Last Comment Bug 568564 - (CVE-2010-2754) Suppress the script filename for cross-origin error events (SA39925)
: Suppress the script filename for cross-origin error events (SA39925)
: fixed1.9.0.20, privacy
Product: Core
Classification: Components
Component: DOM (show other bugs)
: unspecified
: All All
: -- normal with 1 vote (vote)
: ---
Assigned To: Boris Zbarsky [:bz]
: 568688 569550 (view as bug list)
Depends on:
  Show dependency treegraph
Reported: 2010-05-27 10:55 PDT by Boris Zbarsky [:bz]
Modified: 2010-08-20 18:49 PDT (History)
15 users (show)
bzbarsky: in‑testsuite+
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---

Like so (2.16 KB, patch)
2010-05-27 11:25 PDT, Boris Zbarsky [:bz]
jst: review+
Details | Diff | Splinter Review
1.9.2 fix (2.94 KB, patch)
2010-06-08 22:11 PDT, Boris Zbarsky [:bz]
christian: approval1.9.2.7+
Details | Diff | Splinter Review
1.9.1 merge (2.96 KB, patch)
2010-06-08 22:12 PDT, Boris Zbarsky [:bz]
christian: approval1.9.1.11+
Details | Diff | Splinter Review

Description Boris Zbarsky [:bz] 2010-05-27 10:55:23 PDT
Comment 1 Boris Zbarsky [:bz] 2010-05-27 11:01:34 PDT
In particular, we need to do that because on redirects we put the post-redirect URI into the JSScript filename field.  If js error reports had an origin not tied to filename, we could take various other approaches here.
Comment 2 Boris Zbarsky [:bz] 2010-05-27 11:25:16 PDT
Created attachment 447792 [details] [diff] [review]
Like so
Comment 3 Mike Beltzner [:beltzner, not reading bugmail] 2010-05-27 19:40:51 PDT
*** Bug 568688 has been marked as a duplicate of this bug. ***
Comment 4 Michał Gołębiowski [:m_gol] 2010-05-29 21:03:47 PDT
Proof of concept:
Comment 5 Michał Gołębiowski [:m_gol] 2010-05-29 21:05:31 PDT
Shouldn't it block 3.6.4?
Comment 6 Robert Longson 2010-06-02 04:39:06 PDT
*** Bug 569550 has been marked as a duplicate of this bug. ***
Comment 7 Mike Beltzner [:beltzner, not reading bugmail] 2010-06-02 05:41:37 PDT
Until it gets a sg evaluation it'll be needed but not hard blocking any of the upcoming branch releases; obviously would like a reviewed patch ASAP, but I know people's review queues are busy.
Comment 8 Jesse Ruderman 2010-06-07 15:25:10 PDT
The severity really depends on what information sites reveal through URLs.  

* got my Google profile ID, and thus a good guess at my email address.  That's a pretty bad privacy violation.

* In theory, a site might reveal a session token. If high-profile sites turned out to do that, we'd call this bug [sg:high].
Comment 9 Daniel Veditz [:dveditz] 2010-06-07 15:54:29 PDT
Self-defense until fixed: block 3rd party cookies and the victim sites can't reveal any personal information.
Comment 10 Boris Zbarsky [:bz] 2010-06-08 20:28:14 PDT
Pushed and then to fix test issues.  Will create a roll-up patch for branches.
Comment 11 Boris Zbarsky [:bz] 2010-06-08 22:11:59 PDT
Created attachment 450044 [details] [diff] [review]
1.9.2 fix
Comment 12 Boris Zbarsky [:bz] 2010-06-08 22:12:27 PDT
Created attachment 450045 [details] [diff] [review]
1.9.1 merge
Comment 13 christian 2010-06-11 15:24:53 PDT
Comment on attachment 450045 [details] [diff] [review]
1.9.1 merge

a=LegNeato for and Please land this on mozilla-1.9.2 default and mozilla-1.9.1 default.
Comment 15 Samuel 2010-07-04 04:08:11 PDT
is this really fixed? why
why is this happening (to me!)?

i mean, why secunia folks don't think this is fixed? it's their problem? it's mozilla's? is this a situation of ineffective communication?
Comment 16 Mardeg 2010-07-04 14:19:21 PDT
It's fixed on the default 1.9.2 branch as stated, so will be in the next release, Firefox 3.6.7

If you're desperate for a preview build of it, get
Comment 17 Boris Zbarsky [:bz] 2010-07-04 15:09:57 PDT
> is this really fixed?

Yes, but the fix hasn't been shipped yet.  It's fixed in the upcoming 1.9.2.x security release, as comment 16 says.
Comment 18 Samuel 2010-07-05 00:27:49 PDT
@Mardeg OK now I see the "clegnitto: approval1.9.2.7+". Sorry for my blindness. Thx for the info and the tip.

@bz thx!
Comment 19 Smokey Ardisson (offline for a while; not following bugs - do not email) 2010-07-18 21:59:16 PDT
Comment on attachment 450045 [details] [diff] [review]
1.9.1 merge

Requesting on this patch so that we can take it in upcoming Camino 2.0.x security and stability updates.  If approved, I'll handle the checkins, unless the patch author requests otherwise.
Comment 20 Daniel Veditz [:dveditz] 2010-07-22 19:22:14 PDT
Comment on attachment 450045 [details] [diff] [review]
1.9.1 merge

Approved for, a=dveditz
Comment 21 Smokey Ardisson (offline for a while; not following bugs - do not email) 2010-07-24 15:29:18 PDT
Checking in content/base/test/test_bug461735.html;
/cvsroot/mozilla/content/base/test/test_bug461735.html,v  <--  test_bug461735.html
new revision: 1.2; previous revision: 1.1
Checking in dom/src/base/nsJSEnvironment.cpp;
/cvsroot/mozilla/dom/src/base/nsJSEnvironment.cpp,v  <--  nsJSEnvironment.cpp
new revision: 1.402; previous revision: 1.401

Note You need to log in before you can comment on or make changes to this bug.