[FIX]Notify on text changes before firing mutation events

RESOLVED FIXED in mozilla1.9alpha8

Status

()

Core
DOM
P1
normal
RESOLVED FIXED
10 years ago
10 years ago

People

(Reporter: bz, Assigned: bz)

Tracking

({fixed1.8.0.14, fixed1.8.1.8})

Trunk
mozilla1.9alpha8
fixed1.8.0.14, fixed1.8.1.8
Points:
---
Bug Flags:
in-testsuite ?

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [sg:moderate?] possibly exploitable, [need testcase])

Attachments

(2 attachments)

Created attachment 279064 [details] [diff] [review]
Fix

Like bug 387460 but for text.
Attachment #279064 - Flags: superreview?(jonas)
Attachment #279064 - Flags: review?(jonas)
(Assignee)

Updated

10 years ago
Priority: -- → P1
Summary: Notify on text changes before firing mutation events → [FIX]Notify on text changes before firing mutation events
Target Milestone: --- → mozilla1.9 M8
Attachment #279064 - Flags: superreview?(jonas)
Attachment #279064 - Flags: superreview+
Attachment #279064 - Flags: review?(jonas)
Attachment #279064 - Flags: review+
Comment on attachment 279064 [details] [diff] [review]
Fix

Requesting approvals.  This is a quite safe fix that makes sure we don't send incorrect notifications.
Attachment #279064 - Flags: approval1.9?
Attachment #279064 - Flags: approval1.8.1.7?
Attachment #279064 - Flags: approval1.8.0.14?

Updated

10 years ago
Attachment #279064 - Flags: approval1.9? → approval1.9+
Whiteboard: [sg:moderate?] possibly exploitable
Comment on attachment 279064 [details] [diff] [review]
Fix

approved for 1.8.1.7 and 1.8.0.14, a=dveditz for release-drivers
Attachment #279064 - Flags: approval1.8.1.7?
Attachment #279064 - Flags: approval1.8.1.7+
Attachment #279064 - Flags: approval1.8.0.14?
Attachment #279064 - Flags: approval1.8.0.14+
Fix landed on trunk (per request from Damon). Marking bug FIXED.
Status: NEW → RESOLVED
Last Resolved: 10 years ago
Resolution: --- → FIXED
Created attachment 280943 [details] [diff] [review]
Branch patch
Fixed on branches.
Flags: in-testsuite?
Keywords: fixed1.8.0.14, fixed1.8.1.8
I tried to come up with a testcase that crashes when using DOMCharacterDataModified on the branch, but I didn't succeed, so I can't verify this.

Updated

10 years ago
Whiteboard: [sg:moderate?] possibly exploitable → [sg:moderate?] possibly exploitable, [need testcase]

Updated

10 years ago
Alias: CVE-2007-5336
Alias: CVE-2007-5336
Group: security
Any further luck on a test case?
You need to log in before you can comment on or make changes to this bug.