Closed
Bug 1408157
Opened 7 years ago
Closed 7 years ago
Crash in xul.dll@0x2fa56f8 | mozilla::dom::CoalescedMouseMoveFlusher::WillRefresh
Categories
(Core :: DOM: Events, defect, P1)
Tracking
()
RESOLVED
FIXED
Tracking | Status | |
---|---|---|
firefox-esr52 | --- | unaffected |
firefox56 | --- | unaffected |
firefox57 | --- | disabled |
firefox58 | --- | fixed |
People
(Reporter: marcia, Assigned: stone)
References
Details
(4 keywords, Whiteboard: [post-critsmash-triage])
Crash Data
This bug was filed from the Socorro interface and is report bp-67166a47-2b8e-46ad-8d65-811520171012. ============================================================= Seen while looking at crash stats. Several crashes: http://bit.ly/2g57KiD, Windows and Linux are affected.
Comment 1•7 years ago
|
||
The line crashed at was added in 1361067. Stone, please take a look. Also, this won't affect 57 as bug 1361067 is disabled in 57, right?
Assignee | ||
Comment 2•7 years ago
|
||
(In reply to Hsin-Yi Tsai [:hsinyi] from comment #1) > The line crashed at was added in 1361067. Stone, please take a look. Also, > this won't affect 57 as bug 1361067 is disabled in 57, right? Yes. This won't affect 57.
Flags: needinfo?(sshih)
Assignee | ||
Updated•7 years ago
|
Assignee: nobody → sshih
Updated•7 years ago
|
status-firefox57:
--- → disabled
Assignee | ||
Comment 3•7 years ago
|
||
The call stacks are similar to bug 1407700. I think we could keep an eye on it after landing the patches of bug 1407700.
Comment 4•7 years ago
|
||
Many if not all of the crashes are EXEC crashes to wildptr (looks like reused memory) addresses. Some appear to possibly be strings. This implies that it can easily be made to execute using a pointer (vtbl likely) in reallocated memory, which is very dangerous.
Group: core-security
Keywords: csectype-wildptr,
sec-critical
Assignee | ||
Comment 5•7 years ago
|
||
No crash happened with a build later than 20171019100107. I think this is caused by the same problem of bug 1407700 so close it. Didn't associate this with bug 1407700 because it is not marked as a security bug.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Updated•7 years ago
|
Updated•7 years ago
|
Group: core-security → core-security-release
Updated•7 years ago
|
status-firefox56:
--- → unaffected
status-firefox-esr52:
--- → unaffected
Updated•6 years ago
|
Flags: qe-verify-
Whiteboard: [post-critsmash-triage]
Updated•6 years ago
|
Group: core-security-release
You need to log in
before you can comment on or make changes to this bug.
Description
•