Closed Bug 426295 Opened 17 years ago Closed 16 years ago

Crash [@nsCachedStyleData::GetStyleMargin] when zooming page with script

Categories

(Core :: DOM: CSS Object Model, defect)

Product:
Core
Component:
DOM: CSS Object Model
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: pvnick, Unassigned)

Details

(Whiteboard: [sg:high])

Flags: wanted1.9.0.x?
Flags: blocking1.9?
Is this script zooming in/out while it is also changing styles (or something else)? I filed 2 bugs, bug 398853 and bug 403763 doing similar stuff. I think I filed some more, but those became worksforme. After that, I kinda gave up filing new ones, since nobody was working on those kind of bugs anyway.
roc, what do you think here? This sounds scary enough that it should block...
It does sound scary but I don't think we should block on it, especially given that user-initiated zooming doesn't trigger the bug.
-'ing, but if user-initiated zooming can trigger the bug then it needs to be a +..
Flags: wanted1.9.0.x?
Flags: wanted1.9.0.x+
Flags: blocking1.9?
Flags: blocking1.9-
Component: DOM: Views and Formatting → DOM: CSS Object Model
Marking sg:high for now as its a critical bug mitigate by the fact there is no straightforward remote exploit vector.
Whiteboard: [sg:high]
The patch in bug 475128 will likely fix this by changing the underlying problem from a crash into a correctness bug. I haven't tested, though, and it looks really complicated.
Can someone do the investigation David referred to? This bug has been added to our Top Security Bugs list and could use some attention. If bug 475128 fixed this bug then we can knock one off the list.
Since Paul can no longer reproduce, marking as fixed (believed to be fixed by bug 475128).
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
Group: core-security
You need to log in before you can comment on or make changes to this bug.