Last Comment Bug 419598 - 'var Date' and shadows of other builtins not marked with DontDelete
: 'var Date' and shadows of other builtins not marked with DontDelete
Status: NEW
:
Product: Firefox
Classification: Client Software
Component: General (show other bugs)
: unspecified
: x86 Windows XP
: -- normal with 11 votes (vote)
: ---
Assigned To: Nobody; OK to take it and work on it
:
:
Mentors:
http://fscked.org/transient/firefox/e...
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2008-02-26 02:16 PST by Mike Perry
Modified: 2011-08-12 23:52 PDT (History)
4 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments

Description Mike Perry 2008-02-26 02:16:18 PST
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.12) Gecko/20080201 Firefox/2.0.0.12
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.12) Gecko/20080201 Firefox/2.0.0.12

According to ECMA-262 pg 62, vars should be marked with the DontDelete attribute, preventing them from being deleted. However, for some reason 'var Date' and other variables that shadow builtin classes or fields can still be deleted.

This prevents Torbutton from hooking the Date object in such a way that it can't be recovered to reveal the original timezone.

http://fscked.org/transient/firefox/ecma-262-violation.html

Reproducible: Always
Comment 1 Mike Perry 2008-02-27 00:58:14 PST
I've updated the cases at that URL to include XPCNativeWrapper, which actually *is* properly marked with DontDelete when shadowed with var, and window.screen and window.history, which cannot be shadowed with var variables.
Comment 2 Mike Perry 2008-03-02 20:07:42 PST
Interestingly, the behavior of XPCNativeWrapper changes in FF 3.0. In FF 3.0, a var XPCNativeWrapper doesn't even seem to shadow the builtin. However, a global scope variable does, but is of course deletable.
Comment 3 shawn.sumin 2011-03-31 15:48:38 PDT
The Tor Project / Electronic Frontier Foundation is paying to have this bug fixed.

"If you know C++ and/or Firefox internals, we should be able to pay you for your time to address these issues and shepherd the relevant patches through Mozilla's review process."

Source: https://blog.torproject.org/blog/web-developers-and-firefox-hackers-help-us-firefox-4

Note You need to log in before you can comment on or make changes to this bug.