In order to mitigate bug 531364 type attacks, we should innerize windows when passing them to C++. If it turns out that the operation should happen on the outer window, then there will be a FORWARD_TO_OUTER in the relevant function. Filing as security sensitive for now, but we might be able to open this up.
Created attachment 418935 [details] [diff] [review] wip This is peterv's wip from bug 531364 merged to trunk.
Summary: Innerize windows when passing from C++ → Innerize windows when passing to C++ from JS
Is there still something that needs to be done here? Perhaps this would benefit from being made public?
Actually, this was fixed as part of brain transplants.
Status: NEW → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.