From 35bcf1271237a0467c479115e4b4852e97d5d743 Mon Sep 17 00:00:00 2001
From: Gregor Wagner <anygregor@gmail.com>
Date: Thu, 6 Dec 2012 21:05:53 -0800
Subject: [PATCH] Bug 814156 - Need additional security checks for the
 "permissions" permission. r=sicking

---
 dom/permission/PermissionSettings.jsm | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/dom/permission/PermissionSettings.jsm b/dom/permission/PermissionSettings.jsm
index b47b912c5063..7c2dcdbe17af 100644
--- a/dom/permission/PermissionSettings.jsm
+++ b/dom/permission/PermissionSettings.jsm
@@ -108,6 +108,11 @@ this.PermissionSettingsModule = {
     let result;
     switch (aMessage.name) {
       case "PermissionSettings:AddPermission":
+        if (!aMessage.target.assertPermission("permissions")) {
+          Cu.reportError("PermissionSettings message " + msg.name +
+                         " from a content process with no 'permissions' privileges.");
+          return null;
+        }
         this.addPermission(msg);
         break;
     }