'var Date' and shadows of other builtins not marked with DontDelete

NEW
Unassigned

Status

()

Firefox
General
10 years ago
6 years ago

People

(Reporter: Mike Perry, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(URL)

(Reporter)

Description

10 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.12) Gecko/20080201 Firefox/2.0.0.12
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.12) Gecko/20080201 Firefox/2.0.0.12

According to ECMA-262 pg 62, vars should be marked with the DontDelete attribute, preventing them from being deleted. However, for some reason 'var Date' and other variables that shadow builtin classes or fields can still be deleted.

This prevents Torbutton from hooking the Date object in such a way that it can't be recovered to reveal the original timezone.

http://fscked.org/transient/firefox/ecma-262-violation.html

Reproducible: Always
(Reporter)

Comment 1

10 years ago
I've updated the cases at that URL to include XPCNativeWrapper, which actually *is* properly marked with DontDelete when shadowed with var, and window.screen and window.history, which cannot be shadowed with var variables.
(Reporter)

Comment 2

9 years ago
Interestingly, the behavior of XPCNativeWrapper changes in FF 3.0. In FF 3.0, a var XPCNativeWrapper doesn't even seem to shadow the builtin. However, a global scope variable does, but is of course deletable.
Status: UNCONFIRMED → NEW
Ever confirmed: true

Comment 3

6 years ago
The Tor Project / Electronic Frontier Foundation is paying to have this bug fixed.

"If you know C++ and/or Firefox internals, we should be able to pay you for your time to address these issues and shepherd the relevant patches through Mozilla's review process."

Source: https://blog.torproject.org/blog/web-developers-and-firefox-hackers-help-us-firefox-4
You need to log in before you can comment on or make changes to this bug.