Submitted By:            Douglas R. Reno <renodr at linuxfromscratch dot org>
Date:                    2022-05-26
Initial Package Version: 2.53.12
Origin:                  Self
Upstream Status:         Not Applied, but backport submitted
Description:             Fixes CVE-2022-1802 in Seamonkey, which is an actively
                         exploited remote code execution vulnerability in the
                         JavaScript subsystem. This has been rated by Critical as
                         upstream, and backports the fix for this bug in Firefox.
                         This has been submitted to upstream as TESTED.


diff -Naurp seamonkey-2.53.12.orig/dom/notification/NotificationDB.jsm seamonkey-2.53.12/dom/notification/NotificationDB.jsm
--- seamonkey-2.53.12.orig/dom/notification/NotificationDB.jsm	2020-02-17 17:37:49.000000000 -0600
+++ seamonkey-2.53.12/dom/notification/NotificationDB.jsm	2022-05-25 23:30:32.958137137 -0500
@@ -43,8 +43,8 @@ var NotificationDB = {
       return;
     }
 
-    this.notifications = {};
-    this.byTag = {};
+    this.notifications = Object.create(null);
+    this.byTag = Object.create(null);
     this.loaded = false;
 
     this.tasks = []; // read/write operation queue
@@ -76,22 +76,23 @@ var NotificationDB = {
   },
 
   filterNonAppNotifications: function(notifications) {
+    let result = Object.create(null);
     for (let origin in notifications) {
+      result[origin] = Object.create(null);
       let persistentNotificationCount = 0;
       for (let id in notifications[origin]) {
         if (notifications[origin][id].serviceWorkerRegistrationScope) {
           persistentNotificationCount++;
-        } else {
-          delete notifications[origin][id];
+          result[origin][id] = notifications[origin][id];
         }
       }
       if (persistentNotificationCount == 0) {
         if (DEBUG) debug("Origin " + origin + " is not linked to an app manifest, deleting.");
-        delete notifications[origin];
+        delete result[origin];
       }
     }
 
-    return notifications;
+    return result;
   },
 
   // Attempt to read notification file, if it's not there we will create it.
@@ -108,7 +109,7 @@ var NotificationDB = {
         // populate the list of notifications by tag
         if (this.notifications) {
           for (var origin in this.notifications) {
-            this.byTag[origin] = {};
+            this.byTag[origin] = Object.create(null);
             for (var id in this.notifications[origin]) {
               var curNotification = this.notifications[origin][id];
               if (curNotification.tag) {
@@ -310,8 +311,8 @@ var NotificationDB = {
     var origin = data.origin;
     var notification = data.notification;
     if (!this.notifications[origin]) {
-      this.notifications[origin] = {};
-      this.byTag[origin] = {};
+      this.notifications[origin] = Object.create(null);
+      this.byTag[origin] = Object.create(null);
     }
 
     // We might have existing notification with this tag,