漏洞ID: Bug 754044 (CVE-2012-1959) 漏洞标题: Same-compartment security wrappers can be trivially bypassed by passing them to another compartment 漏洞状态: Closed 漏洞类型: defect 产品/组件: XPConnect 优先级: Not set 严重性: normal 关键信息: - 漏洞描述: 同隔间安全包装可以通过传递给另一个隔间轻松绕过, 导致安全风险。 - 影响版本: Firefox 3+, Firefox 15+, Firefox 16 - 修复版本: Firefox 14+ - 相关补丁: - Part 1 - Pass stopAtOuter=false in GetWrappedNativeOfJSObject, because that's what we mean. v1 - Part 2 - Alter the semantics of UnwrapObject{,Checked} to check for outer windows on the initial wrapper passed. v1 - Part 3 - Simplify the logic surrounding the prewrap callback in jscompartment.cpp. v1 - Part 4 - Introduce sameCompartmentWrapObjectCallback. v1 - Part 5 - Apply same-compartment security wrappers in same-compartment wrapping callback. v1 - Part 6 - Remove manual injection of same-compartment security wrappers, and make sure to call JS_Wrap instead. v1 - 修复者: Bobby Holley (:bholley) - 发现者: Bobby Holley (:bholley) 讨论及修复过程**: 多名开发者对漏洞进行了分析和讨论, 并通过多个补丁逐步修复了漏洞。在修复过程中考虑了不同版本的兼容性和安全性, 最终在 Firefox 14 及其后续版本中成功解决了该问题。