In Jetpack, when chrome code passes a chrome object into an untrusted XPCSafeJSObjectWrapped object, the SJOW needs to automatically COW the object before passing it on to the wrapped untrusted object. If this doesn't happen, then we're in the situation where developers need to manually create COWs to pass to e.g. callbacks provided by untrusted code. Right now I think this is the main thing blocking us from using COWs in the Jetpack reboot.
Marking as blocking for 1.9.3, as we can't do real security in Jetpack without this. (We currently have "placeholders" in the form of the Jetpack binary component, but this can't be distributed with each bootstrapping Jetpack XPI.)
blocking2.0: --- → ?
Status: NEW → RESOLVED
Last Resolved: 8 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 542428
You need to log in before you can comment on or make changes to this bug.