Bug 814156 - Need additional security checks for the "permissions" permission. r=sicking
authorGregor Wagner <anygregor@gmail.com>
Thu, 06 Dec 2012 21:05:53 -0800
changeset 120851 a54483a8d0c797439c331e540962b1f785dd0d66
parent 120850 c82c7a4a7ca68ee6f7b2a07ecb869a3a47f7f085
child 120852 44dfb958ad81c536374d28aa6f2d3eb211858be6
push idunknown
push userunknown
push dateunknown
reviewerssicking
bugs814156
milestone20.0a1
Bug 814156 - Need additional security checks for the "permissions" permission. r=sicking
dom/permission/PermissionSettings.jsm
--- a/dom/permission/PermissionSettings.jsm
+++ b/dom/permission/PermissionSettings.jsm
@@ -103,15 +103,20 @@ this.PermissionSettingsModule = {
   receiveMessage: function receiveMessage(aMessage) {
     debug("PermissionSettings::receiveMessage " + aMessage.name);
     let mm = aMessage.target;
     let msg = aMessage.data;
 
     let result;
     switch (aMessage.name) {
       case "PermissionSettings:AddPermission":
+        if (!aMessage.target.assertPermission("permissions")) {
+          Cu.reportError("PermissionSettings message " + msg.name +
+                         " from a content process with no 'permissions' privileges.");
+          return null;
+        }
         this.addPermission(msg);
         break;
     }
   }
 }
 
 PermissionSettingsModule.init();