a5e55dfbb7
* gnu/packages/patches/icecat-CVE-2015-4495.patch: New file. * gnu-system.am (dist_patch_DATA): Add it. * gnu/packages/gnuzilla.scm (icecat)[source]: Add patch. Move the 'patches' field above the snippet.
29 lines
1.2 KiB
Diff
29 lines
1.2 KiB
Diff
Backported from upstream commits labelled "Bug 1178058" from the esr38 branch
|
|
by Boris Zbarsky <bzbarsky@mit.edu> and Bobby Holley <bobbyholley@gmail.com>.
|
|
|
|
--- icecat-31.8.0/docshell/base/nsDocShell.cpp
|
|
+++ icecat-31.8.0/docshell/base/nsDocShell.cpp
|
|
@@ -1546,12 +1546,21 @@
|
|
|
|
if (owner && mItemType != typeChrome) {
|
|
nsCOMPtr<nsIPrincipal> ownerPrincipal = do_QueryInterface(owner);
|
|
- if (nsContentUtils::IsSystemOrExpandedPrincipal(ownerPrincipal)) {
|
|
+ if (nsContentUtils::IsSystemPrincipal(ownerPrincipal)) {
|
|
if (ownerIsExplicit) {
|
|
return NS_ERROR_DOM_SECURITY_ERR;
|
|
}
|
|
owner = nullptr;
|
|
inheritOwner = true;
|
|
+ } else if (nsContentUtils::IsExpandedPrincipal(ownerPrincipal)) {
|
|
+ if (ownerIsExplicit) {
|
|
+ return NS_ERROR_DOM_SECURITY_ERR;
|
|
+ }
|
|
+ // Don't inherit from the current page. Just do the safe thing
|
|
+ // and pretend that we were loaded by a nullprincipal.
|
|
+ owner = do_CreateInstance("@mozilla.org/nullprincipal;1");
|
|
+ NS_ENSURE_TRUE(owner, NS_ERROR_FAILURE);
|
|
+ inheritOwner = false;
|
|
}
|
|
}
|
|
if (!owner && !inheritOwner && !ownerIsExplicit) {
|