Closed
Bug 444077
Opened 15 years ago
Closed 15 years ago
XPCNativeWrapper pollution using chrome JS
Categories
(Core :: XPConnect, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: moz_bug_r_a4, Assigned: mrbkap)
Details
(Keywords: fixed1.9.1, verified1.8.1.17, verified1.9.0.2, Whiteboard: [sg:critical] fixed by 441087)
It's possible to modify an implicit XPCNativeWrapper within a function loaded from chrome: url without using eval-like methods nor __defineGetter__. (See also the second paragraph of bug 387390 comment #21.)
Updated•15 years ago
|
Component: Security → XPConnect
QA Contact: toolkit → xpconnect
Comment 2•15 years ago
|
||
Blake: welcome back! ;-)
Assignee: nobody → mrbkap
Flags: wanted1.8.1.x+
Flags: blocking1.9.1?
Flags: blocking1.9.0.2?
Flags: blocking1.8.1.17+
Whiteboard: [sg:critical]
Updated•15 years ago
|
Flags: blocking1.9.0.2? → blocking1.9.0.2+
Assignee | ||
Comment 3•15 years ago
|
||
The patch in bug 441087 fixes this.
Updated•15 years ago
|
Whiteboard: [sg:critical] → [sg:critical] fixed by 441087
Comment 4•15 years ago
|
||
Fixed by bug 441087.
Reporter | ||
Comment 6•15 years ago
|
||
This bug is not fixed on fx-2.0.0.17pre-2008-08-26-03. See also bug 441087 comment #29.
Updated•15 years ago
|
Keywords: fixed1.8.1.17
Comment 8•15 years ago
|
||
I can reproduce at will using the testcase in comment 1 using Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.16) Gecko/20080702 Firefox/2.0.0.16, but not using 2.0.0.17 (Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.17) Gecko/20080829 Firefox/2.0.0.17). Verified FIXED; replacing fixed1.8.1.17 with verified1.8.1.17.
Keywords: fixed1.8.1.17 → verified1.8.1.17
Comment 9•15 years ago
|
||
Verified for 1.9.0.2 with Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.0.2) Gecko/2008090212 Firefox/3.0.2.
Keywords: fixed1.9.0.2 → verified1.9.0.2
Updated•15 years ago
|
Group: core-security
Updated•14 years ago
|
Flags: blocking1.8.0.next+
Comment 10•14 years ago
|
||
Landed before branching
Flags: blocking1.9.1? → blocking1.9.1+
Keywords: fixed1.9.1
You need to log in
before you can comment on or make changes to this bug.
Description
•