Last Comment Bug 762009 - Investigate if mozIDOMApplicationMgmt implementation leads to security bugs
: Investigate if mozIDOMApplicationMgmt implementation leads to security bugs
Status: RESOLVED FIXED
: sec-audit
Product: Core
Classification: Components
Component: DOM (show other bugs)
: unspecified
: x86_64 Linux
: -- normal (vote)
: ---
Assigned To: Olli Pettay [:smaug] (vacation Aug 25-28)
:
Mentors:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2012-06-06 05:58 PDT by Olli Pettay [:smaug] (vacation Aug 25-28)
Modified: 2013-04-04 13:53 PDT (History)
6 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments

Description Olli Pettay [:smaug] (vacation Aug 25-28) 2012-06-06 05:58:25 PDT
Currently mozIDOMApplicationMgmt is implemented in JS, but it inherits
builtinclass interface nsIDOMEventTarget.
Code using nsIDOMEventTarget excepts it to be C++. I wonder if it is possible
that the current setup leads to some random crashes.
Comment 1 Olli Pettay [:smaug] (vacation Aug 25-28) 2012-06-06 09:05:19 PDT
(In reply to Olli Pettay [:smaug] from comment #0)
> excepts
expects
Comment 2 Daniel Veditz [:dveditz] 2012-06-06 10:13:06 PDT
Olli: who should investigate this? If not you please find someone, if this is assigned to nobody it'll just rot.
Comment 3 Olli Pettay [:smaug] (vacation Aug 25-28) 2012-06-06 11:41:46 PDT
(In reply to Daniel Veditz [:dveditz] from comment #2)
> Olli: who should investigate this? If not you please find someone, if this
> is assigned to nobody it'll just rot.

I'll look at this some more.
Comment 4 Olli Pettay [:smaug] (vacation Aug 25-28) 2012-06-13 01:30:09 PDT
The only problematic cases I found are chrome only.
nsEventListenerService::Add/RemoveSystemEventListener,
nsEventListenerService::HasListenersFor,
nsEventListenerService::GetEventTargetChainFor
nsDocShell::Get/SetChromeEventHandler

Marking this WONTFIX, since mozIDOMApplicationMgmt was changed to not inherit nsIDOMEventTarget.
Comment 5 Daniel Veditz [:dveditz] 2012-07-21 10:38:39 PDT
Calling it "fixed" because you did do the investigation this bug was filed to track.

Note You need to log in before you can comment on or make changes to this bug.