Closed Bug 765711 Opened 12 years ago Closed 12 years ago

Heap-use-after-free in nsFrameList::RemoveFirstChild

Categories

(Core :: Layout: Block and Inline, defect)

Product:
Core
Component:
Layout: Block and Inline
Platform:
x86_64
All
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 765409
Tracking Flags:
Tracking Status
firefox14 --- affected
firefox15 --- affected
firefox16 --- affected
firefox-esr10 --- unaffected

People

(Reporter: inferno, Unassigned)

References

Details

(Keywords: sec-critical, Whiteboard: [sg:dupe 765409][asan])

Attachments

(1 file)

Testcase
887 bytes, text/html
Details
Attached file Testcase 
Reproduces on trunk
20120617120215
http://hg.mozilla.org/mozilla-central/rev/b1a0fb2bdbf7

=================================================================
==23774== ERROR: AddressSanitizer heap-use-after-free on address 0x7f90be9f5c80 at pc 0x7f90ec141d53 bp 0x7fffed112710 sp 0x7fffed112708
READ of size 8 at 0x7f90be9f5c80 thread T0
    #0 0x7f90ec141d53 in nsFrameList::RemoveFirstChild() firefox/src/layout/generic/nsFrameList.cpp:144
    #1 0x7f90ec1413eb in nsFrameList::DestroyFrames() firefox/src/layout/generic/nsFrameList.cpp:49
    #2 0x7f90ec141220 in nsFrameList::Destroy() firefox/src/layout/generic/nsFrameList.cpp:34
    #3 0x7f90ebfe27e7 in nsContainerFrame::DestroyFrameList(void*) firefox/src/layout/generic/nsContainerFrame.h:342
    #4 0x7f90eb846518 in mozilla::FramePropertyTable::PropertyValue::DestroyValueFor(nsIFrame*) firefox/src/layout/base/FramePropertyTable.h:147
    #5 0x7f90eb845490 in mozilla::FramePropertyTable::Set(nsIFrame*, mozilla::FramePropertyDescriptor const*, void*) firefox/src/layout/base/FramePropertyTable.cpp:34
    #6 0x7f90ec055524 in nsContainerFrame::SetOverflowFrames(nsPresContext*, nsFrameList const&) firefox/src/layout/generic/nsContainerFrame.cpp:1365
    #7 0x7f90ec2bec56 in nsInlineFrame::PushFrames(nsPresContext*, nsIFrame*, nsIFrame*, nsInlineFrame::InlineReflowState&) firefox/src/layout/generic/nsInlineFrame.cpp:834
    #8 0x7f90ec2bc77c in nsInlineFrame::ReflowInlineFrame(nsPresContext*, nsHTMLReflowState const&, nsInlineFrame::InlineReflowState&, nsIFrame*, unsigned int&) firefox/src/layout/generic/nsInlineFrame.cpp:733
    #9 0x7f90ec2b7f9d in nsInlineFrame::ReflowFrames(nsPresContext*, nsHTMLReflowState const&, nsInlineFrame::InlineReflowState&, nsHTMLReflowMetrics&, unsigned int&) firefox/src/layout/generic/nsInlineFrame.cpp:543
    #10 0x7f90ec2b52aa in nsInlineFrame::Reflow(nsPresContext*, nsHTMLReflowMetrics&, nsHTMLReflowState const&, unsigned int&) firefox/src/layout/generic/nsInlineFrame.cpp:397
    #11 0x7f90ec2eab1f in nsLineLayout::ReflowFrame(nsIFrame*, unsigned int&, nsHTMLReflowMetrics*, bool&) firefox/src/layout/generic/nsLineLayout.cpp:824
