CacheStoragePermissions() broken for session/localStorage

RESOLVED FIXED

Status

()

Core
DOM
--
major
RESOLVED FIXED
9 years ago
5 years ago

People

(Reporter: mayhemer, Assigned: mayhemer)

Tracking

({fixed1.9.1})

1.9.1 Branch
fixed1.9.1
Points:
---
Bug Flags:
blocking1.9.1 -

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Assignee)

Description

9 years ago
CacheStoragePermissions calls CanAccess of the storage as a security check. I have just found out that nsDOMStorage2 (sessionStorage and localStorage implementation) calls an old nsDOMStorage::CanAccess that only checks domain and NOT the whole principal.

We have to change CacheStoragePermissions to call the correct method somehow, nsDOMStorage2 is wrapping nsDOMStorage.
Flags: blocking1.9.1?
How does this bug relate to bug 494810 and bug 494799, if at all?
Doesn't block, would take patch with tests.
Flags: wanted1.9.1.x?
Flags: blocking1.9.1?
Flags: blocking1.9.1-
This got fixed for 1.9.1 by the fix for bug 495112.
Keywords: fixed1.9.1

Updated

9 years ago
Blocks: 495337
Fixed on trunk by the fix for bug 495112. Bug 495337 filed as a followup.

http://hg.mozilla.org/mozilla-central/rev/363750f510ec
Status: ASSIGNED → RESOLVED
Last Resolved: 9 years ago
Resolution: --- → FIXED
Flags: wanted1.9.1.x?
Group: core-security
You need to log in before you can comment on or make changes to this bug.