From 0d51972581ebffc30f75ea2cc65007e2d511aa9c Mon Sep 17 00:00:00 2001
From: Blake Kaplan <mrbkap@gmail.com>
Date: Thu, 14 Oct 2010 16:57:56 -0700
Subject: [PATCH] Bug 604368 - Protect against the this translator returning a
 this object from another domain. r=peterv

--HG--
extra : rebase_source : cf6f17e100d0b2fc1cef483e3480757f636d877a
---
 js/src/xpconnect/src/xpcwrappedjsclass.cpp | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/js/src/xpconnect/src/xpcwrappedjsclass.cpp b/js/src/xpconnect/src/xpcwrappedjsclass.cpp
index ed890a60bb3c..56c8147e71e0 100644
--- a/js/src/xpconnect/src/xpcwrappedjsclass.cpp
+++ b/js/src/xpconnect/src/xpcwrappedjsclass.cpp
@@ -1442,6 +1442,8 @@ nsXPCWrappedJSClass::CallMethod(nsXPCWrappedJS* wrapper, uint16 methodIndex,
                                     goto pre_call_clean_up;
                                 }
                                 thisObj = JSVAL_TO_OBJECT(v);
+                                if(!JS_WrapObject(cx, &thisObj))
+                                    goto pre_call_clean_up;
                             }
                         }
                     }