Closed Bug 394418 Opened 13 years ago Closed 13 years ago

[FIX]Notify on text changes before firing mutation events

Categories

(Core :: DOM: Core & HTML, defect, P1)

defect

Tracking

()

RESOLVED FIXED
mozilla1.9alpha8

People

(Reporter: bzbarsky, Assigned: bzbarsky)

Details

(Keywords: fixed1.8.0.14, fixed1.8.1.8, Whiteboard: [sg:moderate?] possibly exploitable, [need testcase])

Attachments

(2 files)

Attached patch FixSplinter Review
Like bug 387460 but for text.
Attachment #279064 - Flags: superreview?(jonas)
Attachment #279064 - Flags: review?(jonas)
Priority: -- → P1
Summary: Notify on text changes before firing mutation events → [FIX]Notify on text changes before firing mutation events
Target Milestone: --- → mozilla1.9 M8
Attachment #279064 - Flags: superreview?(jonas)
Attachment #279064 - Flags: superreview+
Attachment #279064 - Flags: review?(jonas)
Attachment #279064 - Flags: review+
Comment on attachment 279064 [details] [diff] [review]
Fix

Requesting approvals.  This is a quite safe fix that makes sure we don't send incorrect notifications.
Attachment #279064 - Flags: approval1.9?
Attachment #279064 - Flags: approval1.8.1.7?
Attachment #279064 - Flags: approval1.8.0.14?
Attachment #279064 - Flags: approval1.9? → approval1.9+
Whiteboard: [sg:moderate?] possibly exploitable
Comment on attachment 279064 [details] [diff] [review]
Fix

approved for 1.8.1.7 and 1.8.0.14, a=dveditz for release-drivers
Attachment #279064 - Flags: approval1.8.1.7?
Attachment #279064 - Flags: approval1.8.1.7+
Attachment #279064 - Flags: approval1.8.0.14?
Attachment #279064 - Flags: approval1.8.0.14+
Fix landed on trunk (per request from Damon). Marking bug FIXED.
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Attached patch Branch patchSplinter Review
Fixed on branches.
Flags: in-testsuite?
I tried to come up with a testcase that crashes when using DOMCharacterDataModified on the branch, but I didn't succeed, so I can't verify this.
Whiteboard: [sg:moderate?] possibly exploitable → [sg:moderate?] possibly exploitable, [need testcase]
Alias: CVE-2007-5336
Alias: CVE-2007-5336
Group: security
Any further luck on a test case?
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.