Closed Bug 814156 Opened 12 years ago Closed 12 years ago

Need additional security checks for the "permissions" permission

Categories

(Core :: DOM: Core & HTML, defect, P1)

Product:
Core
Component:
DOM: Core & HTML
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
B2G C3 (12dec-1jan)
Project Flags:
blocking-basecamp +
Tracking Flags:
Tracking Status
firefox18 --- fixed
firefox19 --- fixed
firefox20 --- fixed

People

(Reporter: bent.mozilla, Assigned: gwagner)

References

Details

Attachments

(1 file)

patch
873 bytes, patch
sicking
: review+
Details | Diff | Splinter Review 
Some notes from my conversation with gregor:

  no parent process checks at all
  actual permission being changed is not subjected to a whitelist, certified-only perms can be added to non-certified apps for example.
blocking-basecamp: ? → +
Gregor, Doug said you should be the lucky owner of this bug.  Congrats!  :)
Assignee: nobody → anygregor
Setting priority based on triage discussions.  Feel free to decrease priority if you disagree.
Priority: -- → P1
Mass Modify: All un-milestoned, unresolved blocking-basecamp+ bugs are being moved into the C3 milestone. Note that the target milestone does not mean that these bugs can't be resolved prior to 12/10, rather C2 bugs should be prioritized ahead of C3 bugs.
Target Milestone: --- → B2G C3 (12dec-1jan)
Attached patch patchSplinter Review 

        Attachment #689493 -
        Flags: review?(jonas)

    
    

    
  
https://hg.mozilla.org/mozilla-central/rev/a54483a8d0c7
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Component: DOM → DOM: Core & HTML

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: