Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
loadinfo: security issue. Messages in error console.
11 views
Skip to first unread message
ishikawa
Feb 13, 2015, 12:42:35 AM2/13/15
to
A few months ago we had this issue of loadinfo (for security management)
not properly handled in TB, and broke compilation, triggering assertsions, etc.
We had temporary workaround which got us going forward at least
compilation-wise.
This week I noticed that there are warnings in error console of production
TB usage on an office computer.
TB 31.4.0 (under linux.)
I am quoting the messages below.
Sorry I am using Japanese locale and the warning is in Japanese:
セキュリティエラー: moz-nullprincipal:{879c3a15-8576-4f35-9729-71775bbda840}
のコンテンツが
mailbox:///new-hd1/extra/ishikawa/MAIL-DIR/Mail/xxx.yyy.zzz/Inbox?number=1595711403&header=filter&part=1.2&filename=mail_top.gif
を読み込みまたはリンクすることは禁止されています。
"セキュリティエラー:" is "Security Error:".
It basically says, content associated with
the one-size-fit-all moz-nullprincipal is not good enough to
access a data in the local memory storage (mailbox URL above) : in this
case, mail_top.gif.
xxx.yyy.zzz actually is an ISP name, I changed it for privacy reasons.
Funny, there are many such warnings, but all seem to point to the access of
gif or jpg inline (?) image. Could it be that these are part of HTML
messages I receive?
Oh wait, I saw a series of warnings as follows:
セキュリティエラー: moz-nullprincipal:{cc67a73b-5f62-4064-b3c5-221a9bba6ace}
のコンテンツが about:blank を読み込みまたはリンクすることは禁止されています。
(If I filter the display of error/warning/messages to show only "messages",
similar messages appear in succession at the beginning, but the uuid part
[cc67a73b-5f62-4064-b3c5-221a9bba6ace]
is different slightly. Upon closer inspection,
the similar messages appear with different UUID.
There are two messages with the same UUID, then
three messages with the same UUID of different value,
three more messages with the same UUID of still another value,
and one more message with another different UUID.
The quoted message above is the last one in the series.)
The messaage says something about a content with moz-nullprincipal is
prohimited to read or link to "about:blank" (!?) I think about:blank is
shown at the start up or maybe a newly createad tab or something.
I did not realize that moz-nullprincipal had different UUID value for
different incarnation.
Maybe creating nullprincipal on the fly is not a good idea (maybe we should
create a global nullprinicpal at the beginning and use it universally?).
I have no idea what to make of the messages, but given that the security
mechanism was introduced
to implement stricter checking, we may be in trouble over the long term
(like not being able to
load messages properly.)
TIA
not properly handled in TB, and broke compilation, triggering assertsions, etc.
We had temporary workaround which got us going forward at least
compilation-wise.
This week I noticed that there are warnings in error console of production
TB usage on an office computer.
TB 31.4.0 (under linux.)
I am quoting the messages below.
Sorry I am using Japanese locale and the warning is in Japanese:
セキュリティエラー: moz-nullprincipal:{879c3a15-8576-4f35-9729-71775bbda840}
のコンテンツが
mailbox:///new-hd1/extra/ishikawa/MAIL-DIR/Mail/xxx.yyy.zzz/Inbox?number=1595711403&header=filter&part=1.2&filename=mail_top.gif
を読み込みまたはリンクすることは禁止されています。
"セキュリティエラー:" is "Security Error:".
It basically says, content associated with
the one-size-fit-all moz-nullprincipal is not good enough to
access a data in the local memory storage (mailbox URL above) : in this
case, mail_top.gif.
xxx.yyy.zzz actually is an ISP name, I changed it for privacy reasons.
Funny, there are many such warnings, but all seem to point to the access of
gif or jpg inline (?) image. Could it be that these are part of HTML
messages I receive?
Oh wait, I saw a series of warnings as follows:
セキュリティエラー: moz-nullprincipal:{cc67a73b-5f62-4064-b3c5-221a9bba6ace}
のコンテンツが about:blank を読み込みまたはリンクすることは禁止されています。
(If I filter the display of error/warning/messages to show only "messages",
similar messages appear in succession at the beginning, but the uuid part
[cc67a73b-5f62-4064-b3c5-221a9bba6ace]
is different slightly. Upon closer inspection,
the similar messages appear with different UUID.
There are two messages with the same UUID, then
three messages with the same UUID of different value,
three more messages with the same UUID of still another value,
and one more message with another different UUID.
The quoted message above is the last one in the series.)
The messaage says something about a content with moz-nullprincipal is
prohimited to read or link to "about:blank" (!?) I think about:blank is
shown at the start up or maybe a newly createad tab or something.
I did not realize that moz-nullprincipal had different UUID value for
different incarnation.
Maybe creating nullprincipal on the fly is not a good idea (maybe we should
create a global nullprinicpal at the beginning and use it universally?).
I have no idea what to make of the messages, but given that the security
mechanism was introduced
to implement stricter checking, we may be in trouble over the long term
(like not being able to
load messages properly.)
TIA
0 new messages