Closed
Bug 814153
Opened 12 years ago
Closed 12 years ago
Need additional security checks for the "settings" permission
Categories
(Core :: DOM: Core & HTML, defect)
Core
DOM: Core & HTML
Tracking
()
People
(Reporter: bent.mozilla, Assigned: gwagner)
References
Details
Attachments
(1 file)
(deleted),
patch
|
bent.mozilla
:
review+
|
Details | Diff | Splinter Review |
Notes from conversation with gregor: settings: settings-read and settings-write both checked in child for dom access, but returns non-null if access not granted (logs error to console only) doesn't assert permission before adding listeners ("Settings:RegisterForMessages") We should tighten this up a little.
Updated•12 years ago
|
blocking-basecamp: ? → +
Comment 1•12 years ago
|
||
Gregor, Doug said you should be the lucky owner of this bug. Congrats! :)
Assignee: nobody → anygregor
Assignee | ||
Comment 2•12 years ago
|
||
Assignee | ||
Comment 3•12 years ago
|
||
(In reply to ben turner [:bent] from comment #0) > Notes from conversation with gregor: > > settings: > settings-read and settings-write both checked in child for dom access, but > returns non-null if access not granted (logs error to console only) fixed by 815398 > doesn't assert permission before adding listeners > ("Settings:RegisterForMessages") This patch
Assignee | ||
Updated•12 years ago
|
Attachment #686625 -
Flags: review?(bent.mozilla)
Reporter | ||
Updated•12 years ago
|
Attachment #686625 -
Flags: review?(bent.mozilla) → review+
Assignee | ||
Comment 4•12 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/a242c45cc80b
Comment 5•12 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/a242c45cc80b
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla20
Comment 6•12 years ago
|
||
https://hg.mozilla.org/releases/mozilla-aurora/rev/5796235869f1 https://hg.mozilla.org/releases/mozilla-beta/rev/b1958d544900
Updated•6 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•