The default bug view has changed. See this FAQ.

Firefox crashes if removing parent node while in XBL constructor

VERIFIED FIXED

Status

()

Core
XBL
VERIFIED FIXED
10 years ago
10 years ago

People

(Reporter: Vlad Sukhoy, Unassigned)

Tracking

({crash, testcase, verified1.8.1.8})

1.8 Branch
x86
Mac OS X
crash, testcase, verified1.8.1.8
Points:
---
Bug Flags:
blocking1.8.1.8 +
wanted1.8.1.x +
wanted1.8.0.x +
in-testsuite ?

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [sg:critical?] fixed in 1.9 by 267833)

Attachments

(1 attachment)

884 bytes, application/xhtml+xml
Details
(Reporter)

Description

10 years ago
 
(Reporter)

Comment 1

10 years ago
Created attachment 271960 [details]
testcase
(Reporter)

Updated

10 years ago
Keywords: crash, testcase
This is branch-only, right?  This seems to work fine on trunk.

And if so, this is basically bug 267833, no?
(Reporter)

Comment 3

10 years ago
Branch-only. If there is no security risk, then WONTFIX..
Sure there's risk.  That's why we want to land bug 267833 on branch.  ;)
Group: security
Depends on: 267833
Flags: wanted1.8.1.x+
Flags: wanted1.8.0.x+
Flags: blocking1.8.1.6?
in 1.8.1.5pre I crash at nsCachedStyleData::GetStyleData() Line 210, 'this' is a deleted object.
Whiteboard: [sg:critical?] fixed in 1.9 by 267833
Flags: blocking1.8.1.7? → blocking1.8.1.7+
the branch checkin for bug 267833 has fixed this one for 1.8.1.8
Keywords: fixed1.8.1.8
verified fixed 1.8.1.8 using Mozilla/5.0 (Macintosh; U; Intel Mac OS X; ja-JP-mac; rv:1.8.1.8) Gecko/2007100816 Firefox/2.0.0.8 - no crash on testcase - adding verified keyword
Keywords: fixed1.8.1.8 → verified1.8.1.8
Group: security

Comment 8

10 years ago
Can someone change the status then to VERIFIED? This is in the list of bugs fixed for MFSA 2007-29 but stands out cos of it's 'NEW' status.
(Reporter)

Updated

10 years ago
Status: NEW → RESOLVED
Last Resolved: 10 years ago
Resolution: --- → FIXED
(Reporter)

Updated

10 years ago
Status: RESOLVED → VERIFIED
Flags: in-testsuite?
You need to log in before you can comment on or make changes to this bug.