← Back to branch summary

~ubuntu-branches/ubuntu/feisty/firefox/feisty-security

« back to all changes in this revision

Viewing changes to js/src/xpconnect/src/nsXPConnect.cpp

  • Committer: Bazaar Package Importer
  • Author(s): Alexander Sack
  • Date: 2008-02-04 13:35:29 UTC
  • mfrom: (1.1.21 upstream)
  • Revision ID: james.westby@ubuntu.com-20080204133529-0pyfe6dcs1tlhkhb
Tags: 2.0.0.12+1nobinonly+2-0ubuntu0.7.4
* New stability upstream release (v2.0.0.12)
* New security/stability upstream release (v2.0.0.12) - 1.8.0.14 prepatches
* MFSA 2008-01 aka CVE-2008-0412: Crashes with evidence of memory corruption
  v1.8.1.12 (Browser crashes)
* MFSA 2008-01 aka CVE-2008-0413: Crashes with evidence of memory corruption
  v1.8.1.12 (javascript crashes)
* MFSA 2008-02 aka CVE-2008-0414: Multiple file input focus stealing
  vulnerabilities: 1. Focus shifting bugs and 2. Selective keystroke blocking
  bugs
* MFSA 2008-03 aka CVE-2008-0415: Privilege escalation, XSS, Remote Code
  Execution (JavaScript privilege escalation bugs)
* MFSA 2008-04 aka CVE-2008-0416: Multiple XSS vulnerabilities from
  character encoding
* MFSA 2008-05 aka CVE-2008-0417: Stored password corruption
* MFSA 2008-06 aka CVE-2008-0418: Directory traversal via chrome: URI
* MFSA 2008-07 aka CVE-2008-0419: Web browsing history and forward navigation
  stealing
* MFSA 2008-08 aka CVE-2008-0420: Possible information disclosure in BMP
  decoder
* MFSA 2008-09 aka CVE-2008-0591: File action dialog tampering
* MFSA 2008-10 aka CVE-2008-0592: Mishandling of locally-saved plain text
  files
* MFSA 2008-11 aka CVE-2008-0593: URL token stealing via stylesheet redirect
* MFSA 2008-12 aka CVE-2008-0594: Web forgery overwrite with div overlay

Show diffs side-by-side

added added

removed removed

Lines of Context:
js/src/xpconnect/src/nsXPConnect.cpp
45
45
#include "xpcprivate.h"
46
46
#include "XPCNativeWrapper.h"
47
47
 
48
 
NS_IMPL_THREADSAFE_ISUPPORTS4(nsXPConnect,
 
48
NS_IMPL_THREADSAFE_ISUPPORTS5(nsXPConnect,
49
49
                              nsIXPConnect,
50
50
                              nsIXPConnect_MOZILLA_1_8_BRANCH,
 
51
                              nsIXPConnect_MOZILLA_1_8_BRANCH2,
51
52
                              nsISupportsWeakReference,
52
53
                              nsIEventQueueListener)
53
54
 
1234
1235
#endif /* XPCONNECT_STANDALONE */
1235
1236
}
1236
1237
 
 
1238
// nsIXPConnect_MOZILLA_1_8_BRANCH version.
1237
1239
NS_IMETHODIMP
1238
1240
nsXPConnect::EvalInSandboxObject(const nsAString& source, JSContext *cx,
1239
1241
                                 nsIXPConnectJSObjectHolder *sandbox,
1240
1242
                                 jsval *rval)
1241
1243
{
 
1244
    return EvalInSandboxObject2(source, cx, sandbox, PR_FALSE, rval);
 
1245
}
 
1246
 
 
1247
// nsIXPConnect_MOZILLA_1_8_BRANCH2 version.
 
1248
NS_IMETHODIMP
 
1249
nsXPConnect::EvalInSandboxObject2(const nsAString& source, JSContext *cx,
 
1250
                                  nsIXPConnectJSObjectHolder *sandbox,
 
1251
                                  PRBool returnStringOnly, jsval *rval)
 
1252
{
1242
1253
#ifdef XPCONNECT_STANDALONE
1243
1254
    return NS_ERROR_NOT_AVAILABLE;
1244
1255
#else /* XPCONNECT_STANDALONE */
1250
1261
    NS_ENSURE_SUCCESS(rv, rv);
1251
1262
 
1252
1263
    return xpc_EvalInSandbox(cx, obj, source,
1253
 
                             NS_ConvertUTF16toUTF8(source).get(), 1, rval);
 
1264
                             NS_ConvertUTF16toUTF8(source).get(), 1,
 
1265
                             returnStringOnly, rval);
1254
1266
#endif /* XPCONNECT_STANDALONE */
1255
1267
}
1256
1268