Closed
Bug 586401
Opened 14 years ago
Closed 13 years ago
Potential vulnerability left after the patch in bug 585284
Categories
(Core :: XPConnect, defect)
Tracking
()
People
(Reporter: mrbkap, Assigned: mrbkap)
Details
(Whiteboard: [sg:high?][critsmash:investigating])
Attachments
(1 file)
2.18 KB,
patch
|
Details | Diff | Splinter Review |
The patch in bug 585284 fixes the testcase in that bug, but I don't think that it deals with the cached principal stuff that is supposed to protect SJOWs from being used to access objects that the original caller doesn't have access to (I don't fully understand what it's supposed to do at the moment).
I don't know if this is actually exploitable, but I wanted to file a bug just in case...
Updated•14 years ago
|
Whiteboard: [sg:high?][critsmash:investigating]
Updated•14 years ago
|
Assignee: nobody → mrbkap
Comment 1•14 years ago
|
||
Blake, I'm assuming this is fixed on trunk now, but we still need this for the older branches, right?
Comment 2•14 years ago
|
||
mrbkap, can you comment on this wrt current trunk vs branches?
Comment 3•13 years ago
|
||
Blake, this is a non-issue on trunk now, right?
Assignee | ||
Comment 4•13 years ago
|
||
Yes.
Comment 5•13 years ago
|
||
Excellent, marking as such.
status-firefox6:
--- → fixed
status-firefox7:
--- → fixed
status-firefox8:
--- → fixed
status-firefox9:
--- → fixed
Version: Trunk → 1.9.2 Branch
Comment 6•13 years ago
|
||
Given that we have no known way to exploit this, and no testcase, this doesn't seem worth fixing for 3.6 at this time. If someone can come up with a testcase then that's something we could look into, but as of now we have no testcase.
Comment 7•13 years ago
|
||
Thanks Johnny - that sounds reasonable. Marking as wontfix for 1.9.2.
status1.9.2:
--- → wontfix
Updated•13 years ago
|
Group: core-security
Comment 8•13 years ago
|
||
Resolving "fixed" since this has apparently been fixed for months but I know of no way to verify.
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•