Open Bug 419598 Opened 17 years ago Updated 2 years ago

'var Date' and shadows of other builtins not marked with DontDelete

Categories

(Firefox :: General, defect)

Product:
Firefox
Component:
General
Platform:
x86
Windows XP
Type:
defect

Tracking

()

People

(Reporter: mikeperry.unused, Unassigned)

References

(
URL
)

Details

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.12) Gecko/20080201 Firefox/2.0.0.12 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.12) Gecko/20080201 Firefox/2.0.0.12 According to ECMA-262 pg 62, vars should be marked with the DontDelete attribute, preventing them from being deleted. However, for some reason 'var Date' and other variables that shadow builtin classes or fields can still be deleted. This prevents Torbutton from hooking the Date object in such a way that it can't be recovered to reveal the original timezone. http://fscked.org/transient/firefox/ecma-262-violation.html Reproducible: Always
I've updated the cases at that URL to include XPCNativeWrapper, which actually *is* properly marked with DontDelete when shadowed with var, and window.screen and window.history, which cannot be shadowed with var variables.
Interestingly, the behavior of XPCNativeWrapper changes in FF 3.0. In FF 3.0, a var XPCNativeWrapper doesn't even seem to shadow the builtin. However, a global scope variable does, but is of course deletable.
Status: UNCONFIRMED → NEW
Ever confirmed: true
The Tor Project / Electronic Frontier Foundation is paying to have this bug fixed. "If you know C++ and/or Firefox internals, we should be able to pay you for your time to address these issues and shepherd the relevant patches through Mozilla's review process." Source: https://blog.torproject.org/blog/web-developers-and-firefox-hackers-help-us-firefox-4
Severity: normal → S3

The severity field for this bug is relatively low, S3. However, the bug has 11 votes.
:mossop, could you consider increasing the bug severity?

For more information, please visit auto_nag documentation.

Flags: needinfo?(dtownsend)

The last needinfo from me was triggered in error by recent activity on the bug. I'm clearing the needinfo since this is a very old bug and I don't know if it's still relevant.

Flags: needinfo?(dtownsend)
You need to log in before you can comment on or make changes to this bug.