As a security precaution, we have turned on the setting "Require API key authentication for API requests" for everyone. If this has broken something, please contact bugzilla-admin@mozilla.org
Last Comment Bug 762009 - Investigate if mozIDOMApplicationMgmt implementation leads to security bugs
: Investigate if mozIDOMApplicationMgmt implementation leads to security bugs
Status: RESOLVED FIXED
: sec-audit
Product: Core
Classification: Components
Component: DOM (show other bugs)
: unspecified
: x86_64 Linux
: -- normal (vote)
: ---
Assigned To: Olli Pettay [:smaug] (review request backlog because of a work week)
:
: Andrew Overholt [:overholt]
Mentors:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2012-06-06 05:58 PDT by Olli Pettay [:smaug] (review request backlog because of a work week)
Modified: 2013-04-04 13:53 PDT (History)
6 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments

Description User image Olli Pettay [:smaug] (review request backlog because of a work week) 2012-06-06 05:58:25 PDT
Currently mozIDOMApplicationMgmt is implemented in JS, but it inherits
builtinclass interface nsIDOMEventTarget.
Code using nsIDOMEventTarget excepts it to be C++. I wonder if it is possible
that the current setup leads to some random crashes.
Comment 1 User image Olli Pettay [:smaug] (review request backlog because of a work week) 2012-06-06 09:05:19 PDT
(In reply to Olli Pettay [:smaug] from comment #0)
> excepts
expects
Comment 2 User image Daniel Veditz [:dveditz] 2012-06-06 10:13:06 PDT
Olli: who should investigate this? If not you please find someone, if this is assigned to nobody it'll just rot.
Comment 3 User image Olli Pettay [:smaug] (review request backlog because of a work week) 2012-06-06 11:41:46 PDT
(In reply to Daniel Veditz [:dveditz] from comment #2)
> Olli: who should investigate this? If not you please find someone, if this
> is assigned to nobody it'll just rot.

I'll look at this some more.
Comment 4 User image Olli Pettay [:smaug] (review request backlog because of a work week) 2012-06-13 01:30:09 PDT
The only problematic cases I found are chrome only.
nsEventListenerService::Add/RemoveSystemEventListener,
nsEventListenerService::HasListenersFor,
nsEventListenerService::GetEventTargetChainFor
nsDocShell::Get/SetChromeEventHandler

Marking this WONTFIX, since mozIDOMApplicationMgmt was changed to not inherit nsIDOMEventTarget.
Comment 5 User image Daniel Veditz [:dveditz] 2012-07-21 10:38:39 PDT
Calling it "fixed" because you did do the investigation this bug was filed to track.

Note You need to log in before you can comment on or make changes to this bug.