summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeLines
* Merge pull request #791 from g4jc/session_supercookieMoonchild2018-09-27-101/+238
|\ | | | | Issue #792 - backport mozbug 1334776 - CVE-2017-7797 Header name interning leaks across origins
| * backport mozbug 1334776 - CVE-2017-7797 Header name interning leaks across ↵Gaming4JC2018-09-25-101/+238
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | origins Potential attack: session supercookie. [Moz Notes](https://bugzilla.mozilla.org/show_bug.cgi?id=1334776#c5): "The problem is that for unknown header names we store the first one we see and then later we case-insensitively match against that name *globally*. That means you can track if a user agent has already seen a certain header name used (by using a different casing and observing whether it gets normalized). This would allow you to see if a user has used a sensitive service that uses custom header names, or allows you to track a user across sites, by teaching the browser about a certain header case once and then observing if different casings get normalized to that. What we should do instead is only store the casing for a header name for each header list and not globally. That way it only leaks where it's expected (and necessary) to leak." [Moz fix note](https://bugzilla.mozilla.org/show_bug.cgi?id=1334776#c8): "nsHttpAtom now holds the old nsHttpAtom and a string that is case sensitive (only for not standard headers). So nsHttpAtom holds a pointer to a header name. (header names are store on a static structure). This is how it used to be. I left that part the same but added a nsCString which holds a string that was used to resoled the header name. So when we parse headers we call ResolveHeader with a char*. If it is a new header name the char* will be stored in a HttpHeapAtom, nsHttpAtom::_val will point to HttpHeapAtom::value and the same strings will be stored in mLocalCaseSensitiveHeader. For the first resolve request they will be the same but for the following maybe not. At the end this nsHttpAtom will be stored in nsHttpHeaderArray. For all operation we will used the old char* except when we are returning it to a script using VisitHeaders."
* | Merge pull request #789 from g4jc/sha256_leakfixMoonchild2018-09-27-14/+8
|\ \ | | | | | | backport mozbug 1444532 - fix a leak in SHA256 in nsHttpConnectionInfo.cpp r=mayhemer
| * | backport mozbug 1444532 - fix a leak in SHA256 in nsHttpConnectionInfo.cpp ↵Gaming4JC2018-09-26-14/+8
| |/ | | | | | | | | | | | | | | r=mayhemer The original code (from bug 1200802) declared an XPCOM object as a static bare pointer, which for future reference is probably never the right thing to do. It might have worked if it was cleared before shutdown but it never was.
* | Build nsJSInspector regardless of devtoolsMatt A. Tobin2018-09-26-14/+23
| |
* | Merge pull request #790 from g4jc/nsSOCKSIOLayer_nullptrMoonchild2018-09-26-0/+1
|\ \ | | | | | | backport mozbug 1344613 - Avoid possibility of null pointer crash in nsSOCKSIOLayer.cpp r=mayhemer
| * | backport mozbug 1344613 - Avoid possibility of null pointer crash in ↵Gaming4JC2018-09-25-0/+1
| |/ | | | | | | nsSOCKSIOLayer.cpp r=mayhemer
* | Merge pull request #788 from alaviss/apz-experimentalMoonchild2018-09-26-5/+10
|\ \ | |/ |/| gfx: add pref for enabling APZ without e10s
| * gfx: add pref for enabling APZ without e10sLeorize2018-09-25-5/+10
| |
* | Merge branch 'master' of https://github.com/MoonchildProductions/UXPwolfbeast2018-09-25-2/+0
|\|
| * Merge pull request #786 from JustOff/PR_auth_dialog_overflowMoonchild2018-09-24-2/+0
| |\ | | | | | | Remove window.sizeToContent() from commonDialog.js, as it's useless and leads to overflow in the basic auth dialog
| | * Remove window.sizeToContent() from commonDialog.js, as it's useless and ↵JustOff2018-09-23-2/+0
| |/ | | | | | | leads to overflow in the basic auth dialog
* / Regression fix: enable ICC v4 profiles by default.wolfbeast2018-09-25-1/+1
|/
* Remove code that prevents binary extensionsMatt A. Tobin2018-09-23-13/+0
|
* Update list of IDs to never send to AUS in AddonUpdateChecker.jsmMatt A. Tobin2018-09-23-5/+6
|
* Use SSM's createCodebasePrincipalFromOrigin() instead of the nonexistent ↵wolfbeast2018-09-22-2/+2
| | | | | | BrowserUtils.principalFromOrigin() This resolves #734.
* Merge pull request #782 from trav90/class-memaccess-errorsMoonchild2018-09-21-19/+31
|\ | | | | Fix more -Wclass-memaccess warnings (part 3)
| * Rename TypeSet::clone to TypeSet::cloneIntoUninitialized to indicate that it ↵trav902018-09-19-9/+11
| | | | | | | | | | | | freshly initializes the TemporaryTypeSet* provided to it. Also removes existing code that, quite unnecessarily, partly initialized that argument.
| * Don't use PodCopy/PodMove to implement typed-array element-to-element copyingtrav902018-09-19-4/+17
| | | | | | | | Standard std::copy and std::copy_n are readily optimized to the same thing, and they don't have a non-obvious requirement that the type being copied be trivial.
| * Give uint8_clamped a defaulted (and also trivial) default constructor, copy ↵trav902018-09-19-6/+3
| | | | | | | | | | | | constructor, and copy-assignment operator. This also allows uint8_clamped to be permissibly memmove'd and memcpy'd.
