Last Comment Bug 536480 - Innerize windows when passing to C++ from JS
: Innerize windows when passing to C++ from JS
[sg:nse mitigation?]
Product: Core
Classification: Components
Component: XPConnect (show other bugs)
: Trunk
: x86 Linux
-- normal (vote)
: ---
Assigned To: Nobody; OK to take it and work on it
: Andrew Overholt [:overholt]
: 535688 (view as bug list)
Depends on:
  Show dependency treegraph
Reported: 2009-12-22 16:18 PST by Blake Kaplan (:mrbkap)
Modified: 2012-03-06 01:05 PST (History)
7 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---

wip (6.98 KB, patch)
2009-12-22 16:29 PST, Blake Kaplan (:mrbkap)
no flags Details | Diff | Splinter Review

Description User image Blake Kaplan (:mrbkap) 2009-12-22 16:18:48 PST
In order to mitigate bug 531364 type attacks, we should innerize windows when passing them to C++. If it turns out that the operation should happen on the outer window, then there will be a FORWARD_TO_OUTER in the relevant function.

Filing as security sensitive for now, but we might be able to open this up.
Comment 1 User image Blake Kaplan (:mrbkap) 2009-12-22 16:29:52 PST
Created attachment 418935 [details] [diff] [review]

This is peterv's wip from bug 531364 merged to trunk.
Comment 2 User image Blake Kaplan (:mrbkap) 2010-01-04 22:45:59 PST
*** Bug 535688 has been marked as a duplicate of this bug. ***
Comment 3 User image Josh Aas 2012-03-05 22:04:17 PST
Is there still something that needs to be done here? Perhaps this would benefit from being made public?
Comment 4 User image Blake Kaplan (:mrbkap) 2012-03-06 01:05:05 PST
Actually, this was fixed as part of brain transplants.

Note You need to log in before you can comment on or make changes to this bug.