Closed
Bug 466082
Opened 17 years ago
Closed 17 years ago
nsMsgCookiePolicy::CanAccess doesn't handle external resource documents correctly
Categories
(MailNews Core :: Security, defect)
MailNews Core
Security
Tracking
(Not tracked)
RESOLVED
FIXED
Thunderbird 3.0b1
People
(Reporter: bzbarsky, Assigned: bzbarsky)
References
Details
Attachments
(1 file, 1 obsolete file)
|
2.43 KB,
patch
|
dmosedale
:
review+
dmosedale
:
superreview+
|
Details | Diff | Splinter Review |
Or rather, it won't once the patch for bug 457153 lands (right now it does at the cost of other security issues in the core). Once that patch lands, this code will need to be updated to use nsILoadContext.
|
Assignee | |
Comment 1•17 years ago
|
||
I should note that the incorrectness is not allowing cookies for external resource documents loaded from chrome, so its not like it's a huge issue. ;)
|
||
Comment 2•17 years ago
|
||
Can we delay landing bug 457153 until after Thunderbird's Beta 1 is cut? (probably about a week).
It'd certainly be nice if we didn't have to try and fix this before beta as well...
|
|
Assignee | |
Comment 3•17 years ago
|
||
I'm not going to land bug 457153 until after Firefox b2 is cut at this point, so that might work. Note that I was going to post a patch for this bug once it becomes relevant.
I do want to land bug 457153 as soon as I can, so it can get as much testing as possible.
|
||
Updated•17 years ago
|
OS: Mac OS X → All
Hardware: PC → All
|
|
Assignee | |
Comment 4•17 years ago
|
||
Well, I was wrong. Bug 457153 did in fact make b2 (had to, due to extension compat issues). Patch for this bug coming up.
|
|
Assignee | |
Comment 5•17 years ago
|
||
Attachment #349784 -
Flags: superreview?(dmose)
Attachment #349784 -
Flags: review?(dmose)
|
|
Assignee | |
Comment 6•17 years ago
|
||
Attachment #349784 -
Attachment is obsolete: true
Attachment #349785 -
Flags: superreview?(dmose)
Attachment #349785 -
Flags: review?(dmose)
Attachment #349784 -
Flags: superreview?(dmose)
Attachment #349784 -
Flags: review?(dmose)
|
|
||
Comment 7•17 years ago
|
||
So I think this should probably be blocking b1 as it clearly indicates a regression in cookie handling until we fix this.
Flags: blocking-thunderbird3?
Flags: blocking-thunderbird3.0b1?
Whiteboard: [has patch][needs review dmose]
Target Milestone: --- → Thunderbird 3.0b1
|
|
||
Updated•17 years ago
|
Assignee: nobody → bzbarsky
|
||
Updated•17 years ago
|
Attachment #349785 -
Flags: superreview?(dmose)
Attachment #349785 -
Flags: superreview+
Attachment #349785 -
Flags: review?(dmose)
Attachment #349785 -
Flags: review+
|
|
||
Comment 8•17 years ago
|
||
Comment on attachment 349785 [details] [diff] [review]
With the include, too
Looks good; r+sr=dmose. Thanks for the patch, bz!
|
|
||
Updated•17 years ago
|
Whiteboard: [has patch][needs review dmose] → [has patch][needs checkin]
|
|
Assignee | |
Comment 9•17 years ago
|
||
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED
Whiteboard: [has patch][needs checkin]
|
|
||
Updated•17 years ago
|
Flags: blocking-thunderbird3?
Flags: blocking-thunderbird3.0b1?
You need to log in
before you can comment on or make changes to this bug.
Description
•