Created attachment 526495 [details] testcase (crashes Firefox when loaded) Crash [@ nsScriptElement::MaybeProcessScript] The code that's crashing was added in bug 592366: http://hg.mozilla.org/mozilla-central/annotate/b140e7746652/content/base/src/nsScriptElement.cpp#l172
Needs more null checking.
Created attachment 526706 [details] [diff] [review] Add a null check This code was written with HTML in mind. Yay for XML code paths. :-( That we come to this branch at all is bogus. Will fix properly in bug 563322.
Comment on attachment 526706 [details] [diff] [review] Add a null check This is a stability fix that simply adds a null check. Seems to fit the Aurora criteria, so nominating.