Open
Bug 1572568
Opened 5 years ago
Updated 2 years ago
Switch security.allow_eval_with_system_principal to false
Categories
(Thunderbird :: General, task)
Thunderbird
General
Tracking
(Not tracked)
NEW
Thunderbird 70.0
People
(Reporter: jorgk-bmo, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: leave-open)
Attachments
(1 file)
|
(deleted),
patch
|
Details | Diff | Splinter Review |
Currently it's eval is still allowed in
https://searchfox.org/mozilla-central/rev/9775cca0a10a9b5c5f4e15c8f7b3eff5bf91bbd0/modules/libpref/init/StaticPrefList.yaml#5973
We should follow FF and switch it off on Nightly, like here:
https://searchfox.org/mozilla-central/rev/9775cca0a10a9b5c5f4e15c8f7b3eff5bf91bbd0/browser/app/profile/firefox.js#505
|
Reporter | |
Comment 1•5 years ago
|
||
Assignee: nobody → jorgk
Pushed by mozilla@jorgk.com:
https://hg.mozilla.org/comm-central/rev/6dcb86ddf89f
Disallow eval() with system principal in Daily/Nightly build. r=me
|
|
Reporter | |
Comment 3•5 years ago
|
||
Not actively working on this. The patch I landed on TB 70 hasn't caused any complaints so far, going to beta soon.
We'll revisit this bug when there is need for more action.
Assignee: jorgk → nobody
Target Milestone: --- → Thunderbird 70.0
|
||
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•