[Webkit-unassigned] [Bug 153889] New: CustomGetterSetter accessors should only work on objects from the same global object

Thu Feb 4 13:01:31 PST 2016

https://bugs.webkit.org/show_bug.cgi?id=153889

            Bug ID: 153889
           Summary: CustomGetterSetter accessors should only work on
                    objects from the same global object
    Classification: Unclassified
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: oliver at apple.com
                CC: cdumez at apple.com

In order to be safe from information leakage we should make the CustomGetterSetter functions require that the |this| object and the argument (in the case of setters) be from that same origin as the getter/setter function itself.

This is simply a guaranteed hardening against leakage, and as we haven't historically exposed this kind of information it can't be a regression.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160204/8c645378/attachment-0001.html>