Closed
Bug 390983
(CVE-2007-5335)
Opened 18 years ago
Closed 17 years ago
addMicrosummaryGenerator sidebar method can install from file URIs in content
Categories
(Firefox Graveyard :: Microsummaries, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: rflint, Assigned: rflint)
References
()
Details
(Keywords: verified1.8.1.8, Whiteboard: [sg:low], [need testcase])
Attachments
(1 file, 1 obsolete file)
|
1.03 KB,
patch
|
myk
:
review+
dveditz
:
approval1.8.1.8+
|
Details | Diff | Splinter Review |
From what I can tell, this only opens up another way to get at bug 267645 (making the XHR throw an OOM from loading large files), which can be done through easier paths than this. Filing in sg just because it's late and I may have missed something other than that - if not we should at least close this up to maintain consistency with content policies/other sidebar methods.
I'll fix this on trunk as part of bug 370242.
Attachment #275304 -
Flags: review?(myk)
|
||
Comment 1•18 years ago
|
||
Comment on attachment 275304 [details] [diff] [review]
1.8 patch
>+ if (!/^https?:\/\//i.test(generatorURL))
>+ return;
Good catch! The only issue here is that addPanel and addSearchEngine both allow FTP and don't check for the double slash after the colon, i.e.:
if (!/^(https?:|ftp:)/i.test(url)) {
Seems like we should do the same here.
Attachment #275304 -
Flags: review?(myk) → review-
|
|
||
Comment 2•18 years ago
|
||
Comment on attachment 275304 [details] [diff] [review]
1.8 patch
Hrm, ryan points out that the microsummary service doesn't support FTP yet, so this is actually good as is. r=myk
Attachment #275304 -
Flags: review- → review+
|
Assignee | |
Comment 3•18 years ago
|
||
Pulls out the double slash to match up with the majority of similar checks in the file.
Attachment #275304 -
Attachment is obsolete: true
Attachment #275715 -
Flags: approval1.8.1.7?
|
|
||
Comment 4•18 years ago
|
||
Comment on attachment 275715 [details] [diff] [review]
1.8 patch v2
Looks good, r=myk
Attachment #275715 -
Flags: review+
|
||
Updated•17 years ago
|
Severity: trivial → minor
Flags: wanted1.8.1.x+
Whiteboard: [sg:low]
|
|
||
Comment 5•17 years ago
|
||
Comment on attachment 275715 [details] [diff] [review]
1.8 patch v2
approved for 1.8.1.7, a=dveditz for release-drivers
Attachment #275715 -
Flags: approval1.8.1.7? → approval1.8.1.7+
|
|
Assignee | |
Comment 6•17 years ago
|
||
mozilla/browser/components/sidebar/src/nsSidebar.js 1.10.8.13
|
||
Comment 7•17 years ago
|
||
Ryan, can you help us verify this fix in FF 2008rc2?
Whiteboard: [sg:low] → [sg:low], [need testcase]
|
|
Assignee | |
Comment 8•17 years ago
|
||
(In reply to comment #7)
> Ryan, can you help us verify this fix in FF 2008rc2?
>
Testcase is in the URL field - builds < 2.0.0.8 on windows should open up a dialog to add a microsummary generator and 2.0.0.8 builds should do nothing. I can verify that that is indeed the case in the latest 2.0.0.8 nightly.
|
||
Updated•17 years ago
|
Alias: CVE-2007-5335
|
|
||
Comment 9•17 years ago
|
||
verified in 2.0.0.8rc2
Group: security
Keywords: fixed1.8.1.8 → verified1.8.1.8
|
||
Updated•9 years ago
|
Product: Firefox → Firefox Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•