Closed Bug 650275 Opened 14 years ago Closed 14 years ago

"ABORT: bad scope for new JSObjects" with setTimeout

Tracking

()

Status:

RESOLVED FIXED

Tracking Flags:

Tracking

Status

firefox5

wontfix

firefox6

fixed

blocking2.0

---

status2.0

---

wanted

status1.9.2

---

unaffected

blocking-fx

---

status1.9.1

---

unaffected

People

(Reporter: moz_bug_r_a4, Assigned: mrbkap)

References

Details

(Whiteboard: [sg:critical?] fixed-in-tracemonkey)

Attachments

(1 file)

testcase (crashes Firefox when loaded) 14 years ago moz_bug_r_a4 553 bytes, text/html		Details

moz_bug_r_a4

Reporter

Description

•

14 years ago

Attached file testcase (crashes Firefox when loaded) — Details

###!!! ABORT: bad scope for new JSObjects: 'type.IsArithmetic() || cx->compartment == lccx.GetScopeForNewJSObjects()->compartment()', file js/src/xpconnect/src/xpcconvert.cpp, line 253

Boris Zbarsky [:bzbarsky]

Updated

•

14 years ago

blocking2.0: --- → ?

blocking-fx: --- → ?

tracking-firefox5: --- → ?

Daniel Veditz [:dveditz]

Comment 1

•

14 years ago

Doesn't look like a chemspill bug and we're not planning any more 4.0.x releases.

blocking2.0: ? → -

status2.0: --- → wanted

Whiteboard: [sg:critical?]

Sheila Mooney

Comment 2

•

14 years ago

Is this something we should be tracking for FF5? We are skipping these in the Aurora triage meetings and deferring the decision to the crit smash team. Can someone make a call on +/- here?

Johnny Stenback (:jst)

Updated

•

14 years ago

Depends on: 650273

Johnny Stenback (:jst)

Comment 3

•

14 years ago

Tracking this for 5. Blake has a fix in the works.

tracking-firefox5: ? → +

No longer depends on: 650273

Johnny Stenback (:jst)

Updated

•

14 years ago

Assignee: nobody → mrbkap

Depends on: 650273

Sheila Mooney

Comment 4

•

14 years ago

Blake, do you have a status? When do we expect a fix to be ready?

Daniel Veditz [:dveditz]

Updated

•

14 years ago

status1.9.1: --- → unaffected

status1.9.2: --- → unaffected

Blake Kaplan (:mrbkap) (inactive)

Assignee

Comment 5

•

14 years ago

I have a patch that works but breaks a mochitest. I'm not sure how important the test is, though. I'll try to figure it out tomorrow.

Asa Dotzler [:asa]

Comment 6

•

14 years ago

We're now quite late in the game for Firefox 5. Does the fix at bug 650273 remedy this?

Blake Kaplan (:mrbkap) (inactive)

Assignee

Comment 7

•

14 years ago

Yes, it does.

Whiteboard: [sg:critical?] → [sg:critical?] fixed-in-tracemonkey

Daniel Veditz [:dveditz]

Comment 8

•

14 years ago

bug 650273 is fixed on mozilla-central

Status: NEW → RESOLVED

Closed: 14 years ago

Resolution: --- → FIXED

Johnny Stenback (:jst)

Comment 9

•

14 years ago

Per discussion with mrbkap and dveditz we've decided that it's too late to fix this for 5, but it's already fixed for 6.

status-firefox5: --- → wontfix

status-firefox6: --- → fixed

tracking-firefox5: + → -

tracking-firefox6: --- → +

Daniel Veditz [:dveditz]

Updated

•

13 years ago

Group: core-security

You need to log in before you can comment on or make changes to this bug.

Bugzilla

"ABORT: bad scope for new JSObjects" with setTimeout

Categories

(Core :: Security, defect)

Tracking

()

People

(Reporter: moz_bug_r_a4, Assigned: mrbkap)

References

Details

(Whiteboard: [sg:critical?] fixed-in-tracemonkey)

Crash Data

Security

(public)

User Story

Attachments

(1 file)

Description

Updated

Comment 1

Comment 2

Updated

Comment 3

Updated

Comment 4

Updated

Comment 5

Comment 6

Comment 7

Comment 8

Comment 9

Updated

Attachment

General

Description

File Name

Content Type