Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(1008)

Issue 202040043: Detects a FF35 bug that allows non-extensible objects to be changed. (Closed)

Can't Edit
Can't Publish+Mail
Start Review
Created:
5 years, 7 months ago by MarkM
Modified:
5 years, 6 months ago
Reviewers:
kpreid2
CC:
caja-discuss-undisclosed_googlegroups.com, felix8a, ihab.awad, Jasvir, metaweta, MikeSamuel, kpreid2, MarkM, bhackett1024
Base URL:
http://google-caja.googlecode.com/svn/trunk/
Visibility:
Public.

Description

Vulnerability reported at https://bugzilla.mozilla.org/show_bug.cgi?id=1125389#c6 which you may not be able to see. See https://code.google.com/p/google-caja/issues/detail?id=1954 This bug is non-disclosed, causes loss of isolation, and has no known workaround. Thus, this CL, once submitted, will prevent Caja and SES from running on FF35, which is the current release. If this bug becomes public or we are aware that it is being exploited, we should release immediately anyway. Otherwise, I suggest we wait until FF36 is released, which is currently expected on 2/23/2015. At that point Google still considers FF35 a supported browser, until FF37 is released. So submitting this CL after the FF36 release will cause Caja and SES not to run on a Google supported browser.

Patch Set 1 #

Patch Set 2 : Detects a FF35 bug that allows non-extensible objects to be changed. #

Patch Set 3 : Detects a FF35 bug that allows non-extensible objects to be changed. #

Total comments: 2

Patch Set 4 : Detects a FF35 bug that allows non-extensible objects to be changed. #

Patch Set 5 : Detects a FF35 bug that allows non-extensible objects to be changed. #

Patch Set 6 : Detects a FF35 bug that allows non-extensible objects to be changed. #

Patch Set 7 : Detects a FF35 bug that allows non-extensible objects to be changed. #

Patch Set 8 : Detects a FF35 bug that allows non-extensible objects to be changed. #

Total comments: 10

Patch Set 9 : Detects a FF35 bug that allows non-extensible objects to be changed. #

Unified diffs Side-by-side diffs Delta from patch set Stats (+188 lines, -12 lines) Patch
M src/com/google/caja/ses/WeakMap.js View 1 2 3 4 5 6 7 8 1 chunk +11 lines, -0 lines 0 comments Download
M src/com/google/caja/ses/repair-framework.js View 1 2 3 4 3 chunks +8 lines, -5 lines 0 comments Download
M src/com/google/caja/ses/repairES5.js View 1 2 3 4 5 6 7 8 3 chunks +161 lines, -0 lines 0 comments Download
M tests/com/google/caja/ses/test-repair-framework.js View 1 2 3 4 5 6 5 chunks +8 lines, -7 lines 0 comments Download

