Investigate if mozIDOMApplicationMgmt implementation leads to security bugs

RESOLVED FIXED

Status

()

Core
DOM
RESOLVED FIXED
5 years ago
4 years ago

People

(Reporter: smaug, Assigned: smaug)

Tracking

({sec-audit})

Firefox Tracking Flags

(Not tracked)

Details

(Assignee)

Description

5 years ago
Currently mozIDOMApplicationMgmt is implemented in JS, but it inherits
builtinclass interface nsIDOMEventTarget.
Code using nsIDOMEventTarget excepts it to be C++. I wonder if it is possible
that the current setup leads to some random crashes.

Updated

5 years ago
Component: Web Apps → DOM: Mozilla Extensions
Product: Firefox → Core
QA Contact: webapps → general
(Assignee)

Comment 1

5 years ago
(In reply to Olli Pettay [:smaug] from comment #0)
> excepts
expects
Olli: who should investigate this? If not you please find someone, if this is assigned to nobody it'll just rot.
Assignee: nobody → bugs
Keywords: sec-audit
(Assignee)

Comment 3

5 years ago
(In reply to Daniel Veditz [:dveditz] from comment #2)
> Olli: who should investigate this? If not you please find someone, if this
> is assigned to nobody it'll just rot.

I'll look at this some more.
(Assignee)

Comment 4

5 years ago
The only problematic cases I found are chrome only.
nsEventListenerService::Add/RemoveSystemEventListener,
nsEventListenerService::HasListenersFor,
nsEventListenerService::GetEventTargetChainFor
nsDocShell::Get/SetChromeEventHandler

Marking this WONTFIX, since mozIDOMApplicationMgmt was changed to not inherit nsIDOMEventTarget.
Status: NEW → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → WONTFIX
Calling it "fixed" because you did do the investigation this bug was filed to track.
Group: core-security
Resolution: WONTFIX → FIXED
Component: DOM: Mozilla Extensions → DOM
Product: Core → Core
You need to log in before you can comment on or make changes to this bug.