Closed
Bug 785710
Opened 12 years ago
Closed 12 years ago
rendering SVG cause EXCEPTION_ACCESS_VIOLATION_READ with addon NoScript
Categories
(Core :: SVG, defect)
Tracking
()
RESOLVED
FIXED
mozilla19
Tracking | Status | |
---|---|---|
firefox17 | --- | fixed |
firefox18 | --- | fixed |
firefox-esr10 | --- | unaffected |
firefox-esr17 | --- | fixed |
People
(Reporter: julien.decharne, Unassigned)
References
()
Details
(Keywords: crash, csectype-framepoisoning, Whiteboard: [adv-main17-][adv-esr17-])
Crash Data
STEP TO REPRODUCE : Disable / Uninstall NoScript or start with fresh profile load http://www.w3c.org/Graphics/SVG/ Enable or Install NoScript Restart for completing installation load http://www.w3c.org/Graphics/SVG/ (no segfault : page load from cache) Clean FF cache Restart load http://www.w3c.org/Graphics/SVG/ (FF will segfault) other URLs that do trigger bug : none for the moment URLs that don't trigger bug : http://www.w3c.org/ http://www.w3c.org/Graphics/ http://www.w3c.org/Graphics/WebCGM http://www.w3c.org/Graphics/PNG/ (many others, of course) Confirmed on Windows Seven, see crash report : https://crash-stats.mozilla.com/report/index/bp-ec363a2e-b834-4b85-bbc3-fd0452120826
Comment 1•12 years ago
|
||
It might be a dupe of bug 762494.
Severity: normal → critical
Status: UNCONFIRMED → NEW
Crash Signature: [@ nsLineBox::IndexOf(nsIFrame*)]
Ever confirmed: true
Keywords: crash
OS: Linux → Windows 7
Hardware: x86_64 → x86
Target Milestone: mozilla14 → ---
Version: 14 Branch → 16 Branch
Hiding because bug 762494 and bug 789719 are core-security.
Group: core-security
Depends on: 789719
Comment 3•12 years ago
|
||
Can someone retest this please? The fix in bug 807213 has now landed for 19, 18 and 17 and may well have fixed this.
Updated•12 years ago
|
Keywords: csec-framepoisoning
Comment 4•12 years ago
|
||
Based on the stack trace in the crash report in comment 0 bug 786740 will have fixed this. This is basically a duplicate of bug 792857.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Updated•12 years ago
|
Updated•12 years ago
|
status-firefox-esr10:
--- → unaffected
status-firefox-esr17:
--- → fixed
Updated•11 years ago
|
Whiteboard: [adv-main17-][adv-esr17-]
Updated•11 years ago
|
Group: core-security
Flags: sec-bounty-
You need to log in
before you can comment on or make changes to this bug.
Description
•