    #12 0x7f90ebfa6a7f in nsBlockFrame::ReflowInlineFrame(nsBlockReflowState&, nsLineLayout&, nsLineList_iterator, nsIFrame*, LineReflowStatus*) firefox/src/layout/generic/nsBlockFrame.cpp:3834
    #13 0x7f90ebfa0f87 in nsBlockFrame::DoReflowInlineFrames(nsBlockReflowState&, nsLineLayout&, nsLineList_iterator, nsFlowAreaRect&, int&, nsFloatManager::SavedState*, bool*, LineReflowStatus*, bool) firefox/src/layout/generic/nsBlockFrame.cpp:3665
    #14 0x7f90ebf92f57 in nsBlockFrame::ReflowInlineFrames(nsBlockReflowState&, nsLineList_iterator, bool*) firefox/src/layout/generic/nsBlockFrame.cpp:3482
    #15 0x7f90ebf8190c in nsBlockFrame::ReflowLine(nsBlockReflowState&, nsLineList_iterator, bool*) firefox/src/layout/generic/nsBlockFrame.cpp:2570
    #16 0x7f90ebf66d71 in nsBlockFrame::ReflowDirtyLines(nsBlockReflowState&) firefox/src/layout/generic/nsBlockFrame.cpp:2020
    #17 0x7f90ebf5a80f in nsBlockFrame::Reflow(nsPresContext*, nsHTMLReflowMetrics&, nsHTMLReflowState const&, unsigned int&) firefox/src/layout/generic/nsBlockFrame.cpp:1069
    #18 0x7f90ec04a527 in nsContainerFrame::ReflowChild(nsIFrame*, nsPresContext*, nsHTMLReflowMetrics&, nsHTMLReflowState const&, int, int, unsigned int, unsigned int&, nsOverflowContinuationTracker*) firefox/src/layout/generic/nsContainerFrame.cpp:906
    #19 0x7f90ec219b57 in nsCanvasFrame::Reflow(nsPresContext*, nsHTMLReflowMetrics&, nsHTMLReflowState const&, unsigned int&) firefox/src/layout/generic/nsCanvasFrame.cpp:429
    #20 0x7f90ec04a527 in nsContainerFrame::ReflowChild(nsIFrame*, nsPresContext*, nsHTMLReflowMetrics&, nsHTMLReflowState const&, int, int, unsigned int, unsigned int&, nsOverflowContinuationTracker*) firefox/src/layout/generic/nsContainerFrame.cpp:906
    #21 0x7f90ec1941ae in nsHTMLScrollFrame::ReflowScrolledFrame(ScrollReflowState*, bool, bool, nsHTMLReflowMetrics*, bool) firefox/src/layout/generic/nsGfxScrollFrame.cpp:516
    #22 0x7f90ec199a5a in nsHTMLScrollFrame::ReflowContents(ScrollReflowState*, nsHTMLReflowMetrics const&) firefox/src/layout/generic/nsGfxScrollFrame.cpp:616
    #23 0x7f90ec19dd7f in nsHTMLScrollFrame::Reflow(nsPresContext*, nsHTMLReflowMetrics&, nsHTMLReflowState const&, unsigned int&) firefox/src/layout/generic/nsGfxScrollFrame.cpp:857
    #24 0x7f90ec04a527 in nsContainerFrame::ReflowChild(nsIFrame*, nsPresContext*, nsHTMLReflowMetrics&, nsHTMLReflowState const&, int, int, unsigned int, unsigned int&, nsOverflowContinuationTracker*) firefox/src/layout/generic/nsContainerFrame.cpp:906
    #25 0x7f90ec571b81 in ViewportFrame::Reflow(nsPresContext*, nsHTMLReflowMetrics&, nsHTMLReflowState const&, unsigned int&) firefox/src/layout/generic/nsViewportFrame.cpp:200
    #26 0x7f90ebcd3016 in PresShell::DoReflow(nsIFrame*, bool) firefox/src/layout/base/nsPresShell.cpp:7382
