Closed Bug 79916 Opened 23 years ago Closed 23 years ago

Treating all clases with nsIClassInfo as if they were DOM objects

Categories

(Core :: Security: CAPS, defect)

defect
Not set
normal

Tracking

()

VERIFIED FIXED

People

(Reporter: jband_mozilla, Assigned: security-bugs)

References

()

Details

(Whiteboard: need engineer feedback)

In nsScriptSecurityManager::IsDOMClass you need:

-    return NS_SUCCEEDED(rv) && (classFlags | nsIClassInfo::DOM_OBJECT);
+    return NS_SUCCEEDED(rv) && (classFlags & nsIClassInfo::DOM_OBJECT);

I think you should fix this quickly.
Yeesh, I still haven't reviewed the caps code.  Has anyone else?  I'm jammed up
till tomorrow; in the mean time, r/sr=brendan@mozilla.org (and you have jband's
blessing) to get this fix in ASAP!

/be
Fixed.
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
Mitch, any way to test this?
Whiteboard: need engineer feedback
Chris,
   This was making some interfaces under the Components object (I forget which)
accessible to untrusted scripts when they shouldn't be. 
Okay, so if it blocks access to Components.interfaces, we're okay, right?
Yeah.
What? We're not blocking access to Components.interfaces, we currently rely on
being able to access that (indirectly) from web content!
Components uses nsISceurityCheckedComponent to expose 'interfaces'.
Okay, I think I need some clue-vending...

For the testcase http://voodoolady.mcom.com/seucurity/accept/auxp003.html I am
getting the exception "Permission denied to create wrapper for object" with
Components.interfaces starting at nsMsgViewCommandType and the failures continue
through nsIAddressBook.

Is this testcase appropriate to test for the problem we are seeing in this bug?
Added test URL (internal only)
cc'ing dbradley, who was looking at some of this for me...
jband, are we still doing this?
I think we're OK.
Marking VERIFIED FIXED on:
-MacOS91 2001-07-23-03-0.9.2
-LinRH62 2001-07-23-04-0.9.2
-Win98SE 2001-07-23-06-0.9.2
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.