Closed
Bug 539393
Opened 15 years ago
Closed 14 years ago
It's possible to access a XOW come from the wrong scope by using a shallow XPCNativeWrapper
Categories
(Core :: Security, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: moz_bug_r_a4, Assigned: mrbkap)
Details
(Whiteboard: [sg:high][3.6.x])
Attachments
(2 files)
443 bytes,
text/html
|
Details | |
1.96 KB,
patch
|
Details | Diff | Splinter Review |
XPCNativeWrapper::RewrapIfDeepWrapper cares nothing for the return value when obj is a shallow wrapper, thus a XOW come from the wrong scope is not re-wrapped.
Reporter | ||
Comment 1•15 years ago
|
||
This tries to get cookies for www.apple.com. This works on trunk and 1.9.* (and 1.8 since bug 369334 is not fixed on 1.8).
Updated•15 years ago
|
Assignee: nobody → mrbkap
Updated•15 years ago
|
Whiteboard: [sg:high]
Updated•15 years ago
|
status1.9.1:
--- → wanted
Whiteboard: [sg:high] → [sg:high][3.6.x]
Assignee | ||
Comment 2•15 years ago
|
||
This uses the patch in bug 533600. I'm probably going to end up rolling this patch into my other, larger patch, but this fixes this bug. I have found my new hammer: XPCWrappedNativeScope::GetWrapperFor.
Assignee | ||
Comment 3•14 years ago
|
||
Fixed by bug 533600.
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
Updated•13 years ago
|
status1.9.2:
--- → wanted
Updated•9 years ago
|
Group: core-security → core-security-release
Updated•9 years ago
|
Group: core-security-release
You need to log in
before you can comment on or make changes to this bug.
Description
•