Follow up for https://bugzilla.mozilla.org/show_bug.cgi?id=775377#c6 cjones: we need to audit passing null URIs cjones: sometimes that means "system principal", which has full privileges cjones: content shouldn't be able to forge that across process boundaries
It might be better to get a bit more context here. principal.URI can return null in more situations than the system principal. Indeed, the system principal will return a null URI but so do extended principals and so can regular principals.
OS: Mac OS X → All
Hardware: x86 → All
Version: unspecified → Trunk
Didn't follow that, but maybe we're not on the same page. We deserialize nsIURI here http://mxr.mozilla.org/mozilla-central/source/netwerk/ipc/NeckoMessageUtils.h#86 . The code lets null be deserialized. Is there anywhere that null nsIURI can flow that would cause harm?
https://bugzilla.mozilla.org/show_bug.cgi?id=1472046 Move all DOM bugs that haven’t been updated in more than 3 years and has no one currently assigned to P5. If you have questions, please contact :mdaly.
Priority: -- → P5
You need to log in before you can comment on or make changes to this bug.