Closed Bug 479288 Opened 11 years ago Closed 11 years ago

Lack of XOW

Categories

(Core :: XPConnect, defect, P2)

x86
Windows XP
defect

Tracking

()

RESOLVED FIXED
mozilla1.9.1

People

(Reporter: moz_bug_r_a4, Assigned: mrbkap)

References

Details

(Keywords: fixed1.9.0.12, fixed1.9.1, regression, Whiteboard: [sg:high] regression from security fix 460882)

Attachments

(1 file, 1 obsolete file)

This seems to be a regression from bug 460882.

When accessing a window by using __parent__ property or valueOf.call(), the
window is not wrapped in XOW.

Sorry if this is a duplicate of bug 478910 or bug 479211.
Assignee: nobody → bent.mozilla
This is mine, really. I'm sure bent won't mind me stealing it.
Assignee: bent.mozilla → mrbkap
Blocks: 460882
Flags: wanted1.9.0.x+
Flags: blocking1.9.1?
Flags: blocking1.9.0.8+
Keywords: regression
sg:high at least, sg:critical if there's a way into a privileged about: page or similar.
Whiteboard: [sg:high]
Attached patch Proposed fix (obsolete) — Splinter Review
This should fix it. It still needs a run against Dromaeo to ensure I'm not actually slowing anything down.
Attachment #363204 - Flags: review?(bent.mozilla)
Bent convinced me that the thisObject hook was the way to go and that we should call OBJ_TO_OUTER_OBJECT from the thisObject hook in XPConnect.
Attachment #363204 - Attachment is obsolete: true
Attachment #363217 - Flags: review?(bent.mozilla)
Attachment #363204 - Flags: review?(bent.mozilla)
Comment on attachment 363217 [details] [diff] [review]
Updated to bent's comments

Looks great! No significant differences on dromaeo.
Attachment #363217 - Flags: review?(bent.mozilla) → review+
Attachment #363217 - Flags: superreview?(jst)
Taking off the 1.9.0.8 blocking list until we've got a handle on all the remaining regressions of bug 460882.
Flags: blocking1.9.0.8+
Attachment #363217 - Flags: superreview?(jst) → superreview+
Flags: blocking1.9.1? → blocking1.9.1+
Priority: -- → P2
Target Milestone: --- → mozilla1.9.1
Whiteboard: [sg:high] → [sg:high] needs landing
http://hg.mozilla.org/mozilla-central/rev/839f915de914
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Whiteboard: [sg:high] needs landing → [sg:high]
Duplicate of this bug: 479924
Whiteboard: [sg:high] → [sg:high] regression from security fix 460882
Flags: blocking1.9.0.12?
Flags: blocking1.9.0.12? → blocking1.9.0.12+
Does this bug actually apply to 1.9.0? I don't see a checkin for CVS above for 1.9.0 and testing with the testcase with 1.9.0.11, the bug doesn't reproduce.
Al, this is the same as bug 481434 in that it won't affect 1.9.0.11, but the patch was needed when we landed bug 460882 on the 1.9.0 branch to avoid introducing this regression there.
Group: core-security
You need to log in before you can comment on or make changes to this bug.