There are no known security attaccks, but it's a good idea to call SetDllDirectory("") as a precaution. This call will remove the current directory for dynamically loaded DLLs if we ever introduce the use of some.
Created attachment 716728 [details] [diff] [review] Patch v1. I decided to put it here because that way we don't need extra ugly ifdef's inside updater.cpp. This file is already windows only and it is called before main() is even entered.
Attachment #716728 - Flags: review?(robert.bugzilla)
6 years ago
Attachment #716728 - Flags: review?(robert.bugzilla) → review+
Target Milestone: --- → mozilla22
Status: NEW → RESOLVED
Last Resolved: 6 years ago
status-firefox22: --- → fixed
Resolution: --- → FIXED
Do we need this on ESR-17?
status-firefox20: --- → affected
status-firefox21: --- → affected
status-firefox-esr17: --- → affected
tracking-firefox21: --- → ?
tracking-firefox-esr17: --- → ?
I don't think we need it uplifted anywhere since there is no specific known attack we're protecting against.
(In reply to Brian R. Bondy [:bbondy] from comment #5) > I don't think we need it uplifted anywhere since there is no specific known > attack we're protecting against. Sounds reasonable, especially since this is sec-moderate.
tracking-firefox21: ? → -
tracking-firefox-esr17: ? → ---
You need to log in before you can comment on or make changes to this bug.