Closed
Bug 1252206
Opened 8 years ago
Closed 8 years ago
Crash with possible use-after-free [@ nsPresContext::MediaFeatureValuesChanged ]
Categories
(Core :: CSS Parsing and Computation, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: MatsPalmgren_bugz, Unassigned)
References
Details
Crash Data
+++ This bug was initially created as a clone of Bug #1240763 +++ bp-76eef7c5-65f1-4477-8720-1f6282160218 is on 45.0b6 so it has the fix from bug 1233259. It appears there is another bug causing crashes with this signature.
Comment 1•8 years ago
|
||
I'm not really seeing this anymore. 4 crashes in the last 4 weeks with this signature, but not showing a UAF address (near nulls). https://crash-stats.mozilla.com/report/list?product=Firefox&range_unit=days&range_value=28&signature=nsPresContext%3A%3AMediaFeatureValuesChanged#tab-reports If there's a remaining bug here I can't justify a sec-high rating for it based on that.
Keywords: csectype-uaf,
sec-high
Comment 2•8 years ago
|
||
I'm not seeing this crash on any newer version, I think it's been stomped.
Group: layout-core-security
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•