Closed Bug 639130 Opened 9 years ago Closed 9 years ago

"ASSERTION: Principal mismatch" after using XMLDocument.load on navigated-away document

Categories

(Core :: DOM: Core & HTML, defect)

x86
macOS
defect
Not set

Tracking

()

RESOLVED FIXED

People

(Reporter: jruderman, Assigned: smaug)

References

(Blocks 2 open bugs)

Details

(Keywords: assertion, testcase)

Attachments

(3 files)

Attached file testcase
###!!! ASSERTION: Principal mismatch.  Expect bad things to happen: '!objPrin || objPrin->GetPrincipal() == principal', file js/src/xpconnect/src/xpcwrappednative.cpp, line 3166

###!!! ASSERTION: Principal mismatch.  Not good: 'strcmp(jsClass->name, "Location") == 0 ? NS_SUCCEEDED(CheckSameOriginPrincipal(result, principal)) : result == principal', file caps/src/nsScriptSecurityManager.cpp, line 2503
Attached file stack traces
Attached patch patchSplinter Review
We should remove xmldocument.load at some point. We already warn
"Warning: Use of Document.load() is deprecated. To upgrade your code, use the DOM XMLHttpRequest object. For more help https://developer.mozilla.org/en/XMLHttpRequest
Source File: data:application/xml,<body%20xmlns="http://www.w3.org/1999/xhtml">1</body>
Line: 0"
Assignee: nobody → Olli.Pettay
Attachment #517109 - Flags: review?(jst)
Attachment #517109 - Flags: review?(jst) → review+
So I don't think this is actually an exploitable bug, we're merely running into two different principals from the same origin here. Smaug, if you disagree, please let me know.
Taking Olli's silence as consent. Looks like we block too much access which is the opposite of the security problem of allowing access we shouldn't.
Group: core-security
http://hg.mozilla.org/mozilla-central/rev/70d45aaea8ad
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
See Also: → 1057518
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.