Closed Bug 536480 Opened 15 years ago Closed 12 years ago

Innerize windows when passing to C++ from JS

Categories

(Core :: XPConnect, defect)

x86
Linux
defect
Not set
normal

Tracking

()

RESOLVED FIXED

People

(Reporter: mrbkap, Unassigned)

References

Details

(Whiteboard: [sg:nse mitigation?])

Attachments

(1 file)

In order to mitigate bug 531364 type attacks, we should innerize windows when passing them to C++. If it turns out that the operation should happen on the outer window, then there will be a FORWARD_TO_OUTER in the relevant function.

Filing as security sensitive for now, but we might be able to open this up.
Attached patch wipSplinter Review
This is peterv's wip from bug 531364 merged to trunk.
Whiteboard: [sg:nse mitigation?]
Summary: Innerize windows when passing from C++ → Innerize windows when passing to C++ from JS
Is there still something that needs to be done here? Perhaps this would benefit from being made public?
Actually, this was fixed as part of brain transplants.
Group: core-security
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: