This bug was filed from the Socorro interface and is report bp-4a81ca5d-02ef-4d6c-80e1-7eefd0170518. ============================================================= Seen while looking at nightly crash stats - crashes started on Mac using 20170516122050: Possible regression range based on Build ID: https://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=3e166b6838931b3933ca274331f9e0e115af5cc0&tochange=6e3ca5b38f7173b214b10de49e58cb01890bf39d Bug 429824 is in the range. ni on spohl.
(In reply to [:philipp] from comment #1) > the crashing address of most of these reports indicates it's a UAF situation.
Assignee: nobody → spohl.mozilla.bugs
Status: NEW → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → FIXED
:spohl, why did you close this bug ?
Umm... I only meant to assign this bug to me. Looking into it now.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Attachment #8869144 - Flags: review?(mstange) → review+
Comment on attachment 8869144 [details] [diff] [review] Patch [Security approval request comment] How easily could an exploit be constructed based on the patch? Unknown Do comments in the patch, the check-in comment, or tests included in the patch paint a bulls-eye on the security problem? Yes Which older supported branches are affected by this flaw? None. This only affects nightly since this past Tuesday. If not all supported branches, which bug introduced the flaw? bug 429824 Do you have backports for the affected branches? If not, how different, hard to create, and risky will they be? n/a How likely is this patch to cause regressions; how much testing does it need? No risk of regressions. There is no good way to test the fix.
Comment on attachment 8869144 [details] [diff] [review] Patch This doesn't need sec approval since it only affects trunk. Land away!
https://hg.mozilla.org/integration/mozilla-inbound/rev/9f160f5995bbd3c62fe44d45681dcdd3b04c04ee Bug 1365825: Fix occasional crashes on OSX when handling custom shortcuts. r=mstange
(In reply to Ryan VanderMeulen [:RyanVM] from comment #8) > Comment on attachment 8869144 [details] [diff] [review] > Patch > > This doesn't need sec approval since it only affects trunk. Land away! Between closing the wrong bug as duplicate (bug 1365880, which was already marked as core-security, instead of this one), accidentally closing this bug here as fixed when I meant to only assign it to myself, and seeing "sec-approval required on patches before landing" and following that advice when it wasn't necessary, I clearly still need to get used to the new bugzilla... Thanks for bearing with me.
Crash Signature: [@ objc_msgSend | -[GeckoNSMenu performSuperKeyEquivalent:]] → [@ objc_msgSend | -[GeckoNSMenu performSuperKeyEquivalent:]] [@ objc_msgSend | -[NSMenu performKeyEquivalent:] ]
You need to log in before you can comment on or make changes to this bug.