Definitely looks interesting to me. For severity: presumably S2 as this allows at least crashing the browser from JS extension code?
I'm not really familiar with the C++ code at this level, so can't say if the GC could/should avoid dropping the DocumentL10n in this case. Also, this might be a bit naive, but would checking `if (this == NULL) { return; }` after returning to TriggerInitialTranslation work to avoid the crash?
Bug 1751609 Comment 9 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
Definitely looks interesting to me. For severity: presumably S2 as this allows at least crashing the browser from JS extension code?
I'm not really familiar with the C++ code at this level, so can't say if the GC could/should avoid dropping the DocumentL10n in this case. Also, this might be a bit naive, but would checking `if (this == NULL) { return; }` after returning to TriggerInitialTranslation work to avoid the crash?
Edit: Realised that you probably meant a sec-severity rating? For that I'd presume sec-moderate, as this (almost certainly) can't be triggered without at least a compromised extension.