Innerize windows when passing to C++ from JS

RESOLVED FIXED

Status

()

Core
XPConnect
RESOLVED FIXED
7 years ago
5 years ago

People

(Reporter: mrbkap, Unassigned)

Tracking

Trunk
x86
Linux
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [sg:nse mitigation?])

Attachments

(1 attachment)

(Reporter)

Description

7 years ago
In order to mitigate bug 531364 type attacks, we should innerize windows when passing them to C++. If it turns out that the operation should happen on the outer window, then there will be a FORWARD_TO_OUTER in the relevant function.

Filing as security sensitive for now, but we might be able to open this up.
(Reporter)

Comment 1

7 years ago
Created attachment 418935 [details] [diff] [review]
wip

This is peterv's wip from bug 531364 merged to trunk.
Whiteboard: [sg:nse mitigation?]
(Reporter)

Updated

7 years ago
Duplicate of this bug: 535688
(Reporter)

Updated

7 years ago
Summary: Innerize windows when passing from C++ → Innerize windows when passing to C++ from JS

Comment 3

5 years ago
Is there still something that needs to be done here? Perhaps this would benefit from being made public?
(Reporter)

Comment 4

5 years ago
Actually, this was fixed as part of brain transplants.
Group: core-security
Status: NEW → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.