Closed
Bug 411093
Opened 17 years ago
Closed 17 years ago
XPCNativeWrapper pollution using Function constructor
Categories
(Core :: XPConnect, defect, P1)
Core
XPConnect
Tracking
()
RESOLVED
FIXED
People
(Reporter: moz_bug_r_a4, Assigned: mrbkap)
Details
(Keywords: testcase, verified1.8.1.13, Whiteboard: [sg:critical])
Attachments
(1 file)
|
877 bytes,
patch
|
brendan
:
review+
dveditz
:
approval1.8.1.13+
asac
:
approval1.8.0.next?
|
Details | Diff | Splinter Review |
A function that Function constructor creates inherits its scripted caller's
script filename. Thus, it's possible to use Function constructor in the same
way as bug 369211 and bug 387881 to modify XPCNativeWrappers.
|
Reporter | |
Comment 1•17 years ago
|
||
|
||
Updated•17 years ago
|
Assignee: dveditz → nobody
Component: Security → XPConnect
Flags: blocking1.9?
Flags: blocking1.8.1.12?
OS: Windows XP → All
QA Contact: toolkit → xpconnect
Hardware: PC → All
Whiteboard: [sg:critical]
|
||
Updated•17 years ago
|
Flags: wanted1.8.1.x+
Flags: blocking1.8.1.12?
Flags: blocking1.8.1.12+
|
|
||
Updated•17 years ago
|
Assignee: nobody → mrbkap
Priority: -- → P1
|
Assignee | |
Comment 2•17 years ago
|
||
Just like obj_eval... I'd common the three places that we use this, but don't feel it's worth it.
Attachment #296849 -
Flags: review?(brendan)
|
||
Comment 3•17 years ago
|
||
Comment on attachment 296849 [details] [diff] [review]
Fix
Why not common in JS_EvalFramePrincipals, or wrap that with a js_EvalPrincipalsFileAndLine helper?
/be
Attachment #296849 -
Flags: review?(brendan) → review+
|
||
Updated•17 years ago
|
Keywords: checkin-needed
|
|
||
Updated•17 years ago
|
Flags: blocking1.9? → blocking1.9+
|
|
||
Comment 4•17 years ago
|
||
No tested trunk fix, not going to make 1.8.1.12 either. Would like similar bug 411092 dealt with at the same time.
Flags: blocking1.8.1.12+ → blocking1.8.1.13+
|
||
Comment 5•17 years ago
|
||
Fix checked in per discussion with mrbkap. Marking bug FIXED.
Blake, please open a new bug if you change your mind on the need to deal with comment 3.
|
|
||
Updated•17 years ago
|
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED
|
||
Updated•17 years ago
|
Flags: in-testsuite?
|
||
Updated•17 years ago
|
Keywords: checkin-needed
|
||
Comment 6•17 years ago
|
||
Blake, will this patch apply cleanly on branch as well? If so, can you please request approval on it? If not, please attach a branch patch.
|
|
Assignee | |
Comment 7•17 years ago
|
||
Comment on attachment 296849 [details] [diff] [review]
Fix
This applies with some fuzz.
Attachment #296849 -
Flags: approval1.8.1.13?
|
|
||
Comment 8•17 years ago
|
||
Comment on attachment 296849 [details] [diff] [review]
Fix
approved for 1.8.1.13, a=dveditz for release-drivers
Attachment #296849 -
Flags: approval1.8.1.13? → approval1.8.1.13+
|
||
Comment 10•17 years ago
|
||
Verified fix for 1.8 branch with Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.13) Gecko/2008031114 Firefox/2.0.0.13 and bug verified in 2.0.0.12.
Keywords: fixed1.8.1.13 → verified1.8.1.13
|
||
Comment 11•17 years ago
|
||
attachment 296849 [details] [diff] [review] applies with some fuzz on 1.8.0 branch.
Flags: blocking1.8.0.15+
|
|
||
Updated•17 years ago
|
Attachment #296849 -
Flags: approval1.8.0.15?
|
|
||
Updated•17 years ago
|
Group: security
You need to log in
before you can comment on or make changes to this bug.
Description
•