Last Comment Bug 536480 - Innerize windows when passing to C++ from JS
: Innerize windows when passing to C++ from JS
[sg:nse mitigation?]
Product: Core
Classification: Components
Component: XPConnect (show other bugs)
: Trunk
: x86 Linux
: -- normal (vote)
: ---
Assigned To: Nobody; OK to take it and work on it
: 535688 (view as bug list)
Depends on:
  Show dependency treegraph
Reported: 2009-12-22 16:18 PST by Blake Kaplan (:mrbkap) (please use needinfo!)
Modified: 2012-03-06 01:05 PST (History)
7 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---

wip (6.98 KB, patch)
2009-12-22 16:29 PST, Blake Kaplan (:mrbkap) (please use needinfo!)
no flags Details | Diff | Review

Description Blake Kaplan (:mrbkap) (please use needinfo!) 2009-12-22 16:18:48 PST
In order to mitigate bug 531364 type attacks, we should innerize windows when passing them to C++. If it turns out that the operation should happen on the outer window, then there will be a FORWARD_TO_OUTER in the relevant function.

Filing as security sensitive for now, but we might be able to open this up.
Comment 1 Blake Kaplan (:mrbkap) (please use needinfo!) 2009-12-22 16:29:52 PST
Created attachment 418935 [details] [diff] [review]

This is peterv's wip from bug 531364 merged to trunk.
Comment 2 Blake Kaplan (:mrbkap) (please use needinfo!) 2010-01-04 22:45:59 PST
*** Bug 535688 has been marked as a duplicate of this bug. ***
Comment 3 Josh Aas 2012-03-05 22:04:17 PST
Is there still something that needs to be done here? Perhaps this would benefit from being made public?
Comment 4 Blake Kaplan (:mrbkap) (please use needinfo!) 2012-03-06 01:05:05 PST
Actually, this was fixed as part of brain transplants.

Note You need to log in before you can comment on or make changes to this bug.