Closed Bug 821676 Opened 12 years ago Closed 11 years ago

It's possible to break XBL scripts for video controls

Categories

(Core :: Security, defect)

Product:
Core
Component:
Security
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla21
Tracking Flags:
Tracking Status
firefox-esr17 --- unaffected
firefox-esr24 --- unaffected
b2g18 --- unaffected

People

(Reporter: moz_bug_r_a4, Assigned: bholley)

References

Details

(Keywords: regression, sec-other, Whiteboard: reveals part of bug 816071 [dupe 823279] Embargo until ESR17 EOL)

Attachments

(1 file, 1 obsolete file)

testcase 2
69 bytes, text/html
Details 
This is a regression from bug 818716 and bug 820666.

Once a PoC code runs, XBL scripts for video controls no longer work even after restarting Firefox.

The problem does not happen when nglayout.debug.disable_xul_cache is true.

I'm marking this as s-s since the testcase might reveal a part of bug 816071.
Attached file testcase (obsolete) — 

    
    

    
  

      
      
      
      

        Attached file
          
        testcase 2
      

    


  
Sorry, I was wrong. The code in the old testcase is irrelevant.

Steps to reproduce:
1. Run Firefox with a clean profile.
2. Load a page that contains a video element.
3. Restart Firefox.
4. Repeat 2 & 3 a few times.

        Attachment #692257 -
        Attachment is obsolete: true

    
    

    
  
So this is not a security bug, except that the first testcase might reveal a part of other security bug.
Blocks: 818716, 820666
Keywords: regression, 
          
            sec-other
Whiteboard: reveals part of bug 816071

    
    

    
  
Hopefully bug 821850 works, and then this will hopefully be fixed.
Depends on: XBL-scopes

    
    

    
  
Sorry for the confusion.  At first I thought the code in the 1st testcase caused the symptom, and thus I filed this bug with the wrong summary and description, and then I realized that the code is irrelevant (comment #2).

Actually this bug is a duplicate of bug 823279 and already fixed, and the issue the code in the 1st testcase involved is discussed in other bugs, so there is no need to keep this bug open.  But, I'm concerned that resolving this bug as a duplicate of bug 823279 might reveal that there's a known security issue involved with XBL.  Please properly close this bug.

    
  
Assignee: nobody → bobbyholley+bmo

    
  
No longer depends on: XBL-scopes

    
  
Depends on: 834697

    
    

    
  
Closing per comment 5.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Whiteboard: reveals part of bug 816071 → reveals part of bug 816071 [dupe 823279]
Target Milestone: --- → mozilla21

          status-firefox-esr17:
          --- → unaffected

          status-firefox-esr24:
          --- → unaffected
Whiteboard: reveals part of bug 816071 [dupe 823279] → reveals part of bug 816071 [dupe 823279] Embargo until ESR17 EOL

    
  
Group: core-security → core-security-release
Group: core-security-release

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: