This bug was filed from the Socorro interface and is
report bp-27e7d6fc-c8d9-4ca1-be95-f1be92120330 .
1. Load http://lcamtuf.coredump.cx/cross_fuzz/
2. Run cross_fuzz_msie_randomized_seed.html test
3. Wait about 1-2 minutes
Easily reproducible crash in GetMozBattery(). I've test two different MacBook Pros and two different user profiles. I was able to reproduce this crash many times on Nightly 2012-03-29 and 2012-03-14.
I can't reproduce that on my Linux laptop. Is that Mac only?
I only have Mac test machines. I reproduced it on Mac OS X 10.6 and 10.7.
Created attachment 611104 [details] [diff] [review]
Stupid mistake... sorry about that :(
Comment on attachment 611104 [details] [diff] [review]
I wonder why my fuzzer missed this bug. Is there a reduced testcase?
I haven't done one but maybe we can ask QA to do one?
seems ff 13.0.2 is affected, please see Bug 767947
This has been fixed in Firefox 14, see the target milestone.
yes i saw, but why not in 13.x ?
We could indeed have pushed that to Firefox 13 but it's now too late.
*** Bug 767947 has been marked as a duplicate of this bug. ***
*** Bug 767174 has been marked as a duplicate of this bug. ***
(In reply to David Maciejak from comment #10)
> yes i saw, but why not in 13.x ?
This is not an exploitable crash and is not a major stability problem since it's a new, little-used feature. There is no practical user benefit to the disruption of an out-of-cycle release.
Verified on Ubuntu 12.04, Mac OS X 10.6 and Mac OS X 10.7 that Firefox 14 beta 10 does not crash when using the STR from the Description.
Mozilla/5.0 (X11; Linux i686; rv:14.0) Gecko/20100101 Firefox/14.0
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:14.0) Gecko/20100101 Firefox/14.0
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:14.0) Gecko/20100101 Firefox/14.0
Also, checked in Socorro and there are no crashes on Firefox 14.
*** Bug 771037 has been marked as a duplicate of this bug. ***