applets.codebase_principal_support to true so that a webpage from content can request privs
2. Open any website in the first tab and https://bugzilla.mozilla.org/attachment.cgi?id=238226 in any other tab, make sure you trust the code from that testcase (it's a drawWindow canvas testcase)
3. Click on Draw to get a preview of the page in tab 1 in the canvas below
4. Observe that you get no preview but instead a error in the Error Console:

Error: uncaught exception: [Exception... "Security Manager vetoed action"  nsresult: "0x80570027 (NS_ERROR_XPC_SECURITY_MANAGER_VETO)"  location: "JS frame :: https://bugzilla.mozilla.org/attachment.cgi?id=238226# :: doFrob :: line 26"  data: no]

Line 26 is a empty line, but by adding some line breaks I found out that it actually seems to mean line 27.

This regressed between 2007-07-05-04 and 2007-07-06-04. Bonsai link: http://bonsai.mozilla.org/cvsquery.cgi?treeid=default&module=all&branch=HEAD&branchtype=match&dir=&file=&filetype=match&who=&whotype=match&sortby=Date&hours=2&date=explicit&mindate=2007-07-05+03%3A00&maxdate=2007-07-06+04%3A00&cvsroot=%2Fcvsroot

This points to Bug 384750, but I'm not sure because that's a security bug. It looks like DOMi had a similar problem, see Bug 387053, but that patch was backed out again as Bug 387084 was fixed. So is this now a real bug or a bug in the testcase?
(Reporter)

Comment 1

10 years ago
Blake: Can you comment on this bug if it is a valid bug? I'm not sure if it is...
(Assignee)

Comment 2

10 years ago
Created attachment 275200 [details] [diff] [review]
Fix

Given other bugs, I'm rapidly losing faith in EnsureLegalActivity, but this patch will make it deal for now.
Assignee: nobody → mrbkap
Status: NEW → ASSIGNED
Attachment #275200 - Flags: superreview?(bzbarsky)
Attachment #275200 - Flags: review?(bzbarsky)
Comment on attachment 275200 [details] [diff] [review]
Fix

OK, I buy this.
Attachment #275200 - Attachment is private: true
Attachment #275200 - Flags: superreview?(bzbarsky)
Attachment #275200 - Flags: superreview+
Attachment #275200 - Flags: review?(bzbarsky)
Attachment #275200 - Flags: review+
(Assignee)

Updated

10 years ago
Attachment #275200 - Attachment is private: false
Attachment #275200 - Flags: approval1.9?

Updated

10 years ago
Attachment #275200 - Flags: approval1.9? → approval1.9+
(Assignee)

Comment 4

10 years ago
Fix checked into trunk.
Status: ASSIGNED → RESOLVED
Last Resolved: 10 years ago
Resolution: --- → FIXED
Don't we need this on branch too?  This breaks code using <xul:iframe> (e.g. in signed script).  See the thread at http://groups.google.com/group/mozilla.dev.security/browse_frm/thread/200083a2d0cb1562#
Blocks: 384750
Flags: blocking1.8.1.15?
Keywords: regression
And this could really use an automated testcase.  Should be simple to mochitest, no?
Flags: in-testsuite?
Flags: wanted1.8.1.x+
Flags: blocking1.8.1.15?
Flags: blocking1.8.1.15+
Duplicate of this bug: 425232
Whiteboard: [needs branch patch]
Comment on attachment 275200 [details] [diff] [review]
Fix

This patch applies to the branch as well, and fixes the bug there too.
Attachment #275200 - Flags: approval1.8.0.15?
Attachment #275200 - Flags: approval1.8.0.15? → approval1.8.1.15?
Comment on attachment 275200 [details] [diff] [review]
Fix

Approved for 1.8.1.15, a=dveditz for release-drivers
Attachment #275200 - Flags: approval1.8.1.15? → approval1.8.1.15+
Fix landed on the branch.
Keywords: fixed1.8.1.15
The mac tinderbox started burning after this bug and bug 418996 and bug 424426 landed on the branch (bm-xserve05). It's failing the Tp2 test:

Running LayoutPerformanceLocalTest test ...
Timeout = 180 seconds.
Begin: Thu Jun  5 18:08:31 2008
cmd = /builds/tinderbox/Fx-Mozilla1.8-Nightly/Darwin_8.7.0_Depend/mozilla/../build/unifox/dist/BonEcho.app/Contents/MacOS/firefox-bin http://localhost/pageload/cycler.html
Process killed. Took 2 seconds to die.
End:   Thu Jun  5 18:11:32 2008
----------- Output from LayoutPerformanceLocalTest ------------- 
----------- End Output from LayoutPerformanceLocalTest --------- 
LayoutPerformanceLocalTest: firefox-bin successfully stayed up for 180 seconds.
TinderboxPrint:Tp2:[CRASH]
LayoutPerformanceLocalTest: test failed

cycler.html is here in mxr:
http://mxr.mozilla.org/seamonkey/source/tools/performance/pageload/cycler.html?raw=1

Several seamonkey boxes are also having issues:
http://tinderbox.mozilla.org/showbuilds.cgi?tree=Mozilla1.8-SeaMonkey&maxdate=1212719731&hours=12

Are these tests broken by the set of changes or has this caught a regression ?
Backed out of branch to see if the orange clears. I'll be watching it over the weekend and will try to reland before Monday.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Keywords: fixed1.8.1.15
Whiteboard: [needs branch patch]
Relanded, all green.
Status: REOPENED → RESOLVED
Last Resolved: 10 years ago9 years ago
Keywords: fixed1.8.1.15
Resolution: --- → FIXED

Comment 14

9 years ago
When can we expect to see this fix in a release version?
Daniel, it's in Firefox 2.0.0.15, which is aimed at the end of June, and has been in Firefox 3.0 since the betas.

Comment 16

9 years ago
(In reply to comment #15)
> Daniel, it's in Firefox 2.0.0.15, which is aimed at the end of June, and has
> been in Firefox 3.0 since the betas.
> 

Thanks.  Looks like it might be a plugin issue on my end instead then.  My bad.

Comment 17

9 years ago
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.15pre) Gecko/20080610 BonEcho/2.0.0.15pre

Verified for 1.8.1.15 branch. No error message in console.
Keywords: fixed1.8.1.15 → verified1.8.1.15
You need to log in before you can comment on or make changes to this bug.