Messages

Total messages: 23
MarkM
5 years, 7 months ago (2015-02-15 17:33:04 UTC) #1
MarkM
Vulnerability reported at https://bugzilla.mozilla.org/show_bug.cgi?id=1125389#c6 which you may not be able to see. See https://code.google.com/p/google-caja/issues/detail?id=1954 This ...
5 years, 7 months ago (2015-02-15 18:07:31 UTC) #2
MarkM
Vulnerability reported at https://bugzilla.mozilla.org/show_bug.cgi?id=1125389#c6 which you may not be able to see. See https://code.google.com/p/google-caja/issues/detail?id=1954 This ...
5 years, 7 months ago (2015-02-15 21:25:05 UTC) #3
kpreid2
https://codereview.appspot.com/202040043/diff/40001/src/com/google/caja/ses/repairES5.js File src/com/google/caja/ses/repairES5.js (right): https://codereview.appspot.com/202040043/diff/40001/src/com/google/caja/ses/repairES5.js#newcode3216 src/com/google/caja/ses/repairES5.js:3216: if (e instanceof ReferenceError && i === 2000) { ...
5 years, 7 months ago (2015-02-15 22:26:23 UTC) #4
MarkM
Vulnerability reported at https://bugzilla.mozilla.org/show_bug.cgi?id=1125389#c6 which you may not be able to see. See https://code.google.com/p/google-caja/issues/detail?id=1954 This ...
5 years, 7 months ago (2015-02-15 23:46:11 UTC) #5
MarkM
https://codereview.appspot.com/202040043/diff/40001/src/com/google/caja/ses/repairES5.js File src/com/google/caja/ses/repairES5.js (right): https://codereview.appspot.com/202040043/diff/40001/src/com/google/caja/ses/repairES5.js#newcode3216 src/com/google/caja/ses/repairES5.js:3216: if (e instanceof ReferenceError && i === 2000) { ...
5 years, 7 months ago (2015-02-15 23:47:27 UTC) #6
kpreid2
LGTM
5 years, 7 months ago (2015-02-16 00:11:29 UTC) #7
kpreid2
On 2015/02/16 00:11:29, kpreid2 wrote: > LGTM P.S. I still think the test case should ...
5 years, 7 months ago (2015-02-16 00:12:32 UTC) #8
MarkM
On 2015/02/16 00:11:29, kpreid2 wrote: > LGTM Now that this is approved but cannot yet ...
5 years, 7 months ago (2015-02-16 00:38:40 UTC) #9
MarkM
Vulnerability reported at https://bugzilla.mozilla.org/show_bug.cgi?id=1125389#c6 which you may not be able to see. See https://code.google.com/p/google-caja/issues/detail?id=1954 This ...
5 years, 7 months ago (2015-02-16 00:42:05 UTC) #10
MarkM
From the latest info from Mozilla, we now think a repair is possible, so this ...
5 years, 7 months ago (2015-02-16 00:55:10 UTC) #11
MarkM
When doing an ant runtests, in addition to the normal coverage gaps we expect here, ...
5 years, 7 months ago (2015-02-16 05:55:33 UTC) #12
kpreid2
On 2015/02/16 05:55:33, MarkM wrote: > When doing an ant runtests, in addition to the ...
5 years, 7 months ago (2015-02-16 15:50:39 UTC) #13
MarkM
Vulnerability reported at https://bugzilla.mozilla.org/show_bug.cgi?id=1125389#c6 which you may not be able to see. See https://code.google.com/p/google-caja/issues/detail?id=1954 This ...
5 years, 7 months ago (2015-02-16 17:08:44 UTC) #14
MarkM
Vulnerability reported at https://bugzilla.mozilla.org/show_bug.cgi?id=1125389#c6 which you may not be able to see. See https://code.google.com/p/google-caja/issues/detail?id=1954 This ...
5 years, 7 months ago (2015-02-16 17:20:03 UTC) #15
MarkM
On 2015/02/16 15:50:39, kpreid2 wrote: > On 2015/02/16 05:55:33, MarkM wrote: > > When doing ...
5 years, 7 months ago (2015-02-16 17:23:48 UTC) #16
MarkM
Vulnerability reported at https://bugzilla.mozilla.org/show_bug.cgi?id=1125389#c6 which you may not be able to see. See https://code.google.com/p/google-caja/issues/detail?id=1954 This ...
5 years, 7 months ago (2015-02-17 02:44:53 UTC) #17
MarkM
On 2015/02/16 00:55:10, MarkM wrote: > From the latest info from Mozilla, we now think ...
5 years, 7 months ago (2015-02-17 02:47:01 UTC) #18
MarkM
On 2015/02/17 02:47:01, MarkM wrote: > On 2015/02/16 00:55:10, MarkM wrote: > > From the ...
5 years, 7 months ago (2015-02-17 02:53:57 UTC) #19
kpreid2
https://codereview.appspot.com/202040043/diff/120001/src/com/google/caja/ses/repairES5.js File src/com/google/caja/ses/repairES5.js (right): https://codereview.appspot.com/202040043/diff/120001/src/com/google/caja/ses/repairES5.js#newcode31 src/com/google/caja/ses/repairES5.js:31: * require its absence, but the linter doesn't know ...
5 years, 7 months ago (2015-02-17 19:23:07 UTC) #20
MarkM
Vulnerability reported at https://bugzilla.mozilla.org/show_bug.cgi?id=1125389#c6 which you may not be able to see. See https://code.google.com/p/google-caja/issues/detail?id=1954 This ...
5 years, 7 months ago (2015-02-17 22:27:14 UTC) #21
MarkM
https://codereview.appspot.com/202040043/diff/120001/src/com/google/caja/ses/repairES5.js File src/com/google/caja/ses/repairES5.js (right): https://codereview.appspot.com/202040043/diff/120001/src/com/google/caja/ses/repairES5.js#newcode31 src/com/google/caja/ses/repairES5.js:31: * require its absence, but the linter doesn't know ...
5 years, 7 months ago (2015-02-17 22:29:15 UTC) #22
kpreid2
5 years, 7 months ago (2015-02-17 23:59:22 UTC) #23
LGTM
Sign in to reply to this message.

Powered by Google App Engine
RSS Feeds Recent Issues | This issue
This is Rietveld f62528b