Closed Bug 1252206 Opened 8 years ago Closed 8 years ago

Crash with possible use-after-free [@ nsPresContext::MediaFeatureValuesChanged ]

Categories

(Core :: CSS Parsing and Computation, defect)

Product:
Core
Component:
CSS Parsing and Computation
Version:
45 Branch
Platform:
x86
Windows
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: MatsPalmgren_bugz, Unassigned)

References

Details

Crash Data

+++ This bug was initially created as a clone of Bug #1240763 +++

bp-76eef7c5-65f1-4477-8720-1f6282160218 is on 45.0b6 so it has the fix from bug 1233259.  It appears there is another bug causing crashes with this signature.
I'm not really seeing this anymore. 4 crashes in the last 4 weeks with this signature, but not showing a UAF address (near nulls). 

https://crash-stats.mozilla.com/report/list?product=Firefox&range_unit=days&range_value=28&signature=nsPresContext%3A%3AMediaFeatureValuesChanged#tab-reports

If there's a remaining bug here I can't justify a sec-high rating for it based on that.
Keywords: csectype-uaf, sec-high
I'm not seeing this crash on any newer version, I think it's been stomped.
Group: layout-core-security
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.