Closed
Bug 127697
Opened 23 years ago
Closed 18 years ago
nsDocShell::mValidateOrigin is never set
Categories
(Core :: Security, defect)
Core
Security
Tracking
()
RESOLVED
FIXED
People
(Reporter: adamlock, Assigned: security-bugs)
References
(Blocks 1 open bug)
Details
I noticed a potentially serious problem while fixing up some scheme comparison code in SameOrSubdomainOfTarget() in nsDocShell.cpp for bug 126432. I have noticed that this code only gets called if mValidateOrigin is PR_TRUE but it isn't. In fact mValidateOrigin never gets initialised at all! Potentially, mValidateOrigin should be set in the nsDocShell constuctor by reading the pref "browser.frame.validate_origin" but this pref does not exist so presumably mValidateOrigin contains garbage. So there is a security issue here. What should be done? My guess is that "browser.frame.validate_origin" should exist in all.js and mValidateOrigin should default to PR_TRUE. Also if this code path has not been triggered for a while it should be re-verified to ensure it is working properly.
Patch in bug 126432 sets mValidateOrigin to PR_TRUE during construction
You need to log in
before you can comment on or make changes to this bug.
Description
•