Is this script zooming in/out while it is also changing styles (or something else)? I filed 2 bugs, bug 398853 and bug 403763 doing similar stuff. I think I filed some more, but those became worksforme. After that, I kinda gave up filing new ones, since nobody was working on those kind of bugs anyway.
roc, what do you think here? This sounds scary enough that it should block...
It does sound scary but I don't think we should block on it, especially given that user-initiated zooming doesn't trigger the bug.
-'ing, but if user-initiated zooming can trigger the bug then it needs to be a +..
Marking sg:high for now as its a critical bug mitigate by the fact there is no straightforward remote exploit vector.
The patch in bug 475128 will likely fix this by changing the underlying problem from a crash into a correctness bug. I haven't tested, though, and it looks really complicated.
Can someone do the investigation David referred to? This bug has been added to our Top Security Bugs list and could use some attention. If bug 475128 fixed this bug then we can knock one off the list.
Since Paul can no longer reproduce, marking as fixed (believed to be fixed by bug 475128).