Closed Bug 1197803 Opened 7 years ago Closed 6 years ago

Firefox 40.0.2 - Flash from contexmenu crash the browser


(Core :: Plug-ins, defect)

40 Branch
Not set





(Reporter: j.devos, Unassigned)




(2 files)

User Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729)

Steps to reproduce:

I have flash(flex) application compiled with sdk 3.6a.
Since Firefox 40, the browser crash when I call JS function from context menu.
The JS function is never called, I use to call the JS function.

Actual results:

The Browser freeze and not responding.

Expected results:

With previous version of Firefox, my application work properly and JS functions was properly called.
Severity: normal → blocker
Is it possible to provide a testcase (public URL to the Flash app)? It'll help to test and debug.

If not, could you on your side:
1) type about:crashes in the location bar and copy some crash IDs (bp-...).
2) set about:config > dom.ipc.plugins.asyncInit =false (restart FF to apply) and test your Flash app.
Severity: blocker → normal
Component: Untriaged → Plug-ins
Flags: needinfo?(j.devos)
Product: Firefox → Core
It's not possible because the application data is confidential.

Since the update to Firefox 40, I had 2 problems with my flash application :

1) When I loaded my data from xml, the flash player crashed, I solved this solution by setting the value to false for the parameter dom.ipc.plugins.asyncInit

2) The second problem is calling a js function from the context menu of my flash app => Firefox not responding and I must kill the process.

Here a crash report :
Flags: needinfo?(j.devos)
The 1st issue (about loading the Flash app) is known, it's 1196000.

About the 2nd issue, it would be nice to have a minimal testcase to debug. Do you have a testing server to host a small testcase (like displaying an image with your js function embedded)?
Jerry, I tried the following code and it worked fine. Can you provide code similar to this that reproduces the issue?

var cm:ContextMenu = new ContextMenu();
var cmi:ContextMenuItem = new ContextMenuItem('ExternalInterface test');
cmi.addEventListener(ContextMenuEvent.MENU_ITEM_SELECT, function(event:Event):void {
    trace('2+2 =',"function(){ return 2+2; }"));
cm.customItems = [cmi];
this.contextMenu = cm;
Thank you, tomorrow I'll try to make you a small application to reproduce the problem and give you the URL to test
Keywords: testcase-wanted
Summary: Firefox 40 - Flash from contexmenu crash the browser → Firefox 40.0.2 - Flash from contexmenu crash the browser
I found the solution, the problem occurs with the 40.0.2 release and not the 40.
When I call in my html page my flash application with the tag <object, Firefox crashes.
If I call my flash application in javascript with AC_FL_RunContent (AC_OETags.js), Firefox responding successfully.

In attachment you will find a small application to reproduce the problem.
I used the sample code of Andy except I call a js function in my page: ("testCallJs");

In bin-debug directory, you have 2 pages: test_crashed.html and test_success.html

Thanks for your help.
Attached file
When I run your sample code with the Flash debug player I see this:

SecurityError: Error #2060: Security sandbox violation: ExternalInterface caller file:///<redacted>/Firefox40_JS_Call/bin-debug/Firefox40_JS_Call.swf cannot access file:///<redacted>/Firefox40_JS_Call/bin-debug/test_crashed.html.
	at flash.external::ExternalInterface$/_initJS()
	at flash.external::ExternalInterface$/call()
	at Function/<anonymous>()[D:\ADOBE\FLEX\_EXEMPLES\Firefox40_JS_Call\src\Firefox40_JS_Call.mxml:16]

Are you sure that it is really Firefox 40 that is the problem, or could it be a Flash security update that was installed around the same time? A quick Google search is suggesting to me that some recent updates have tightened up some security restrictions.
Flags: needinfo?(j.devos)
Aaron, there is no security sandbox error when you put the files behind a web server like Tomcat.

Jerry, my Firefox crashes when calling JS alert() immediately from a Flash context menu item, and I'm not surprised, since alert() should not be used in production code anyway. Do you have an example that doesn't use alert()?

I tried the following:

Crashes:"function(){ alert('testCallJs'); }");

Succeeds:"function(){ setTimeout(function(){ alert('testCallJs'); }, 0); }");
Is CrashReporter catching any of your crashes? Can you go to about:crashes and paste a URL here?
Flags: needinfo?(andy.dufilie)
No, it just freezes and I have to kill the process.
Flags: needinfo?(andy.dufilie)
Actually, false alarm. The crash does not occur for me with the latest Flash Player.
I have the latest version of Flash Player ( installed on Firefox and the browser always crash with test_crashed.html
Flags: needinfo?(j.devos)
Ok, I can reproduce the crash using Jerry's code. I've uploaded it here:

Firefox 40.0.3 hangs and does not create a crash report.  I have to kill the process.
It's weird, with the previous link, the bug is reproducible in FF40.
But I found a regression in FF42, not 40...
Aaron Klotz — Bug 1185639 - Allow deferred message processing to happen between consecutive IPC message dispatches. r=jimm

But this bug has not been backported into FF40, so maybe another bugfix triggers the bug in FF40.
With the testcase in comment 14, I can reproduce the hang in Firefox 41, but not with a recent beta of Firefox 42 or a current nightly build.

Jerry, can you try a Firefox 42 beta and see if that works as expected with your application?
Flags: needinfo?(j.devos)
Keywords: testcase-wanted
Hello Ryan, with Firefox 42 beta (42.0b8), it works perfectly.
Flags: needinfo?(j.devos)
WFM with Beta.
Closed: 6 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.