Closed Bug 390983 (CVE-2007-5335) Opened 17 years ago Closed 17 years ago

addMicrosummaryGenerator sidebar method can install from file URIs in content

Categories

(Firefox Graveyard :: Microsummaries, defect)

Product:
Firefox Graveyard
Component:
Microsummaries
Version:
2.0 Branch
Type:
defect
Priority:
Not set
Severity:
minor

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: rflint, Assigned: rflint)

References

(
URL
)

Details

(Keywords: verified1.8.1.8, Whiteboard: [sg:low], [need testcase])

Attachments

(1 file, 1 obsolete file)

1.8 patch v2
1.03 KB, patch
myk
: review+
dveditz
: approval1.8.1.8+
Details | Diff | Splinter Review
Attached patch 1.8 patch (obsolete) — Splinter Review 
From what I can tell, this only opens up another way to get at bug 267645 (making the XHR throw an OOM from loading large files), which can be done through easier paths than this. Filing in sg just because it's late and I may have missed something other than that - if not we should at least close this up to maintain consistency with content policies/other sidebar methods.

I'll fix this on trunk as part of bug 370242.
Attachment #275304 - Flags: review?(myk)
Comment on attachment 275304 [details] [diff] [review]
1.8 patch

>+    if (!/^https?:\/\//i.test(generatorURL))
>+      return;

Good catch!  The only issue here is that addPanel and addSearchEngine both allow FTP and don't check for the double slash after the colon, i.e.:

    if (!/^(https?:|ftp:)/i.test(url)) {

Seems like we should do the same here.
Attachment #275304 - Flags: review?(myk) → review-
Comment on attachment 275304 [details] [diff] [review]
1.8 patch

Hrm, ryan points out that the microsummary service doesn't support FTP yet, so this is actually good as is. r=myk
Attachment #275304 - Flags: review- → review+
Attached patch 1.8 patch v2Splinter Review 
Pulls out the double slash to match up with the majority of similar checks in the file.
Attachment #275304 - Attachment is obsolete: true
Attachment #275715 - Flags: approval1.8.1.7?
Comment on attachment 275715 [details] [diff] [review]
1.8 patch v2

Looks good, r=myk
Attachment #275715 - Flags: review+
Severity: trivial → minor
Flags: wanted1.8.1.x+
Whiteboard: [sg:low]
Comment on attachment 275715 [details] [diff] [review]
1.8 patch v2

approved for 1.8.1.7, a=dveditz for release-drivers
Attachment #275715 - Flags: approval1.8.1.7? → approval1.8.1.7+
mozilla/browser/components/sidebar/src/nsSidebar.js 1.10.8.13
Status: ASSIGNED → RESOLVED
Closed: 17 years ago
Keywords: fixed1.8.1.7
Resolution: --- → FIXED
Ryan, can you help us verify this fix in FF 2008rc2?
Whiteboard: [sg:low] → [sg:low], [need testcase]
(In reply to comment #7)
> Ryan, can you help us verify this fix in FF 2008rc2? 
> 

Testcase is in the URL field - builds < 2.0.0.8 on windows should open up a dialog to add a microsummary generator and 2.0.0.8 builds should do nothing. I can verify that that is indeed the case in the latest 2.0.0.8 nightly.
Alias: CVE-2007-5335
verified in 2.0.0.8rc2
Group: security
Keywords: fixed1.8.1.8verified1.8.1.8
Product: Firefox → Firefox Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: