Boris Zbarsky wrote:
> Michael Vincent van Rantwijk, MultiZilla wrote:
>> Right, so the properties that should be checked will still be checked,
>> just to be sure nobody opens a can of worms.
>
> Yeah; the goal is to minimize the number of security checks while still
>
Boris Zbarsky wrote:
> Michael Vincent van Rantwijk, MultiZilla wrote:
>> nsScriptSecurityManager is going to die?
>
> No, security checks on every single DOM property access are going to die.
Right, so the properties that should be checked will still be checked,
just to be sure
Boris Zbarsky wrote:
> [EMAIL PROTECTED] wrote:
>> capabilities.policy..ClassID. source:
>> http://mxr.mozilla.org/firefox2/source/caps/src/nsScriptSecurityManager.cpp#2870
>>
>>
>> (I'm going to guess this can be used to kill things with a GUID-like
>> number (IID? UUID?), most likely XPCOM comp
I think I found a security (related) bug so now what?
Note: POC available.
--
Michael Vincent van Rantwijk
- MultiZilla Project Team Lead
- XUL Boot Camp Staff member (ActiveState Training Partner)
- iPhone Application Developer
___
dev-security
