From bug 344751 comment 40
* When Firebug evaluates a command line code, content can access __scope__.api
and abuse it.
By the way, there is a regression: the command line stuff no longer works,
since it tries to access a privileged object via SJOW in a sandbox and fails.
(But, an exploit code can work even with this regression.)
Don't know what the right fix here is
Forgot to add, there's a demo in attachment 307992 [details]
The command line relies on evalInSandbox and doesn't work well anyway. I want to ditch it. But that requires solving 423796.
Fixed when 421593 is complete, need to test the exploit.
We want FB 1.x to work with FF3 - so marking this as blocking so we resolve one way or the other.
Taking this off the FF blocker list since the fix will be in FireBug.
This bug no longer occurs in 1.9: John J Barton: can the command-line changes you made for firebug1.2 be backported to 1.1, or not?
could be, but probably won't be. If firebug 1.2 moves to beta quickly we don't need 1.1; if it doesn't we won't have resources for 1.1. If it turns out that 1.2 will not work on FF2, we'll look at 1.1 for FF2.
In FF3 + Firebug 1.2b4, no alert appears.
Firebug 1.2 works fine in FF2. I don't anticipate further work on Firebug 1.1.
I apologize for assigning this bug to myself. I don't know what will happen if I change the assignment value. Would someone who understands the assignment issues please change it? Thanks.
As with bug 423796, I think you *should* be the owner, John. Is there a reason you think you should not?
John: Is the latest version of firebug still exploitable to this? It sounds like "no".
I verified that the test from comment 1 passes (no stack printed) again in Firebug 1.4a4+Firefox 3.0.4. "no"
What about Firebug 1.2.1 (which seems to be "the latest" the average user could get ahold of) in Firefox 2 (since Firefox 2 was the original target)?
Seems like this was resolved a long time ago, can we open this bug up and resolve it?
Asked Dave Camp about this on irc, he agrees about closing this out and opening it up.