summary refs log tree commit diff
path: root/gnu/packages/patches
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r--gnu/packages/patches/icecat-CVE-2015-4495.patch28
1 files changed, 28 insertions, 0 deletions
diff --git a/gnu/packages/patches/icecat-CVE-2015-4495.patch b/gnu/packages/patches/icecat-CVE-2015-4495.patch
new file mode 100644
index 0000000000..e7514d9a5e
--- /dev/null
+++ b/gnu/packages/patches/icecat-CVE-2015-4495.patch
@@ -0,0 +1,28 @@
+Backported from upstream commits labelled "Bug 1178058" from the esr38 branch
+by Boris Zbarsky <bzbarsky@mit.edu> and Bobby Holley <bobbyholley@gmail.com>.
+
+--- icecat-31.8.0/docshell/base/nsDocShell.cpp
++++ icecat-31.8.0/docshell/base/nsDocShell.cpp
+@@ -1546,12 +1546,21 @@
+ 
+     if (owner && mItemType != typeChrome) {
+         nsCOMPtr<nsIPrincipal> ownerPrincipal = do_QueryInterface(owner);
+-        if (nsContentUtils::IsSystemOrExpandedPrincipal(ownerPrincipal)) {
++        if (nsContentUtils::IsSystemPrincipal(ownerPrincipal)) {
+             if (ownerIsExplicit) {
+                 return NS_ERROR_DOM_SECURITY_ERR;
+             }
+             owner = nullptr;
+             inheritOwner = true;
++        } else if (nsContentUtils::IsExpandedPrincipal(ownerPrincipal)) {
++            if (ownerIsExplicit) {
++                return NS_ERROR_DOM_SECURITY_ERR;
++            }
++            // Don't inherit from the current page.  Just do the safe thing
++            // and pretend that we were loaded by a nullprincipal.
++            owner = do_CreateInstance("@mozilla.org/nullprincipal;1");
++            NS_ENSURE_TRUE(owner, NS_ERROR_FAILURE);
++            inheritOwner = false;
+         }
+     }
+     if (!owner && !inheritOwner && !ownerIsExplicit) {
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-01-13 16:24:00 +0000