diff options
| author | Mark H Weaver <mhw@netris.org> | 2024-11-27 06:37:09 -0500 |
|---|---|---|
| committer | Mark H Weaver <mhw@netris.org> | 2024-11-27 06:37:09 -0500 |
| commit | 6bc5983b866d7ca03d3c529e0bb8c17ad47afd4d (patch) | |
| tree | 84080054c3bd4abd0c8702f7b2f7a84f2bf1fd3c | |
| parent | 306c589a92599638c843d32beaa4119961330d6c (diff) | |
Fix CVE-2024-11692.
* data/patches/CVE-2024-11692.patch: New file.
| -rw-r--r-- | data/patches/CVE-2024-11692.patch | 61 |
1 files changed, 61 insertions, 0 deletions
diff --git a/data/patches/CVE-2024-11692.patch b/data/patches/CVE-2024-11692.patch new file mode 100644 index 0000000..393fe5e --- /dev/null +++ b/data/patches/CVE-2024-11692.patch @@ -0,0 +1,61 @@ +Fixes CVE-2024-11692 (Select list elements could be shown over another site) +Based on <https://hg.mozilla.org/releases/mozilla-esr128/rev/a6cf1a7cd289db4f46cb34f4dd16cce133b25e8d> +Adapted to ESR 115 by Mark H Weaver <mhw@netris.org> + +# HG changeset patch +# User Edgar Chen <echen@mozilla.com> +# Date 1730556179 0 +# Node ID a6cf1a7cd289db4f46cb34f4dd16cce133b25e8d +# Parent e983e8a66e515a2e32497cec1b3ccf439396dadc +Bug 1909535 - Don't show select dropdown in background tabs; a=dmeehan + +Original Revision: https://phabricator.services.mozilla.com/D225706 + +Differential Revision: https://phabricator.services.mozilla.com/D227607 + +diff --git a/toolkit/actors/SelectParent.sys.mjs b/toolkit/actors/SelectParent.sys.mjs +--- a/toolkit/actors/SelectParent.sys.mjs ++++ b/toolkit/actors/SelectParent.sys.mjs +@@ -273,16 +273,41 @@ export var SelectParentHelper = { + } + + this._currentZoom = zoom; + this._currentMenulist = menulist; + this.populateChildren(menulist, items, uniqueItemStyles, selectedIndex); + }, + + open(browser, menulist, rect, isOpenedViaTouch, selectParentActor) { ++ const canOpen = (() => { ++ if (!menulist.ownerDocument.hasFocus()) { ++ // Don't open in inactive browser windows. ++ return false; ++ } ++ if (browser) { ++ if (!browser.browsingContext.isActive) { ++ // Don't open in inactive tabs. ++ return false; ++ } ++ let tabbrowser = browser.getTabBrowser(); ++ if (tabbrowser && tabbrowser.selectedBrowser != browser) { ++ // AsyncTabSwitcher might delay activating our browser, check ++ // explicitly for tabbrowser. ++ return false; ++ } ++ } ++ return true; ++ })(); ++ ++ if (!canOpen) { ++ selectParentActor.sendAsyncMessage("Forms:DismissedDropDown", {}); ++ return; ++ } ++ + this._actor = selectParentActor; + menulist.hidden = false; + this._currentBrowser = browser; + this._closedWithEnter = false; + this._selectRect = rect; + this._registerListeners(menulist.menupopup); + + // Set the maximum height to show exactly MAX_ROWS items. + |