Closed
Bug 1365825
Opened 7 years ago
Closed 7 years ago
Crash in objc_msgSend | -[GeckoNSMenu performSuperKeyEquivalent:]
Categories
(Core :: Widget: Cocoa, defect)
Tracking
()
RESOLVED
FIXED
mozilla55
Tracking | Status | |
---|---|---|
firefox-esr52 | --- | unaffected |
firefox53 | --- | unaffected |
firefox54 | --- | unaffected |
firefox55 | + | fixed |
People
(Reporter: marcia, Assigned: spohl)
References
Details
(4 keywords)
Crash Data
Attachments
(1 file)
1.31 KB,
patch
|
mstange
:
review+
|
Details | Diff | Splinter Review |
This bug was filed from the Socorro interface and is report bp-4a81ca5d-02ef-4d6c-80e1-7eefd0170518. ============================================================= Seen while looking at nightly crash stats - crashes started on Mac using 20170516122050: Possible regression range based on Build ID: https://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=3e166b6838931b3933ca274331f9e0e115af5cc0&tochange=6e3ca5b38f7173b214b10de49e58cb01890bf39d Bug 429824 is in the range. ni on spohl.
Flags: needinfo?(spohl.mozilla.bugs)
Updated•7 years ago
|
status-firefox53:
--- → unaffected
status-firefox-esr52:
--- → unaffected
tracking-firefox55:
--- → ?
Comment 2•7 years ago
|
||
(In reply to [:philipp] from comment #1) > the crashing address of most of these reports indicates it's a UAF situation.
Group: core-security
Assignee | ||
Updated•7 years ago
|
Assignee: nobody → spohl.mozilla.bugs
Status: NEW → RESOLVED
Closed: 7 years ago
Flags: needinfo?(spohl.mozilla.bugs)
Resolution: --- → FIXED
Comment 3•7 years ago
|
||
:spohl, why did you close this bug ?
Assignee | ||
Comment 4•7 years ago
|
||
Umm... I only meant to assign this bug to me. Looking into it now.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Updated•7 years ago
|
Keywords: csectype-uaf,
sec-high
Assignee | ||
Comment 6•7 years ago
|
||
Attachment #8869144 -
Flags: review?(mstange)
Updated•7 years ago
|
Attachment #8869144 -
Flags: review?(mstange) → review+
Assignee | ||
Comment 7•7 years ago
|
||
Comment on attachment 8869144 [details] [diff] [review] Patch [Security approval request comment] How easily could an exploit be constructed based on the patch? Unknown Do comments in the patch, the check-in comment, or tests included in the patch paint a bulls-eye on the security problem? Yes Which older supported branches are affected by this flaw? None. This only affects nightly since this past Tuesday. If not all supported branches, which bug introduced the flaw? bug 429824 Do you have backports for the affected branches? If not, how different, hard to create, and risky will they be? n/a How likely is this patch to cause regressions; how much testing does it need? No risk of regressions. There is no good way to test the fix.
Attachment #8869144 -
Flags: sec-approval?
Comment 8•7 years ago
|
||
Comment on attachment 8869144 [details] [diff] [review] Patch This doesn't need sec approval since it only affects trunk. Land away!
Attachment #8869144 -
Flags: sec-approval?
Assignee | ||
Comment 9•7 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/9f160f5995bbd3c62fe44d45681dcdd3b04c04ee Bug 1365825: Fix occasional crashes on OSX when handling custom shortcuts. r=mstange
Assignee | ||
Comment 10•7 years ago
|
||
(In reply to Ryan VanderMeulen [:RyanVM] from comment #8) > Comment on attachment 8869144 [details] [diff] [review] > Patch > > This doesn't need sec approval since it only affects trunk. Land away! Between closing the wrong bug as duplicate (bug 1365880, which was already marked as core-security, instead of this one), accidentally closing this bug here as fixed when I meant to only assign it to myself, and seeing "sec-approval required on patches before landing" and following that advice when it wasn't necessary, I clearly still need to get used to the new bugzilla... Thanks for bearing with me.
Updated•7 years ago
|
Crash Signature: [@ objc_msgSend | -[GeckoNSMenu performSuperKeyEquivalent:]] → [@ objc_msgSend | -[GeckoNSMenu performSuperKeyEquivalent:]]
[@ objc_msgSend | -[NSMenu performKeyEquivalent:] ]
Updated•7 years ago
|
Group: core-security → layout-core-security
Comment 11•7 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/9f160f5995bb
Status: REOPENED → RESOLVED
Closed: 7 years ago → 7 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla55
Updated•7 years ago
|
Group: layout-core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•