Created attachment 108538 [details] Example - ifr1a.html I'm not sure there's an exploit here, but it's odd.
I don't claim there is an exploit here. But neither can't confirm there is no exploit. IIRC some of the png's bugs caused an exploit after an ASSERT, so someone please check this.
I think these are safe, but jst can say for sure. The assertion messages sure could be clearer! "Null ptr!" is useless. /be
Target Milestone: --- → mozilla1.4alpha
jst and I checked this over, and we could find no security risk. In theory, calling open() on a "dead" document should just work - in reality it asserts and exits, but it's a no-op and doesn't enter an insecure state. Clearing security flag, assigning to Harish. Although this is a bug, I don't think it's urgent.
Assignee: mstoltz → harishd
Target Milestone: mozilla1.4alpha → ---
Assignee: harishd → nobody
QA Contact: bsharma → toolkit
You need to log in before you can comment on or make changes to this bug.