The default bug view has changed. See this FAQ.
Bug 555018 (CVE-2011-2996)

initialize nsChildView plugin ports

RESOLVED FIXED in mozilla2.0

Status

()

Core
Widget: Cocoa
RESOLVED FIXED
7 years ago
a year ago

People

(Reporter: Josh Aas, Assigned: Josh Aas)

Tracking

({crash})

Trunk
mozilla2.0
All
Mac OS X
crash
Points:
---

Firefox Tracking Flags

(status2.0 unaffected, blocking1.9.2 .23+, status1.9.2 .23-fixed, status1.9.1 wanted)

Details

(Whiteboard: [sg:moderate])

Attachments

(2 attachments)

(Assignee)

Description

7 years ago
Created attachment 434946 [details] [diff] [review]
fix v1.0

We should initialize nsChildView plugin ports.
Attachment #434946 - Flags: review?(roc)
(Assignee)

Updated

7 years ago
Blocks: 527280
Attachment #434946 - Flags: review?(roc) → review+
(Assignee)

Comment 1

7 years ago
pushed to mozilla-central

http://hg.mozilla.org/mozilla-central/rev/5e9d5bbf7596
Status: NEW → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → FIXED
(Assignee)

Comment 2

7 years ago
Created attachment 434953 [details] [diff] [review]
fix v1.0 for 1.9.2

This is a safe patch, we should take it on 1.9.2.
Attachment #434946 - Attachment is obsolete: true
(Assignee)

Updated

7 years ago
Attachment #434953 - Flags: approval1.9.2.3?
(Assignee)

Updated

7 years ago
Attachment #434946 - Attachment is obsolete: false
Attachment #434953 - Flags: approval1.9.2.4? → approval1.9.2.8?
Comment on attachment 434953 [details] [diff] [review]
fix v1.0 for 1.9.2

Is this still wanted on the 3.6 branch, or should we just forget about it?
Attachment #434953 - Flags: approval1.9.2.9? → approval1.9.2.18?

Comment 4

6 years ago
What's the benefit of taking this change?
(Assignee)

Comment 5

6 years ago
If we don't initialize that structure it can contain pointers to random memory. It's a stability issue, and might also have security implications.
Comment on attachment 434953 [details] [diff] [review]
fix v1.0 for 1.9.2

Approved for 1.9.2.18, a=dveditz for release-drivers
Attachment #434953 - Flags: approval1.9.2.18? → approval1.9.2.18+
Group: core-security
Keywords: crash, testcase-wanted
Whiteboard: [sg:critical?]
Comment on attachment 434953 [details] [diff] [review]
fix v1.0 for 1.9.2

doesn't apply on 1.9.2 because there's a context diff around the union nsPluginPort line. Not sure if it's still safe to remove that or if there were other changes to the file that would require a different patch. fwiw the trunk still seems to have that line in it.
Attachment #434953 - Flags: approval1.9.2.18+ → approval1.9.2.18-
blocking1.9.2: --- → needed
status1.9.1: --- → wanted
status1.9.2: --- → wanted
status2.0: --- → unaffected
Target Milestone: --- → mozilla2.0
blocking1.9.2: needed → .21+
Whiteboard: [sg:critical?] → [sg:moderate]
(Assignee)

Comment 8

6 years ago
pushed to mozilla-1.9.2

http://hg.mozilla.org/releases/mozilla-1.9.2/rev/3fb441425998
status1.9.2: wanted → .23-fixed
Alias: CVE-2011-2996
Group: core-security
Keywords: testcase-wanted
You need to log in before you can comment on or make changes to this bug.