NoMoXSS - No More XSS attacks
Build Documentation
To build the Mozilla Firefox with the XSS prevention modification you need:
I sucessfully built the system on the following systems:
- Windows: Windows XP Professional Service Pack 2, Visual Studio 2003 (later Visual Studio 2005 Express), and Cygwin
- Linux:
- Debian Sarge
- Mandriva Linux 10.2 (Limited Edition 2005)
If there is a problem building the modified Mozilla Firefox web browser or you have suggestions to improve the build instructions, send me an email: pvogt@seclab.tuwien.ac.at
Windows Build
Read the mozilla.org instructions first: Windows Build Prerequisites on the 1.7 and 1.8 Branches - MDC
I used a directory structure like:
- d:\mozilla-src is the main directory
- d:\mozilla-src\mozilla contains the sources
- d:\mozilla-src\moztools contains the moztools package
- d:\mozilla-src\vc71 contains glib/libIDL for MSVC7/7.1
- "D:\Microsoft Visual Studio .NET 2003" contains the installed version of Visual Studio 2003
- d:\cygwin contains the installation of Cygwin
Use the following cygwin packages (I had problems with newer packages):
To build the web browser use the following steps:
- Extract the Firefox source to d:\mozilla-src\mozilla
- Copy the patch file to d:\mozilla-src
- Start a cygwin shell, change to d:\mozilla-src\mozilla directory
- Test the patch:
/usr/bin/patch.exe -p1 -u --dry-run < xss.patch
If everything looks good, apply the patch.
/usr/bin/patch.exe -p1 -u < xss.patch
- Create d:\mozilla-src\.mozconfig (use cygwin to create a file starting with a dot!)
- Exit the cygwin shell and start a windows command shell (cmd.exe)
- Copy mozset.bat to d:\mozilla-src\ (adapt it if necessary) and call it to set the environment variables
- Create d:\mozilla-src\mozilla\browser\config\mozconfig file.
- Remove or adapt the line
MOZ_OBJDIR = d:/mozilla-src/mozilla/firefox_obj_dir in d:\mozilla-src\mozilla\client.mk
- Start the build process in a Windows command window with:
make -f client.mk build
To clean use: make -f client.mk distclean
If you do not want a debug-build remove the line:
set MOZ_DEBUG=1
from the mozset.bat and remove the line
ac_add_options --enable-debug from d:\mozilla-src\.mozconfig
Linux Build
Read the mozilla.org instructions first: Build and Install - MDC
For a Linux build use GTK2 and XFT in the mozconfig, because GTK was very unstable in my tests.
and do the following steps:
- Set the environment variable for mozconfig (e.g., MOZCONFIG=~/build/mozilla-src/mozilla/mozconfig)
- Remove or adapt the line
MOZ_OBJDIR = d:/mozilla-src/mozilla/firefox_obj_dir in client.mk
- Start the build with
make -f client.mk build
Compile errors
If the following error occurs, make sure that you have set the MOZ_OBJDIR in client.mk or remove the line!
> make -f client.mk build
client.mk:760: *** multiple target patterns. Stop.
When building the web browser, the following error may stop the build process if an object directory with MOZ_OBJDIR is set:
In file included from ../../../../js/src/xsstaint.h:4,
from ../../../dist/include/string/nsTAString.h:41,
from ../../../dist/include/string/nsAString.h:57,
from /home/mozilla-src/mozilla/xpcom/string/src/nsAString.cpp:39:
../../../../js/src/jstypes.h:221:71: jsautocfg.h: No such file or directory
the jsautocfg.h file needs to be copied from the MOZ_OBJDIR/js/src directory to the $topsrcdir/js/src directory ($topsrcdir refers to the directory where the Mozilla Firefox source can be found).
Last Modified: Wed Mar 29 11:41:02 CEST 2006
|