#21962: Segmentation fault with "high" security when changing in about:addons to "Extensions" or "Appearance" -------------------------------------------------+------------------------- Reporter: viktorj | Owner: | arthuredelstein Type: defect | Status: | accepted Priority: Very High | Milestone: Component: Applications/Tor Browser | Version: Severity: Major | Resolution: Keywords: tbb-crash, tbb-usability, ff52-esr, | Actual Points: tbb-7.0-must-alpha, TorBrowserTeam201704 | Parent ID: | Points: Reviewer: | Sponsor: | Sponsor4 -------------------------------------------------+-------------------------
Comment (by mcs): Kathy and I tracked down the root cause of the crash (which is also causing SVG images to not appear in about:preferences). Apparently, for some subresource documents, SVG elements are created before the document is attached to the parent window. This causes `NS_SVGEnabledForChannel()` to fail to perform its whitelist check for documents such as `toolkit/mozapps/extensions/content/extensions.xml` (because we end up with a NULL `topDocURI`), which in turn causes SVGs to be disabled at first and later allowed (because ultimately the subresource is part of about:addons, which is whitelisted). I am not sure what changed between Firefox 45 and 52 to cause this problem, but adding a check against the system principal in this specific case seems to fix things. It is also worth noting that Mozilla's patch for https://bugzilla.mozilla.org/show_bug.cgi?id=1216893 uses `IsSystemPrincipal()` checks too. We will post a patch soon. -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21962#comment:8> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online _______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs