Closed Bug 466082 Opened 13 years ago Closed 13 years ago

nsMsgCookiePolicy::CanAccess doesn't handle external resource documents correctly


(MailNews Core :: Security, defect)

Not set


(Not tracked)

Thunderbird 3.0b1


(Reporter: bzbarsky, Assigned: bzbarsky)




(1 file, 1 obsolete file)

Or rather, it won't once the patch for bug 457153 lands (right now it does at the cost of other security issues in the core).  Once that patch lands, this code will need to be updated to use nsILoadContext.
I should note that the incorrectness is not allowing cookies for external resource documents loaded from chrome, so its not like it's a huge issue.  ;)
Can we delay landing bug 457153 until after Thunderbird's Beta 1 is cut? (probably about a week).

It'd certainly be nice if we didn't have to try and fix this before beta as well...
I'm not going to land bug 457153 until after Firefox b2 is cut at this point, so that might work.  Note that I was going to post a patch for this bug once it becomes relevant.

I do want to land bug 457153 as soon as I can, so it can get as much testing as possible.
Depends on: 457153
OS: Mac OS X → All
Hardware: PC → All
Well, I was wrong.  Bug 457153 did in fact make b2 (had to, due to extension compat issues).  Patch for this bug coming up.
Attached patch Fix (obsolete) — Splinter Review
Attachment #349784 - Flags: superreview?(dmose)
Attachment #349784 - Flags: review?(dmose)
Attachment #349784 - Attachment is obsolete: true
Attachment #349785 - Flags: superreview?(dmose)
Attachment #349785 - Flags: review?(dmose)
Attachment #349784 - Flags: superreview?(dmose)
Attachment #349784 - Flags: review?(dmose)
So I think this should probably be blocking b1 as it clearly indicates a regression in cookie handling until we fix this.
Flags: blocking-thunderbird3?
Flags: blocking-thunderbird3.0b1?
Whiteboard: [has patch][needs review dmose]
Target Milestone: --- → Thunderbird 3.0b1
Assignee: nobody → bzbarsky
Attachment #349785 - Flags: superreview?(dmose)
Attachment #349785 - Flags: superreview+
Attachment #349785 - Flags: review?(dmose)
Attachment #349785 - Flags: review+
Comment on attachment 349785 [details] [diff] [review]
With the include, too

Looks good; r+sr=dmose.  Thanks for the patch, bz!
Whiteboard: [has patch][needs review dmose] → [has patch][needs checkin]
Closed: 13 years ago
Resolution: --- → FIXED
Whiteboard: [has patch][needs checkin]
Flags: blocking-thunderbird3?
Flags: blocking-thunderbird3.0b1?
You need to log in before you can comment on or make changes to this bug.