1 files changed, 47 insertions, 0 deletions

diff --git a/gnu/packages/patches/icecat-CVE-2015-7214.patch b/gnu/packages/patches/icecat-CVE-2015-7214.patch
new file mode 100644
index 0000000000..3a56d3d2cd
--- /dev/null
+++ b/gnu/packages/patches/icecat-CVE-2015-7214.patch
@@ -0,0 +1,47 @@
+From 487799700b0b676c2c6b95ad33c8afb8dbd329d8 Mon Sep 17 00:00:00 2001
+From: Bobby Holley <bobbyholley@gmail.com>
+Date: Mon, 14 Dec 2015 15:36:20 -0500
+Subject: [PATCH] Bug 1228950 - Disallow scheme sets on nsHostObjectURI. r=bz,
+ a=lizzard
+
+---
+ dom/base/nsHostObjectURI.cpp | 9 +++++++++
+ dom/base/nsHostObjectURI.h   | 2 ++
+ 2 files changed, 11 insertions(+)
+
+diff --git a/dom/base/nsHostObjectURI.cpp b/dom/base/nsHostObjectURI.cpp
+index 94b02ff..57b0209 100644
+--- a/dom/base/nsHostObjectURI.cpp
++++ b/dom/base/nsHostObjectURI.cpp
+@@ -81,6 +81,15 @@ nsHostObjectURI::Write(nsIObjectOutputStream* aStream)
+                                         true);
+ }
+ 
++NS_IMETHODIMP
++nsHostObjectURI::SetScheme(const nsACString& aScheme)
++{
++  // Disallow setting the scheme, since that could cause us to be associated
++  // with a different protocol handler that doesn't expect us to be carrying
++  // around a principal with nsIURIWithPrincipal.
++  return NS_ERROR_FAILURE;
++}
++
+ // nsIURI methods:
+ nsresult
+ nsHostObjectURI::CloneInternal(nsSimpleURI::RefHandlingEnum aRefHandlingMode,
+diff --git a/dom/base/nsHostObjectURI.h b/dom/base/nsHostObjectURI.h
+index b468d5d..23ff7ab 100644
+--- a/dom/base/nsHostObjectURI.h
++++ b/dom/base/nsHostObjectURI.h
+@@ -34,6 +34,8 @@ public:
+   NS_DECL_NSISERIALIZABLE
+   NS_DECL_NSICLASSINFO
+ 
++  NS_IMETHOD SetScheme(const nsACString &aProtocol) override;
++
+   // Override CloneInternal() and EqualsInternal()
+   virtual nsresult CloneInternal(RefHandlingEnum aRefHandlingMode,
+                                  nsIURI** aClone) override;
+-- 
+2.6.3
+