    #27 0x7f90ebd00aad in PresShell::ProcessReflowCommands(bool) firefox/src/layout/base/nsPresShell.cpp:7523
    #28 0x7f90ebcff1bd in PresShell::FlushPendingNotifications(mozFlushType) firefox/src/layout/base/nsPresShell.cpp:3852
    #29 0x7f90ebda648b in nsRefreshDriver::Notify(nsITimer*) firefox/src/layout/base/nsRefreshDriver.cpp:396
    #30 0x7f90f69d1096 in nsTimerImpl::Fire() firefox/src/xpcom/threads/nsTimerImpl.cpp:477
    #31 0x7f90f69d2c0c in nsTimerEvent::Run() firefox/src/xpcom/threads/nsTimerImpl.cpp:558
    #32 0x7f90f69952c3 in nsThread::ProcessNextEvent(bool, bool*) firefox/src/xpcom/threads/nsThread.cpp:625
    #33 0x7f90f66248dd in NS_ProcessNextEvent_P(nsIThread*, bool) firefox/src/objdir-ff-asan-sym/xpcom/build/nsThreadUtils.cpp:217
    #34 0x7f90f578aee6 in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) firefox/src/ipc/glue/MessagePump.cpp:82
    #35 0x7f90f6c45cda in MessageLoop::RunInternal() firefox/src/ipc/chromium/src/base/message_loop.cc:209
    #36 0x7f90f6c45b23 in MessageLoop::RunHandler() firefox/src/ipc/chromium/src/base/message_loop.cc:202
    #37 0x7f90f6c45a08 in MessageLoop::Run() firefox/src/ipc/chromium/src/base/message_loop.cc:176
    #38 0x7f90f4cb952e in nsBaseAppShell::Run() firefox/src/widget/xpwidgets/nsBaseAppShell.cpp:165
    #39 0x7f90f3901098 in nsAppStartup::Run() firefox/src/toolkit/components/startup/nsAppStartup.cpp:256
    #40 0x7f90ea2d4e17 in XREMain::XRE_mainRun() firefox/src/toolkit/xre/nsAppRunner.cpp:3785
    #41 0x7f90ea2db7d2 in XREMain::XRE_main(int, char**, nsXREAppData const*) firefox/src/toolkit/xre/nsAppRunner.cpp:3862
    #42 0x7f90ea2dec8b in XRE_main firefox/src/toolkit/xre/nsAppRunner.cpp:3938
    #43 0x40a9ef in do_main(int, char**) firefox/src/browser/app/nsBrowserApp.cpp:160
    #44 0x40841d in main firefox/src/browser/app/nsBrowserApp.cpp:330
    #45 0x7f9104df4c4d in ?? ??:0
0x7f90be9f5c80 is located 0 bytes inside of 16-byte region [0x7f90be9f5c80,0x7f90be9f5c90)
freed by thread T0 here:
    #0 0x4a35a2 in free ??:0
    #1 0x7f91033625e3 in moz_free firefox/src/memory/mozalloc/mozalloc.cpp:49
    #2 0x7f90ec1416e0 in nsFrameList::DestroyFrom(nsIFrame*) firefox/src/layout/generic/nsFrameList.cpp:44
    #3 0x7f90ec03d5ec in nsContainerFrame::DestroyOverflowList(nsPresContext*, nsIFrame*) firefox/src/layout/generic/nsContainerFrame.cpp:1259
    #4 0x7f90ec03cd6e in nsContainerFrame::DestroyFrom(nsIFrame*) firefox/src/layout/generic/nsContainerFrame.cpp:223
    #5 0x7f90ec2c04bb in nsInlineFrame::DestroyFrom(nsIFrame*) firefox/src/layout/generic/nsInlineFrame.cpp:910
    #6 0x7f90eb872118 in nsIFrame::Destroy() firefox/src/layout/xul/base/src/../../../generic/nsIFrame.h:567
    #7 0x7f90ec141455 in nsFrameList::DestroyFrames() firefox/src/layout/generic/nsFrameList.cpp:51
