Closed Bug 390788 Opened 13 years ago Closed 13 years ago

Accessing innerWidth of a tabbrowser contentWindow throws NS_ERROR_XPC_SECURITY_MANAGER_VETO


(Core :: XPConnect, defect)

Windows XP
Not set





(Reporter: mcsmurf, Assigned: mrbkap)



(Keywords: regression, verified1.8.1.15)


(1 file)

Accessing innerWidth of a tabbrowser contentWindow throws NS_ERROR_XPC_SECURITY_MANAGER_VETO

To reproduce:
0. Fetch a Firefox(!) trunk build
1. Switch signed.applets.codebase_principal_support to true so that a webpage from content can request privs
2. Open any website in the first tab and in any other tab, make sure you trust the code from that testcase (it's a drawWindow canvas testcase)
3. Click on Draw to get a preview of the page in tab 1 in the canvas below
4. Observe that you get no preview but instead a error in the Error Console:

Error: uncaught exception: [Exception... "Security Manager vetoed action"  nsresult: "0x80570027 (NS_ERROR_XPC_SECURITY_MANAGER_VETO)"  location: "JS frame :: :: doFrob :: line 26"  data: no]

Line 26 is a empty line, but by adding some line breaks I found out that it actually seems to mean line 27.

This regressed between 2007-07-05-04 and 2007-07-06-04. Bonsai link:

This points to Bug 384750, but I'm not sure because that's a security bug. It looks like DOMi had a similar problem, see Bug 387053, but that patch was backed out again as Bug 387084 was fixed. So is this now a real bug or a bug in the testcase?
Blake: Can you comment on this bug if it is a valid bug? I'm not sure if it is...
Attached patch FixSplinter Review
Given other bugs, I'm rapidly losing faith in EnsureLegalActivity, but this patch will make it deal for now.
Assignee: nobody → mrbkap
Attachment #275200 - Flags: superreview?(bzbarsky)
Attachment #275200 - Flags: review?(bzbarsky)
Comment on attachment 275200 [details] [diff] [review]

OK, I buy this.
Attachment #275200 - Attachment is private: true
Attachment #275200 - Flags: superreview?(bzbarsky)
Attachment #275200 - Flags: superreview+
Attachment #275200 - Flags: review?(bzbarsky)
Attachment #275200 - Flags: review+
Attachment #275200 - Attachment is private: false
Attachment #275200 - Flags: approval1.9?
Attachment #275200 - Flags: approval1.9? → approval1.9+
Fix checked into trunk.
Closed: 13 years ago
Resolution: --- → FIXED
Don't we need this on branch too?  This breaks code using <xul:iframe> (e.g. in signed script).  See the thread at
Blocks: 384750
Flags: blocking1.8.1.15?
Keywords: regression
And this could really use an automated testcase.  Should be simple to mochitest, no?
Flags: in-testsuite?
Flags: wanted1.8.1.x+
Flags: blocking1.8.1.15?
Flags: blocking1.8.1.15+
Duplicate of this bug: 425232
Whiteboard: [needs branch patch]
Comment on attachment 275200 [details] [diff] [review]

This patch applies to the branch as well, and fixes the bug there too.
Attachment #275200 - Flags: approval1.8.0.15?
Attachment #275200 - Flags: approval1.8.0.15? → approval1.8.1.15?
Comment on attachment 275200 [details] [diff] [review]

Approved for, a=dveditz for release-drivers
Attachment #275200 - Flags: approval1.8.1.15? → approval1.8.1.15+
Fix landed on the branch.
Keywords: fixed1.8.1.15
The mac tinderbox started burning after this bug and bug 418996 and bug 424426 landed on the branch (bm-xserve05). It's failing the Tp2 test:

Running LayoutPerformanceLocalTest test ...
Timeout = 180 seconds.
Begin: Thu Jun  5 18:08:31 2008
cmd = /builds/tinderbox/Fx-Mozilla1.8-Nightly/Darwin_8.7.0_Depend/mozilla/../build/unifox/dist/ http://localhost/pageload/cycler.html
Process killed. Took 2 seconds to die.
End:   Thu Jun  5 18:11:32 2008
----------- Output from LayoutPerformanceLocalTest ------------- 
----------- End Output from LayoutPerformanceLocalTest --------- 
LayoutPerformanceLocalTest: firefox-bin successfully stayed up for 180 seconds.
LayoutPerformanceLocalTest: test failed

cycler.html is here in mxr:

Several seamonkey boxes are also having issues:

Are these tests broken by the set of changes or has this caught a regression ?
Backed out of branch to see if the orange clears. I'll be watching it over the weekend and will try to reland before Monday.
Resolution: FIXED → ---
Whiteboard: [needs branch patch]
Relanded, all green.
Closed: 13 years ago13 years ago
Keywords: fixed1.8.1.15
Resolution: --- → FIXED
When can we expect to see this fix in a release version?
Daniel, it's in Firefox, which is aimed at the end of June, and has been in Firefox 3.0 since the betas.
(In reply to comment #15)
> Daniel, it's in Firefox, which is aimed at the end of June, and has
> been in Firefox 3.0 since the betas.

Thanks.  Looks like it might be a plugin issue on my end instead then.  My bad.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv: Gecko/20080610 BonEcho/

Verified for branch. No error message in console.
You need to log in before you can comment on or make changes to this bug.