* | Merge pull request #781 from JustOff/PR_fileExecutableSecurityWarningMoonchild2018-09-20-0/+3
|\ \ | |/ |/| [PALEMOON] Restore strings mistakenly removed from downloads.properties
| * [PALEMOON] Restore strings mistakenly removed by ↵JustOff2018-09-20-0/+3
|/ | | | [8be0c16be614d54183ee3d4877e2243cb9e468c8]
* Merge pull request #778 from MihailZenkov/masterMoonchild2018-09-20-4/+8
|\ | | | | Fix timer overflow on converting from sec to msec in idleService
| * Fix timer overflow on converting from sec to msec in idleServiceMihail Zenkov2018-09-20-4/+8
|/
* Add a null check in nsHttpTransaction::Close.wolfbeast2018-09-19-1/+3
| | | | This resolves #776.
* Merge branch 'worker-fix'wolfbeast2018-09-18-54/+44
|\
| * Send worker-runnables destined for the main thread actually to the main thread.wolfbeast2018-09-16-9/+18
| | | | | | | | | | | | A case of "one queue too many" here. Instead of worker runnables being sent to the main thread where they are supposed to run, they are put in a task queue per-worker. This is devastating for performance if many workers are running.
| * Stop using the worker MainThreadTaskQueue from dom/fetch.wolfbeast2018-09-16-9/+3
| |
| * Stop using the MainThreadTaskQueue from service workers.wolfbeast2018-09-16-36/+23
| |
* | Rewrite the Code of Conduct document.wolfbeast2018-09-18-28/+33
| | | | | | | | This is a rewrite of the document by Moonchild. Although the rough layout of the previous document is maintained, it is a significantly expanded and rewritten version no longer related to the contributor-covenant version that was initially used.
* | Use SessionStore.promiseInitialized() to avoid race condition in ↵JustOff2018-09-17-5/+12
| | | | | | | | | | | | | | | | "about:home" (#774) * Use SessionStore.promiseInitialized() to avoid race condition in "about:home" * Improve code style of [d6c3adb91c9f29786f8ed8d93baa14c076494017]
* | New cycle version bump.wolfbeast2018-09-17-1/+1
| |
* | Merge pull request #770 from JustOff/PR_bgtab_notifyMoonchild2018-09-17-6/+35
|\ \ | | | | | | Skip notifications for background tabs when restoring a session in Pale Moon and Basilisk
| * | [BASILISK] Skip notifications for background tabs when restoring a sessionJustOff2018-09-16-3/+18
| | |
| * | [PALEMOON] Skip notifications for background tabs when restoring a sessionJustOff2018-09-16-3/+17
|/ /
* | Merge pull request #767 from trav90/class-memaccess-errorsMoonchild2018-09-16-98/+77
|\ \ | |/ |/| Fix more -Wclass-memaccess warnings (part 2)
| * Don't memset-zero the BacktrackingAllocator::vregs array of non-trivial ↵trav902018-09-12-15/+11
| | | | | | | | VirtualRegister instances
| * Call memset on a void*, not a T*, in js_delete_poison to avoid ↵trav902018-09-12-1/+1
| | | | | | | | memset-on-nontrivial warnings with gcc that don't matter for an object whose lifetime is about to end
| * Initialize some asm.js structures using in-class initializers instead of PodZerotrav902018-09-12-9/+9
| |
| * Stop using PodZero in several places to initialize values of non-trivial typetrav902018-09-12-73/+56
| |
* | Fix wrong SVG sizes with non-integer values for viewBox width/height.wolfbeast2018-09-14-4/+180
| | | | | | | | Includes a standalone reftest.
* | Merge branch 'master' of https://github.com/MoonchildProductions/UXPwolfbeast2018-09-12-1799/+3198
|\|
| * Update HSTS preload listtrav902018-09-11-1799/+3198
| | | | | | | | Tag #447
* | Fix clang build bustage.wolfbeast2018-09-12-1/+1
| | | | | | | | Follow-up to 9830cd079d8306abc223461190553af64b6fd0ca
* | Flush some more buildlog output to screen when prudent.wolfbeast2018-09-12-0/+2
|/
* Merge branch 'fbgw'wolfbeast2018-09-11-126/+77
|\
| * Add findbar.termPerTabwolfbeast2018-09-09-1/+5
| | | | | | | | Allow the pref to switch between global search term and per-tab search term
| * Ensure the findbar target content browser follows the active tab.wolfbeast2018-09-09-0/+5
| |
| * Revert "Minimal easy fix -- move findbar getters to tabbrowser."wolfbeast2018-09-09-48/+14
| | | | | | | | This reverts commit fb291846a59f9b8eaf8bba29e0d9794893e895bf.
| * Revert "Transfer findbar data to torn-off tabs."wolfbeast2018-09-09-11/+0
| | | | | | | | This reverts commit 333142b5af61c3fd67ad4e79467c03efb3641b20.