    #8 0x7f90ec141220 in nsFrameList::Destroy() firefox/src/layout/generic/nsFrameList.cpp:34
    #9 0x7f90ebfe27e7 in nsContainerFrame::DestroyFrameList(void*) firefox/src/layout/tables/../generic/nsContainerFrame.h:342
    #10 0x7f90eb846518 in mozilla::FramePropertyTable::PropertyValue::DestroyValueFor(nsIFrame*) firefox/src/layout/base/FramePropertyTable.h:147
    #11 0x7f90eb845490 in mozilla::FramePropertyTable::Set(nsIFrame*, mozilla::FramePropertyDescriptor const*, void*) firefox/src/layout/base/FramePropertyTable.cpp:34
    #12 0x7f90ec055524 in nsContainerFrame::SetOverflowFrames(nsPresContext*, nsFrameList const&) firefox/src/layout/generic/nsContainerFrame.cpp:1365
    #13 0x7f90ec2bec56 in nsInlineFrame::PushFrames(nsPresContext*, nsIFrame*, nsIFrame*, nsInlineFrame::InlineReflowState&) firefox/src/layout/generic/nsInlineFrame.cpp:834
    #14 0x7f90ec2bc77c in nsInlineFrame::ReflowInlineFrame(nsPresContext*, nsHTMLReflowState const&, nsInlineFrame::InlineReflowState&, nsIFrame*, unsigned int&) firefox/src/layout/generic/nsInlineFrame.cpp:733
    #15 0x7f90ec2b7f9d in nsInlineFrame::ReflowFrames(nsPresContext*, nsHTMLReflowState const&, nsInlineFrame::InlineReflowState&, nsHTMLReflowMetrics&, unsigned int&) firefox/src/layout/generic/nsInlineFrame.cpp:543
    #16 0x7f90ec2b52aa in nsInlineFrame::Reflow(nsPresContext*, nsHTMLReflowMetrics&, nsHTMLReflowState const&, unsigned int&) firefox/src/layout/generic/nsInlineFrame.cpp:397
    #17 0x7f90ec2eab1f in nsLineLayout::ReflowFrame(nsIFrame*, unsigned int&, nsHTMLReflowMetrics*, bool&) firefox/src/layout/generic/nsLineLayout.cpp:824
    #18 0x7f90ebfa6a7f in nsBlockFrame::ReflowInlineFrame(nsBlockReflowState&, nsLineLayout&, nsLineList_iterator, nsIFrame*, LineReflowStatus*) firefox/src/layout/generic/nsBlockFrame.cpp:3834
    #19 0x7f90ebfa0f87 in nsBlockFrame::DoReflowInlineFrames(nsBlockReflowState&, nsLineLayout&, nsLineList_iterator, nsFlowAreaRect&, int&, nsFloatManager::SavedState*, bool*, LineReflowStatus*, bool) firefox/src/layout/generic/nsBlockFrame.cpp:3665
    #20 0x7f90ebf92f57 in nsBlockFrame::ReflowInlineFrames(nsBlockReflowState&, nsLineList_iterator, bool*) firefox/src/layout/generic/nsBlockFrame.cpp:3482
    #21 0x7f90ebf8190c in nsBlockFrame::ReflowLine(nsBlockReflowState&, nsLineList_iterator, bool*) firefox/src/layout/generic/nsBlockFrame.cpp:2570
    #22 0x7f90ebf66d71 in nsBlockFrame::ReflowDirtyLines(nsBlockReflowState&) firefox/src/layout/generic/nsBlockFrame.cpp:2020
    #23 0x7f90ebf5a80f in nsBlockFrame::Reflow(nsPresContext*, nsHTMLReflowMetrics&, nsHTMLReflowState const&, unsigned int&) firefox/src/layout/generic/nsBlockFrame.cpp:1069
    #24 0x7f90ec04a527 in nsContainerFrame::ReflowChild(nsIFrame*, nsPresContext*, nsHTMLReflowMetrics&, nsHTMLReflowState const&, int, int, unsigned int, unsigned int&, nsOverflowContinuationTracker*) firefox/src/layout/generic/nsContainerFrame.cpp:906
