Open
Bug 419598
Opened 16 years ago
Updated 2 years ago
'var Date' and shadows of other builtins not marked with DontDelete
Categories
(Firefox :: General, defect)
Tracking
()
NEW
People
(Reporter: mikeperry.unused, Unassigned)
References
()
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.12) Gecko/20080201 Firefox/2.0.0.12 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.12) Gecko/20080201 Firefox/2.0.0.12 According to ECMA-262 pg 62, vars should be marked with the DontDelete attribute, preventing them from being deleted. However, for some reason 'var Date' and other variables that shadow builtin classes or fields can still be deleted. This prevents Torbutton from hooking the Date object in such a way that it can't be recovered to reveal the original timezone. http://fscked.org/transient/firefox/ecma-262-violation.html Reproducible: Always
|
Reporter | |
Comment 1•16 years ago
|
||
I've updated the cases at that URL to include XPCNativeWrapper, which actually *is* properly marked with DontDelete when shadowed with var, and window.screen and window.history, which cannot be shadowed with var variables.
|
|
Reporter | |
Comment 2•16 years ago
|
||
Interestingly, the behavior of XPCNativeWrapper changes in FF 3.0. In FF 3.0, a var XPCNativeWrapper doesn't even seem to shadow the builtin. However, a global scope variable does, but is of course deletable.
Status: UNCONFIRMED → NEW
Ever confirmed: true
|
||
Comment 3•13 years ago
|
||
The Tor Project / Electronic Frontier Foundation is paying to have this bug fixed. "If you know C++ and/or Firefox internals, we should be able to pay you for your time to address these issues and shepherd the relevant patches through Mozilla's review process." Source: https://blog.torproject.org/blog/web-developers-and-firefox-hackers-help-us-firefox-4
|
||
Updated•2 years ago
|
Severity: normal → S3
|
||
Comment 4•2 years ago
|
||
The severity field for this bug is relatively low, S3. However, the bug has 11 votes.
:mossop, could you consider increasing the bug severity?
For more information, please visit auto_nag documentation.
Flags: needinfo?(dtownsend)
|
||
Comment 5•2 years ago
|
||
The last needinfo from me was triggered in error by recent activity on the bug. I'm clearing the needinfo since this is a very old bug and I don't know if it's still relevant.
Flags: needinfo?(dtownsend)
You need to log in
before you can comment on or make changes to this bug.
Description
•