User-Agent: Mozilla/5.0 (Windows; U; Win 9x 4.90; en-US; rv:1.4b) Gecko/20030507 Build Identifier: Mozilla/5.0 (Windows; U; Win 9x 4.90; en-US; rv:1.4b) Gecko/20030507 If you mouseover a href which has onMouseOver=document.write(), mozilla will crash every time. This is sufficient to crash mozilla, if you mouseover it: <a href="#" onMouseOver="document.write('hello');">Mouseover to crash</a> I tested whis with 1.4b (2003050714) on WinME and today's trunk build on WinXP. Reproducible: Always Steps to Reproduce: 1. Load testcase Actual Results: Crash in gklayout.dll Expected Results: No crash
I would add a Talkback ID, but Talkback seems to be down.
Talkback ID TB19955920M
|this| is null at nsIFrame::GetFrameState
Summary: Mouseover link with onMouseOver="document.write()" crashes mozilla → Mouseover link with onMouseOver="document.write()" crashes mozilla [@ nsIFrame::GetFrameState]
TB19957293M Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.4b) Gecko/20030509 Talkback is working again, showing details about what is sent.
Dup based on stack. *** This bug has been marked as a duplicate of 204781 ***
Status: NEW → RESOLVED
Last Resolved: 15 years ago
Resolution: --- → DUPLICATE
Verified: now attachment 122882 [details] [diff] [review] is checked in, this is fixed.
Status: RESOLVED → VERIFIED
Crash Signature: [@ nsIFrame::GetFrameState]
You need to log in before you can comment on or make changes to this bug.