    #25 0x7f90ec219b57 in nsCanvasFrame::Reflow(nsPresContext*, nsHTMLReflowMetrics&, nsHTMLReflowState const&, unsigned int&) firefox/src/layout/generic/nsCanvasFrame.cpp:429
    #26 0x7f90ec04a527 in nsContainerFrame::ReflowChild(nsIFrame*, nsPresContext*, nsHTMLReflowMetrics&, nsHTMLReflowState const&, int, int, unsigned int, unsigned int&, nsOverflowContinuationTracker*) firefox/src/layout/generic/nsContainerFrame.cpp:906
    #27 0x7f90ec1941ae in nsHTMLScrollFrame::ReflowScrolledFrame(ScrollReflowState*, bool, bool, nsHTMLReflowMetrics*, bool) firefox/src/layout/generic/nsGfxScrollFrame.cpp:516
    #28 0x7f90ec199a5a in nsHTMLScrollFrame::ReflowContents(ScrollReflowState*, nsHTMLReflowMetrics const&) firefox/src/layout/generic/nsGfxScrollFrame.cpp:616
    #29 0x7f90ec19dd7f in nsHTMLScrollFrame::Reflow(nsPresContext*, nsHTMLReflowMetrics&, nsHTMLReflowState const&, unsigned int&) firefox/src/layout/generic/nsGfxScrollFrame.cpp:857
previously allocated by thread T0 here:
    #0 0x4a3662 in malloc ??:0
    #1 0x7f9103362737 in moz_xmalloc firefox/src/memory/mozalloc/mozalloc.cpp:54
    #2 0x7f90ec055444 in nsContainerFrame::SetOverflowFrames(nsPresContext*, nsFrameList const&) firefox/src/layout/generic/nsContainerFrame.cpp:1362
    #3 0x7f90ec2bec56 in nsInlineFrame::PushFrames(nsPresContext*, nsIFrame*, nsIFrame*, nsInlineFrame::InlineReflowState&) firefox/src/layout/generic/nsInlineFrame.cpp:834
    #4 0x7f90ec2bc77c in nsInlineFrame::ReflowInlineFrame(nsPresContext*, nsHTMLReflowState const&, nsInlineFrame::InlineReflowState&, nsIFrame*, unsigned int&) firefox/src/layout/generic/nsInlineFrame.cpp:733
    #5 0x7f90ec2b7f9d in nsInlineFrame::ReflowFrames(nsPresContext*, nsHTMLReflowState const&, nsInlineFrame::InlineReflowState&, nsHTMLReflowMetrics&, unsigned int&) firefox/src/layout/generic/nsInlineFrame.cpp:543
    #6 0x7f90ec2b52aa in nsInlineFrame::Reflow(nsPresContext*, nsHTMLReflowMetrics&, nsHTMLReflowState const&, unsigned int&) firefox/src/layout/generic/nsInlineFrame.cpp:397
    #7 0x7f90ec2eab1f in nsLineLayout::ReflowFrame(nsIFrame*, unsigned int&, nsHTMLReflowMetrics*, bool&) firefox/src/layout/generic/nsLineLayout.cpp:824
    #8 0x7f90ec2bb86d in nsInlineFrame::ReflowInlineFrame(nsPresContext*, nsHTMLReflowState const&, nsInlineFrame::InlineReflowState&, nsIFrame*, unsigned int&) firefox/src/layout/generic/nsInlineFrame.cpp:680
    #9 0x7f90ec2b7f9d in nsInlineFrame::ReflowFrames(nsPresContext*, nsHTMLReflowState const&, nsInlineFrame::InlineReflowState&, nsHTMLReflowMetrics&, unsigned int&) firefox/src/layout/generic/nsInlineFrame.cpp:543
