(In reply to Andrew McCreight [:mccr8] from comment #5) > Thanks for the patch, Botond. Do you think a malicious web page might be able to reliably cause this invalidation to happen? A page does have some level of control over how many times this function will recurse (a more deeply nested element that's doing something like a smooth-scroll animation will mean more levels of recursion), and the chances of accessing an invalid iterator increase with more levels. I'm less sure about what a page would have to do to actually exploit the invalidation.
Bug 1660211 Comment 7 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
(In reply to Andrew McCreight [:mccr8] from comment #5) > Thanks for the patch, Botond. Do you think a malicious web page might be able to reliably cause this invalidation to happen? A page does have some level of control over how many times this function will recurse (a more deeply nested scrollable element that's doing something like a smooth-scroll animation will mean more levels of recursion), and the chances of accessing an invalid iterator increase with more levels. I'm less sure about what a page would have to do to actually exploit the invalidation.