Closed
Bug 692608
Opened 13 years ago
Closed 13 years ago
"ASSERTION: Flush during accessible tree update!" adding iframe
Categories
(Core :: Disability Access APIs, defect)
Tracking
()
RESOLVED
FIXED
mozilla10
Tracking | Status | |
---|---|---|
firefox8 | - | unaffected |
firefox9 | - | unaffected |
firefox10 | + | fixed |
status1.9.2 | --- | unaffected |
People
(Reporter: jruderman, Assigned: surkov)
References
Details
(Keywords: assertion, regression, testcase, Whiteboard: [sg:critical?][qa+])
Attachments
(3 files)
1. Start a debug build of Firefox. 2. Enable accessibility, e.g. by pasting the following into the js console: Components.classes["@mozilla.org/accessibilityService;1"] .getService(Components.interfaces.nsIAccessibleRetrieval); 3. Load the testcase. Result: Firefox hits the assertion added in bug 634197. ###!!! ASSERTION: Flush during accessible tree update!: '!accService->IsProcessingRefreshDriverNotification()', file layout/base/nsPresShell.cpp, line 3914 Security-sensitive for now because bug 634197 was inspired by security bugs.
Reporter | ||
Comment 1•13 years ago
|
||
Assignee | ||
Comment 2•13 years ago
|
||
Assignee | ||
Updated•13 years ago
|
Attachment #565496 -
Flags: review? → review?(trev.saunders)
Updated•13 years ago
|
Attachment #565496 -
Flags: review?(trev.saunders) → review+
Updated•13 years ago
|
status-firefox10:
--- → affected
status-firefox8:
--- → affected
status-firefox9:
--- → affected
tracking-firefox10:
--- → +
tracking-firefox8:
--- → +
tracking-firefox9:
--- → +
Assignee | ||
Comment 4•13 years ago
|
||
inbound land - https://hg.mozilla.org/integration/mozilla-inbound/rev/d2a037d0354d
Assignee | ||
Comment 5•13 years ago
|
||
landed https://hg.mozilla.org/mozilla-central/rev/d2a037d0354d
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla10
Comment 6•13 years ago
|
||
Alexander, can we take this for aurora and beta? If so, please request approval for the patch!
Comment 7•13 years ago
|
||
Alexander, ping? We're running out of time for 8...
Assignee | ||
Comment 8•13 years ago
|
||
(In reply to Johnny Stenback (:jst, jst@mozilla.com) from comment #7) > Alexander, ping? We're running out of time for 8... sorry, I missed request. This bug is consequence of the bug 634197 which is landed on Mozilla 10 only so no flushing during accessible tree update. I don't think there's a real security problem here.
Comment 9•13 years ago
|
||
Ok, thanks! I'm marking this as unaffected for 8 and 9 then, meaning there's no security worry with those releases relating to this bug.
Updated•12 years ago
|
status1.9.2:
--- → unaffected
Keywords: regression
Updated•12 years ago
|
Group: core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•