Closed
Bug 48319
Opened 24 years ago
Closed 24 years ago
Reading signed JAR URLs w/o Cartman fails
Categories
(Core :: Security, defect, P3)
Tracking
()
VERIFIED
FIXED
Future
People
(Reporter: security-bugs, Assigned: security-bugs)
References
()
Details
(Whiteboard: [nsbeta3-])
Pages loaded form signed JAR URLs fail to load if PSM is not installed. THis should not be the case; obviously we can't verify the signature w/o PSM, but the page should load. A failure in initializing PSMComponent should not halt the page load.
Assignee | ||
Comment 1•24 years ago
|
||
This could create a problem when chrome gets JAR'd. If we ever sign it, it won't be readable if PSM is not installed. Easy to fix. Nominating nsbeta3.
Status: NEW → ASSIGNED
Keywords: nsbeta3
Comment 2•24 years ago
|
||
Won't PSM always be installed? That's a workaround. And, why would you want to load it if you can't verify it? Is the user given a notification?
Whiteboard: [nsbeta3-]
Assignee | ||
Comment 3•24 years ago
|
||
It's possible you might want to read a file from a jar and you don't care about the signature because you don't intend to run any scripts. In general, PSM should not be a requirement for things like this if the user doesn't care about cryptographic features. That said, NS6 will have PSM by default, so I'm marking this Future. If it turns out that this breaks jarred chrome, we may have to up the priority.
Target Milestone: --- → Future
Assignee | ||
Comment 4•24 years ago
|
||
My proposed fix for 24765 fixes this (making signature verification lazy).
Depends on: 24765
Assignee | ||
Comment 5•24 years ago
|
||
Integrating jarChannel with the file cache (bug 24765) has eliminated this problem. marking Fixed.
Status: ASSIGNED → RESOLVED
Closed: 24 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•