It's possible to break XBL scripts for video controls

RESOLVED FIXED in mozilla21

Status

()

Core
Security
RESOLVED FIXED
5 years ago
a year ago

People

(Reporter: moz_bug_r_a4, Assigned: bholley)

Tracking

({regression, sec-other})

Trunk
mozilla21
x86
Windows XP
regression, sec-other
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(firefox-esr17 unaffected, firefox-esr24 unaffected, b2g18 unaffected)

Details

(Whiteboard: reveals part of bug 816071 [dupe 823279] Embargo until ESR17 EOL)

Attachments

(1 attachment, 1 obsolete attachment)

69 bytes, text/html
Details
(Reporter)

Description

5 years ago
This is a regression from bug 818716 and bug 820666.

Once a PoC code runs, XBL scripts for video controls no longer work even after restarting Firefox.

The problem does not happen when nglayout.debug.disable_xul_cache is true.

I'm marking this as s-s since the testcase might reveal a part of bug 816071.
(Reporter)

Comment 1

5 years ago
Created attachment 692257 [details]
testcase
(Reporter)

Comment 2

5 years ago
Created attachment 692297 [details]
testcase 2

Sorry, I was wrong. The code in the old testcase is irrelevant.

Steps to reproduce:
1. Run Firefox with a clean profile.
2. Load a page that contains a video element.
3. Restart Firefox.
4. Repeat 2 & 3 a few times.
Attachment #692257 - Attachment is obsolete: true
(Reporter)

Comment 3

5 years ago
So this is not a security bug, except that the first testcase might reveal a part of other security bug.
Blocks: 818716, 820666
Keywords: regression, sec-other
Whiteboard: reveals part of bug 816071
Hopefully bug 821850 works, and then this will hopefully be fixed.
Depends on: 821850
(Reporter)

Comment 5

5 years ago
Sorry for the confusion.  At first I thought the code in the 1st testcase caused the symptom, and thus I filed this bug with the wrong summary and description, and then I realized that the code is irrelevant (comment #2).

Actually this bug is a duplicate of bug 823279 and already fixed, and the issue the code in the 1st testcase involved is discussed in other bugs, so there is no need to keep this bug open.  But, I'm concerned that resolving this bug as a duplicate of bug 823279 might reveal that there's a known security issue involved with XBL.  Please properly close this bug.
Assignee: nobody → bobbyholley+bmo
No longer depends on: 821850
Depends on: 834697
Closing per comment 5.
Status: NEW → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → FIXED
Whiteboard: reveals part of bug 816071 → reveals part of bug 816071 [dupe 823279]
Target Milestone: --- → mozilla21
status-firefox-esr17: --- → unaffected
status-firefox-esr24: --- → unaffected
Whiteboard: reveals part of bug 816071 [dupe 823279] → reveals part of bug 816071 [dupe 823279] Embargo until ESR17 EOL
status-b2g18: --- → unaffected

Updated

2 years ago
Group: core-security → core-security-release
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.