Closed
Bug 555018
(CVE-2011-2996)
Opened 14 years ago
Closed 14 years ago
initialize nsChildView plugin ports
Categories
(Core :: Widget: Cocoa, defect)
Tracking
()
RESOLVED
FIXED
mozilla2.0
| Tracking | Status | |
|---|---|---|
| status2.0 | --- | unaffected |
| blocking1.9.2 | --- | .23+ |
| status1.9.2 | --- | .23-fixed |
| status1.9.1 | --- | wanted |
People
(Reporter: jaas, Assigned: jaas)
References
Details
(Keywords: crash, Whiteboard: [sg:moderate])
Attachments
(2 files)
|
785 bytes,
patch
|
roc
:
review+
|
Details | Diff | Splinter Review |
|
1.57 KB,
patch
|
dveditz
:
approval1.9.2.18-
|
Details | Diff | Splinter Review |
We should initialize nsChildView plugin ports.
Attachment #434946 -
Flags: review?(roc)
Attachment #434946 -
Flags: review?(roc) → review+
pushed to mozilla-central http://hg.mozilla.org/mozilla-central/rev/5e9d5bbf7596
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
This is a safe patch, we should take it on 1.9.2.
Attachment #434946 -
Attachment is obsolete: true
Attachment #434953 -
Flags: approval1.9.2.3?
Attachment #434946 -
Attachment is obsolete: false
|
||
Updated•14 years ago
|
Attachment #434953 -
Flags: approval1.9.2.4? → approval1.9.2.8?
|
|
||
Comment 3•13 years ago
|
||
Comment on attachment 434953 [details] [diff] [review] fix v1.0 for 1.9.2 Is this still wanted on the 3.6 branch, or should we just forget about it?
Attachment #434953 -
Flags: approval1.9.2.9? → approval1.9.2.18?
If we don't initialize that structure it can contain pointers to random memory. It's a stability issue, and might also have security implications.
|
|
||
Comment 6•13 years ago
|
||
Comment on attachment 434953 [details] [diff] [review] fix v1.0 for 1.9.2 Approved for 1.9.2.18, a=dveditz for release-drivers
Attachment #434953 -
Flags: approval1.9.2.18? → approval1.9.2.18+
|
|
||
Updated•13 years ago
|
|
|
||
Comment 7•13 years ago
|
||
Comment on attachment 434953 [details] [diff] [review] fix v1.0 for 1.9.2 doesn't apply on 1.9.2 because there's a context diff around the union nsPluginPort line. Not sure if it's still safe to remove that or if there were other changes to the file that would require a different patch. fwiw the trunk still seems to have that line in it.
Attachment #434953 -
Flags: approval1.9.2.18+ → approval1.9.2.18-
|
|
||
Updated•13 years ago
|
blocking1.9.2: --- → needed
status1.9.1:
--- → wanted
status1.9.2:
--- → wanted
status2.0:
--- → unaffected
Target Milestone: --- → mozilla2.0
|
|
||
Updated•13 years ago
|
blocking1.9.2: needed → .21+
Whiteboard: [sg:critical?] → [sg:moderate]
pushed to mozilla-1.9.2 http://hg.mozilla.org/releases/mozilla-1.9.2/rev/3fb441425998
|
|
||
Updated•13 years ago
|
Alias: CVE-2011-2996
|
|
||
Updated•13 years ago
|
Group: core-security
|
||
Updated•9 years ago
|
Keywords: testcase-wanted
You need to log in
before you can comment on or make changes to this bug.
Description
•