Created attachment 589751 [details] [diff] [review] Loop with temporary. Affected up to beta. Despite the use-after free, since this is in a tight loop it will be fairly difficult to exploit.
https://hg.mozilla.org/integration/mozilla-inbound/rev/02e6d576cbd3 Waiting for approval on aurora/beta.
Comment on attachment 589751 [details] [diff] [review] Loop with temporary. [Approval Request Comment] Regression caused by (bug #): 684039 User impact if declined: Potential vulnerability. Testing completed (on m-c, etc.): On m-c. Risk to taking this patch (and alternatives if risky): None.
Comment on attachment 589751 [details] [diff] [review] Loop with temporary. [Triage Comment] The recommendation of the security team and engineering is to take this given its near-zero risk evaluation and potential exploitability. Please land ASAP.
Is there anything QA can do to verify this fix?