Closed Bug 650275 Opened 9 years ago Closed 9 years ago

"ABORT: bad scope for new JSObjects" with setTimeout

Categories

(Core :: Security, defect)

x86
Windows XP
defect
Not set

Tracking

()

RESOLVED FIXED
Tracking Status
firefox5 - wontfix
firefox6 + fixed
blocking2.0 --- -
status2.0 --- wanted
status1.9.2 --- unaffected
blocking-fx --- ?
status1.9.1 --- unaffected

People

(Reporter: moz_bug_r_a4, Assigned: mrbkap)

References

Details

(Whiteboard: [sg:critical?] fixed-in-tracemonkey)

Attachments

(1 file)

###!!! ABORT: bad scope for new JSObjects: 'type.IsArithmetic() || cx->compartment == lccx.GetScopeForNewJSObjects()->compartment()', file js/src/xpconnect/src/xpcconvert.cpp, line 253
blocking2.0: --- → ?
blocking-fx: --- → ?
Doesn't look like a chemspill bug and we're not planning any more 4.0.x releases.
blocking2.0: ? → -
status2.0: --- → wanted
Whiteboard: [sg:critical?]
Is this something we should be tracking for FF5? We are skipping these in the Aurora triage meetings and deferring the decision to the crit smash team. Can someone make a call on +/- here?
Depends on: 650273
Tracking this for 5. Blake has a fix in the works.
No longer depends on: 650273
Assignee: nobody → mrbkap
Depends on: 650273
Blake, do you have a status? When do we expect a fix to be ready?
I have a patch that works but breaks a mochitest. I'm not sure how important the test is, though. I'll try to figure it out tomorrow.
We're now quite late in the game for Firefox 5. Does the fix at bug 650273 remedy this?
Yes, it does.
Whiteboard: [sg:critical?] → [sg:critical?] fixed-in-tracemonkey
bug 650273 is fixed on mozilla-central
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Per discussion with mrbkap and dveditz we've decided that it's too late to fix this for 5, but it's already fixed for 6.
Group: core-security
You need to log in before you can comment on or make changes to this bug.