Closed Bug 610525 Opened 10 years ago Closed 10 years ago
Script-to-Java (ns ISecure Env) calls sometimes made with no Java Script on stack
Assignee: nobody → smichaud
Status: NEW → ASSIGNED
Is this the security hole exposed by the logging from the site breakage in bug 607678?
> Is this the security hole exposed by the logging from the site > breakage in bug 607678? Yes. I'm not yet finished writing up this bug. Tomorrow I'll add more comments, post some builds made with my patch, and tell people about them at bug 607678.
Attachment #489033 - Attachment filename: bugzilla607678-patch.txt → bugzilla610525-patch.txt
Here's a test build made with my patch from comment #1. Since the tryservers no longer do branch builds, this is a build I made myself. http://people.mozilla.com/~stmichaud/bmo/firefox-3.6.13pre-bugzilla610525.en-US.mac.dmg
I think we should reclassify this bug as "[sg:low]".
OK, sg:low it is -- but we still need to fix it because it's the fix for regressions introduced by bug 598453
blocking1.9.1: ? → .16+
blocking1.9.2: ? → .13+
Whiteboard: [sg:moderate] → [sg:low]
> but we still need to fix it because it's the fix for > regressions introduced by bug 598453 Yes.
Comment on attachment 489033 [details] [diff] [review] Fix I don't really know who should review my patch -- OJI and (browser-side) LiveConnect are (infamously) obsolete and un-owned. Dbaron: I noticed your name on some of the revisions to the AutoPushJSContext code, so I'm asking you to review. Please let me know if you think someone else should do it.
Attachment #489033 - Flags: review?(dbaron)
Attachment #489033 - Flags: review?(dbaron) → review?(jst)
Comment on attachment 489033 [details] [diff] [review] Fix JSContextForPluginInstance() could use nsCOMPtr's instead of doing manual reference counting, but if that's for some reason hard I'm fine with doing it by hand here, as the patch does. r=jst
Attachment #489033 - Flags: review?(jst) → review+
Comment on attachment 489033 [details] [diff] [review] Fix Landed on the 1.9.2 branch with jst's requested changes: http://hg.mozilla.org/releases/mozilla-1.9.2/rev/f1ae505ad72d
Comment on attachment 489033 [details] [diff] [review] Fix Landed on the 1.9.1 branch: http://hg.mozilla.org/releases/mozilla-1.9.1/rev/ff0b80c67371
Smokey, does this need to land on the 1.9.0 branch? I assume that it does, but please let us know (so I can request approval).
Comment on attachment 489033 [details] [diff] [review] Fix > Smokey, does this need to land on the 1.9.0 branch? I've answered my own question -- this patch does need to land on the 1.9.0 branch, since current Camino releases are off that branch, and Camino 2.0.5 is effected by this bug (and bug 606737 and bug 607678).
Attachment #489033 - Flags: approval1.9.0.next?
What are the STR for this bug for verification of this fix on 1.9.2 and 1.9.1?
Whiteboard: [sg:low] → [sg:low] [qa-needs-STR]
> What are the STR for this bug for verification of this fix on 1.9.2 > and 1.9.1? The following has worked best for me: 1) Run Applications : Utilities : Java Preferences and a) Click on the Advanced tab. b) Under Java Console select Show console. 2) Load the testcase from bug 606737 (http://jnlp.dev.concord.org/test-japplet.html). 3) Look for the following in the Java Console output: WINDOW IS: [object DOMWindow]
You need to log in before you can comment on or make changes to this bug.