From 1f739d1ac35229677e2117186d34beb3bbe83b23 Mon Sep 17 00:00:00 2001
From: Tom Ritter <tom@mozilla.com>
Date: Fri, 4 Aug 2023 15:03:46 +0000
Subject: [PATCH] Bug 1845782: Observe important pref changes for JS hack
 detection r=ckerschb

Differential Revision: https://phabricator.services.mozilla.com/D184757
---
 dom/security/nsContentSecurityUtils.cpp | 31 +++++++++++++++++++++++++
 1 file changed, 31 insertions(+)

diff --git a/dom/security/nsContentSecurityUtils.cpp b/dom/security/nsContentSecurityUtils.cpp
index 2c54a7975d41..1e68a6c0ccac 100644
--- a/dom/security/nsContentSecurityUtils.cpp
+++ b/dom/security/nsContentSecurityUtils.cpp
@@ -807,6 +807,27 @@ void nsContentSecurityUtils::NotifyEvalUsage(bool aIsSystemPrincipal,
   console->LogMessage(error);
 }
 
+// If we detect that one of the relevant prefs has been changed, reset
+// sJSHacksChecked to cause us to re-evaluate all the pref values.
+// This will stop us from crashing because a user enabled one of these
+// prefs during a session and then triggered the JavaScript load mitigation
+// (which can cause a crash).
+class JSHackPrefObserver final {
+ public:
+  JSHackPrefObserver() = default;
+  static void PrefChanged(const char* aPref, void* aData);
+
+ protected:
+  ~JSHackPrefObserver() = default;
+};
+
+// static
+void JSHackPrefObserver::PrefChanged(const char* aPref, void* aData) {
+  sJSHacksChecked = false;
+}
+
+static bool sJSHackObserverAdded = false;
+
 /* static */
 void nsContentSecurityUtils::DetectJsHacks() {
   // We can only perform the check of this preference on the Main Thread
@@ -827,6 +848,16 @@ void nsContentSecurityUtils::DetectJsHacks() {
   if (MOZ_LIKELY(sJSHacksChecked || sJSHacksPresent)) {
     return;
   }
+
+  static const char* kObservedPrefs[] = {
+      "xpinstall.signatures.required", "general.config.filename",
+      "autoadmin.global_config_url", "autoadmin.failover_to_cached", nullptr};
+  if (MOZ_UNLIKELY(!sJSHackObserverAdded)) {
+    Preferences::RegisterCallbacks(JSHackPrefObserver::PrefChanged,
+                                   kObservedPrefs);
+    sJSHackObserverAdded = true;
+  }
+
   nsresult rv;
   sJSHacksChecked = true;