Valgrind complains about this: http://lxr.mozilla.org/mozilla/source/dom/src/base/nsJSEnvironment.cpp#1003 JSContext::CallEventHandler is expected to set aBoolResult or return failure. Looking at the code, this will not happen if: 1. it gets to securityManager->CheckFunctionAccess, but that does not succeed 2. stack->Pop(nsnull) does not fail what I did to trigger this was: mozilla about:blank and selected a profile. Valgrind stated that jsBoolResult was used uninitialized here: http://lxr.mozilla.org/mozilla/source/dom/src/events/nsJSEventListener.cpp#192
This is a code level bug, not sure if it is still present, and not sure how important this is. CCing developers.
Looks pretty important to me.. shouldn't we throw a security exception if CheckFunctionAccess() throws one?? At the very least the existing code will lead to unpredictable results in the case when the CheckFunctionAccess() fails....
*** This bug has been marked as a duplicate of 217562 ***