Last Comment Bug 544875 - Investigate mNavigator usage in nsPluginArray and nsMimeTypeArray
: Investigate mNavigator usage in nsPluginArray and nsMimeTypeArray
Status: RESOLVED FIXED
[sg:audit]
:
Product: Core
Classification: Components
Component: DOM (show other bugs)
: unspecified
: x86 All
-- major (vote)
: ---
Assigned To: Nobody; OK to take it and work on it
:
: Andrew Overholt [:overholt]
Mentors:
Depends on: CVE-2010-2767
Blocks:
  Show dependency treegraph
 
Reported: 2010-02-08 07:13 PST by Olli Pettay [:smaug] (pto-ish for couple of days)
Modified: 2012-03-08 08:47 PST (History)
10 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---
-
wanted
wanted


Attachments

Description User image Olli Pettay [:smaug] (pto-ish for couple of days) 2010-02-08 07:13:03 PST
Using raw pointers is scary!
Comment 1 User image Daniel Veditz [:dveditz] 2010-08-04 15:43:09 PDT
Apparently it is, Sergey Glazunov found at least one sg:critical bug in that code. Is that the only problem there or are there more?
Comment 2 User image Daniel Veditz [:dveditz] 2010-08-06 10:19:14 PDT
We need this "fixed" this round to make sure bug 584517 is the only problem in there. Otherwise we're just pissing away bounties as people file them one-by-one.
Comment 3 User image christian 2010-08-10 11:11:24 PDT
Is there any plans to do this audit before code-freeze this Thursday? I'm going to remove blocking as we wouldn't block shipping on this audit...
Comment 4 User image Olli Pettay [:smaug] (pto-ish for couple of days) 2010-08-10 12:55:12 PDT
I could try to audit this tomorrow, if I find a nice solution for Bug 585815
today.
Comment 5 User image Blake Kaplan (:mrbkap) 2010-08-10 13:06:39 PDT
For what it's worth, I looked into this for the patch in bug 584512 . That's why that patch touches the mime type array as well as the plugin array. I'd appreciate smaug double-checking my work though!
Comment 6 User image Olli Pettay [:smaug] (pto-ish for couple of days) 2010-08-11 05:42:52 PDT
Without looking at Bug 584512 I found the same bug, but not anything else.
Comment 7 User image Josh Aas 2012-03-08 08:44:47 PST
Seems like Blake and Olli are both saying they looked into this. Can we call this fixed, that being the case? Also, can we open this up as there is no specific vulnerability discussed?
Comment 8 User image Blake Kaplan (:mrbkap) 2012-03-08 08:47:40 PST
Yes.

Note You need to log in before you can comment on or make changes to this bug.