Last Comment Bug 762009 - Investigate if mozIDOMApplicationMgmt implementation leads to security bugs
: Investigate if mozIDOMApplicationMgmt implementation leads to security bugs
Status: RESOLVED FIXED
: sec-audit
Product: Core
Classification: Components
Component: DOM (show other bugs)
: unspecified
: x86_64 Linux
: -- normal (vote)
: ---
Assigned To: Olli Pettay [:smaug] (high review load, please consider other reviewers)
:
Mentors:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2012-06-06 05:58 PDT by Olli Pettay [:smaug] (high review load, please consider other reviewers)
Modified: 2013-04-04 13:53 PDT (History)
6 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments

Description Olli Pettay [:smaug] (high review load, please consider other reviewers) 2012-06-06 05:58:25 PDT
Currently mozIDOMApplicationMgmt is implemented in JS, but it inherits
builtinclass interface nsIDOMEventTarget.
Code using nsIDOMEventTarget excepts it to be C++. I wonder if it is possible
that the current setup leads to some random crashes.
Comment 1 Olli Pettay [:smaug] (high review load, please consider other reviewers) 2012-06-06 09:05:19 PDT
(In reply to Olli Pettay [:smaug] from comment #0)
> excepts
expects
Comment 2 Daniel Veditz [:dveditz] 2012-06-06 10:13:06 PDT
Olli: who should investigate this? If not you please find someone, if this is assigned to nobody it'll just rot.
Comment 3 Olli Pettay [:smaug] (high review load, please consider other reviewers) 2012-06-06 11:41:46 PDT
(In reply to Daniel Veditz [:dveditz] from comment #2)
> Olli: who should investigate this? If not you please find someone, if this
> is assigned to nobody it'll just rot.

I'll look at this some more.
Comment 4 Olli Pettay [:smaug] (high review load, please consider other reviewers) 2012-06-13 01:30:09 PDT
The only problematic cases I found are chrome only.
nsEventListenerService::Add/RemoveSystemEventListener,
nsEventListenerService::HasListenersFor,
nsEventListenerService::GetEventTargetChainFor
nsDocShell::Get/SetChromeEventHandler

Marking this WONTFIX, since mozIDOMApplicationMgmt was changed to not inherit nsIDOMEventTarget.
Comment 5 Daniel Veditz [:dveditz] 2012-07-21 10:38:39 PDT
Calling it "fixed" because you did do the investigation this bug was filed to track.

Note You need to log in before you can comment on or make changes to this bug.