Closed Bug 387844 Opened 18 years ago Closed 17 years ago

Firefox crashes if removing parent node while in XBL constructor

Categories

(Core :: XBL, defect)

Product:
Core
Component:
XBL
Version:
1.8 Branch
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
VERIFIED FIXED

People

(Reporter: vladimir.sukhoy, Unassigned)

References

Details

(Keywords: crash, testcase, verified1.8.1.8, Whiteboard: [sg:critical?] fixed in 1.9 by 267833)

Attachments

(1 file)

testcase
884 bytes, application/xhtml+xml
Details
Attached file testcase
Keywords: crash, testcase
This is branch-only, right? This seems to work fine on trunk. And if so, this is basically bug 267833, no?
Branch-only. If there is no security risk, then WONTFIX..
Sure there's risk. That's why we want to land bug 267833 on branch. ;)
Group: security
Depends on: 267833
Flags: wanted1.8.1.x+
Flags: wanted1.8.0.x+
Flags: blocking1.8.1.6?
in 1.8.1.5pre I crash at nsCachedStyleData::GetStyleData() Line 210, 'this' is a deleted object.
Whiteboard: [sg:critical?] fixed in 1.9 by 267833
Flags: blocking1.8.1.7? → blocking1.8.1.7+
the branch checkin for bug 267833 has fixed this one for 1.8.1.8
Keywords: fixed1.8.1.8
verified fixed 1.8.1.8 using Mozilla/5.0 (Macintosh; U; Intel Mac OS X; ja-JP-mac; rv:1.8.1.8) Gecko/2007100816 Firefox/2.0.0.8 - no crash on testcase - adding verified keyword
Keywords: fixed1.8.1.8verified1.8.1.8
Group: security
Can someone change the status then to VERIFIED? This is in the list of bugs fixed for MFSA 2007-29 but stands out cos of it's 'NEW' status.
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED
Status: RESOLVED → VERIFIED
Flags: in-testsuite?
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: