Open Bug 1518610 Opened 6 years ago Updated 2 years ago

Crash in nsGlobalWindowInner::RunTimeoutHandler

Categories

(Core :: DOM: Core & HTML, defect, P3)

66 Branch
Unspecified
Windows 7
defect

Tracking

()

Tracking Status
firefox-esr60 --- affected
firefox64 --- affected
firefox65 --- affected
firefox66 --- affected

People

(Reporter: lizzard, Unassigned)

Details

(Keywords: crash)

Crash Data

This bug was filed from the Socorro interface and is
report bp-cb3af426-6001-4bbb-a97d-348000190107.

=============================================================

Not high volume and not new, but some of the signatures look like possible security issues. 



Top 10 frames of crashing thread:

0 xul.dll nsGlobalWindowInner::RunTimeoutHandler dom/base/nsGlobalWindowInner.cpp:6459
1 xul.dll void mozilla::dom::TimeoutExecutor::MaybeExecute dom/base/TimeoutExecutor.cpp:168
2 xul.dll mozilla::dom::TimeoutExecutor::Run dom/base/TimeoutExecutor.cpp:225
3 xul.dll mozilla::ThrottledEventQueue::Inner::Executor::Run xpcom/threads/ThrottledEventQueue.cpp:72
4 xul.dll mozilla::SchedulerGroup::Runnable::Run xpcom/threads/SchedulerGroup.cpp:337
5 xul.dll nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:1246
6 xul.dll NS_ProcessNextEvent xpcom/threads/nsThreadUtils.cpp:530
7 xul.dll mozilla::ipc::MessagePump::Run ipc/glue/MessagePump.cpp:97
8 xul.dll MessageLoop::RunHandler ipc/chromium/src/base/message_loop.cc:318
9 xul.dll MessageLoop::Run ipc/chromium/src/base/message_loop.cc:298

=============================================================

The spike in ESR 60.4.0 crashes seems to be a single person crashing a whole bunch, with a set of consistent crash addresses (I've seen a lot of 0x4e24eaf3 and 0x5075eaf3). That person, in case it's relevant, uses the jaws-esr@mozilla.org extension

Needinfo Jamie in case there's something going on here.

Group: dom-core-security
Flags: needinfo?(jteh)

(In reply to Daniel Veditz [:dveditz] from comment #1)

The spike in ESR 60.4.0 crashes seems to be a single person crashing a whole bunch, with a set of consistent crash addresses (I've seen a lot of 0x4e24eaf3 and 0x5075eaf3). That person, in case it's relevant, uses the jaws-esr@mozilla.org extension

The jaws-esr extension was deployed to all 60 ESR users. The presence of that extension doesn't necessarily mean the user is using JAWS; rather, a globally deployed extension was the only way to detect JAWS and deploy the fix if appropriate. Out of 53 crashes in the last week, only 1 of them has accessibility enabled and that was on Firefox 64 release (not ESR).

Flags: needinfo?(jteh)
Priority: -- → P3
Component: DOM → DOM: Core & HTML
QA Whiteboard: qa-not-actionable

Since the crash volume is low (less than 5 per week), the severity is downgraded to S3. Feel free to change it back if you think the bug is still critical.

For more information, please visit auto_nag documentation.

Severity: critical → S3
You need to log in before you can comment on or make changes to this bug.