Closed Bug 394418 Opened 17 years ago Closed 17 years ago

[FIX]Notify on text changes before firing mutation events

Categories

(Core :: DOM: Core & HTML, defect, P1)

Product:
Core
Component:
DOM: Core & HTML
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla1.9alpha8

People

(Reporter: bzbarsky, Assigned: bzbarsky)

Details

(Keywords: fixed1.8.0.14, fixed1.8.1.8, Whiteboard: [sg:moderate?] possibly exploitable, [need testcase])

Attachments

(2 files)

Fix
1.46 KB, patch
sicking
: review+
sicking
: superreview+
dveditz
: approval1.8.1.8+
dveditz
: approval1.8.0.14+
jst
: approval1.9+
Details | Diff | Splinter Review
Branch patch
8.44 KB, patch
Details | Diff | Splinter Review
Attached patch FixSplinter Review 
Like bug 387460 but for text.
Attachment #279064 - Flags: superreview?(jonas)
Attachment #279064 - Flags: review?(jonas)
Priority: -- → P1
Summary: Notify on text changes before firing mutation events → [FIX]Notify on text changes before firing mutation events
Target Milestone: --- → mozilla1.9 M8
Attachment #279064 - Flags: superreview?(jonas)
Attachment #279064 - Flags: superreview+
Attachment #279064 - Flags: review?(jonas)
Attachment #279064 - Flags: review+
Comment on attachment 279064 [details] [diff] [review]
Fix

Requesting approvals.  This is a quite safe fix that makes sure we don't send incorrect notifications.
Attachment #279064 - Flags: approval1.9?
Attachment #279064 - Flags: approval1.8.1.7?
Attachment #279064 - Flags: approval1.8.0.14?
Attachment #279064 - Flags: approval1.9? → approval1.9+
Whiteboard: [sg:moderate?] possibly exploitable
Comment on attachment 279064 [details] [diff] [review]
Fix

approved for 1.8.1.7 and 1.8.0.14, a=dveditz for release-drivers
Attachment #279064 - Flags: approval1.8.1.7?
Attachment #279064 - Flags: approval1.8.1.7+
Attachment #279064 - Flags: approval1.8.0.14?
Attachment #279064 - Flags: approval1.8.0.14+
Fix landed on trunk (per request from Damon). Marking bug FIXED.
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED
Attached patch Branch patchSplinter Review 

    
    

    
  
Fixed on branches.
Flags: in-testsuite?
Keywords: fixed1.8.0.14, 
          
            fixed1.8.1.8

    
    

    
  
I tried to come up with a testcase that crashes when using DOMCharacterDataModified on the branch, but I didn't succeed, so I can't verify this.
Whiteboard: [sg:moderate?] possibly exploitable → [sg:moderate?] possibly exploitable, [need testcase]

    
  
Alias: CVE-2007-5336
Alias: CVE-2007-5336
Group: security

    
    

    
  
Any further luck on a test case?
Component: DOM → DOM: Core & HTML

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: