Closed Bug 692608 Opened 11 years ago Closed 11 years ago

"ASSERTION: Flush during accessible tree update!" adding iframe

Categories

(Core :: Disability Access APIs, defect)

x86_64
macOS
defect
Not set
normal

Tracking

()

RESOLVED FIXED
mozilla10
Tracking Status
firefox8 - unaffected
firefox9 - unaffected
firefox10 + fixed
status1.9.2 --- unaffected

People

(Reporter: jruderman, Assigned: surkov)

References

Details

(Keywords: assertion, regression, testcase, Whiteboard: [sg:critical?][qa+])

Attachments

(3 files)

Attached file testcase
1. Start a debug build of Firefox.

2. Enable accessibility, e.g. by pasting the following into the js console:

Components.classes["@mozilla.org/accessibilityService;1"]
      .getService(Components.interfaces.nsIAccessibleRetrieval);

3. Load the testcase.

Result: Firefox hits the assertion added in bug 634197.

###!!! ASSERTION: Flush during accessible tree update!: '!accService->IsProcessingRefreshDriverNotification()', file layout/base/nsPresShell.cpp, line 3914

Security-sensitive for now because bug 634197 was inspired by security bugs.
Attached file stack trace
Attached patch patchSplinter Review
Assignee: nobody → surkov.alexander
Status: NEW → ASSIGNED
Attachment #565496 - Flags: review?
Attachment #565496 - Flags: review? → review?(trev.saunders)
Attachment #565496 - Flags: review?(trev.saunders) → review+
Guessing sg:critical since bug 629912 was
Whiteboard: [sg:critical?]
landed https://hg.mozilla.org/mozilla-central/rev/d2a037d0354d
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla10
Alexander, can we take this for aurora and beta? If so, please request approval for the patch!
Alexander, ping? We're running out of time for 8...
(In reply to Johnny Stenback (:jst, jst@mozilla.com) from comment #7)
> Alexander, ping? We're running out of time for 8...

sorry, I missed request. This bug is consequence of the bug 634197 which is landed on Mozilla 10 only so no flushing during accessible tree update. I don't think there's a real security problem here.
Ok, thanks! I'm marking this as unaffected for 8 and 9 then, meaning there's no security worry with those releases relating to this bug.
Whiteboard: [sg:critical?] → [sg:critical?][qa+]
Group: core-security
You need to log in before you can comment on or make changes to this bug.