Security/Sandbox/2016-02-04
From MozillaWiki
« previous week | index | next week »
Windows
- Content Sandboxing
- bug 1193861 - We don't get content processes logged on windows - up for review.
- bug 1219369 - Leak checking does not work in Windows content processes due to being unable to create the bloat log - reviewed, waiting for bug 1193861.
- bug 1173371 - [e10s] Web page is not shown when launch Firefox from network drive on Windows - landed.
- bug 1245309 - D3D11CreateDevice fails with E_FAIL in sandbox - dvander has this on one of his Win10 machines, but he and I can't reproduce anywhere else. He's going to add telemetry to see if the problem is more widespread.
- bug 1236015 - File menu>Print>Microsoft Print to PDF always results in ERROR - this only seems to happen on Win10 (although I need to check Win8). On Win10 (with 32-bit Firefox) instead of creating a low integrity 64-bit spool helper process the Printer Spooler service creates a medium integrity one, but it still picks up the access token settings from the sandboxed job. This helper then gets used by the main process (and other apps as well) and fails because of the USER_INTERACTIVE settings. I think I just need to get rid of print device access from the content process. Fortunately this doesn't block getting low integrity to Aurora, which I thought it was going to.
- bug 1245246 - crash in nsPrintEngine::FirePrintingErrorEvent - user had this while testing bug 1236015 for me. Simple null deref - patch landed, will ask for uplift.
- GMP Sandboxing
- bug 1236680 - Result "not reached" crash in mozilla::gmp::GMPChild::ProcessingError() - I have some working patches, but realised that they won't work in all cases, so they need a bit of re-work.
- NPAPI Sandboxing
- bug 1241250 - Prezi frozen at loading on fresh profile with latest Nightly 64 bits - found debugger version of Flash and posted the error it reports on the bug.
Cross Platform
- WebRTC/OpenH264 Sandboxing
- r+ on Camera permissions verification. Fails tests due to UI behavior change, trying workaround.