    #10 0x7f90ec2b52aa in nsInlineFrame::Reflow(nsPresContext*, nsHTMLReflowMetrics&, nsHTMLReflowState const&, unsigned int&) firefox/src/layout/generic/nsInlineFrame.cpp:397
    #11 0x7f90ec2eab1f in nsLineLayout::ReflowFrame(nsIFrame*, unsigned int&, nsHTMLReflowMetrics*, bool&) firefox/src/layout/generic/nsLineLayout.cpp:824
    #12 0x7f90ebfa6a7f in nsBlockFrame::ReflowInlineFrame(nsBlockReflowState&, nsLineLayout&, nsLineList_iterator, nsIFrame*, LineReflowStatus*) firefox/src/layout/generic/nsBlockFrame.cpp:3834
    #13 0x7f90ebfa0f87 in nsBlockFrame::DoReflowInlineFrames(nsBlockReflowState&, nsLineLayout&, nsLineList_iterator, nsFlowAreaRect&, int&, nsFloatManager::SavedState*, bool*, LineReflowStatus*, bool) firefox/src/layout/generic/nsBlockFrame.cpp:3665
    #14 0x7f90ebf92f57 in nsBlockFrame::ReflowInlineFrames(nsBlockReflowState&, nsLineList_iterator, bool*) firefox/src/layout/generic/nsBlockFrame.cpp:3482
    #15 0x7f90ebf8190c in nsBlockFrame::ReflowLine(nsBlockReflowState&, nsLineList_iterator, bool*) firefox/src/layout/generic/nsBlockFrame.cpp:2570
    #16 0x7f90ebf66d71 in nsBlockFrame::ReflowDirtyLines(nsBlockReflowState&) firefox/src/layout/generic/nsBlockFrame.cpp:2020
    #17 0x7f90ebf5a80f in nsBlockFrame::Reflow(nsPresContext*, nsHTMLReflowMetrics&, nsHTMLReflowState const&, unsigned int&) firefox/src/layout/generic/nsBlockFrame.cpp:1069
    #18 0x7f90ec04a527 in nsContainerFrame::ReflowChild(nsIFrame*, nsPresContext*, nsHTMLReflowMetrics&, nsHTMLReflowState const&, int, int, unsigned int, unsigned int&, nsOverflowContinuationTracker*) firefox/src/layout/generic/nsContainerFrame.cpp:906
    #19 0x7f90ec219b57 in nsCanvasFrame::Reflow(nsPresContext*, nsHTMLReflowMetrics&, nsHTMLReflowState const&, unsigned int&) firefox/src/layout/generic/nsCanvasFrame.cpp:429
    #20 0x7f90ec04a527 in nsContainerFrame::ReflowChild(nsIFrame*, nsPresContext*, nsHTMLReflowMetrics&, nsHTMLReflowState const&, int, int, unsigned int, unsigned int&, nsOverflowContinuationTracker*) firefox/src/layout/generic/nsContainerFrame.cpp:906
    #21 0x7f90ec1941ae in nsHTMLScrollFrame::ReflowScrolledFrame(ScrollReflowState*, bool, bool, nsHTMLReflowMetrics*, bool) firefox/src/layout/generic/nsGfxScrollFrame.cpp:516
    #22 0x7f90ec199a5a in nsHTMLScrollFrame::ReflowContents(ScrollReflowState*, nsHTMLReflowMetrics const&) firefox/src/layout/generic/nsGfxScrollFrame.cpp:616
==23774== ABORTING
Stats: 152M malloced (164M for red zones) by 347732 calls
Stats: 44M realloced by 19490 calls
Stats: 113M freed by 220993 calls
Stats: 0M really freed by 0 calls
Stats: 348M (89138 full pages) mmaped in 87 calls
  mmaps   by size class: 8:278511; 9:49146; 10:20475; 11:18423; 12:3072; 13:2048; 14:1536; 15:384; 16:576; 17:128; 18:160; 19:56; 20:16;
  mallocs by size class: 8:260835; 9:46676; 10:16365; 11:16869; 12:2500; 13:1868; 14:1427; 15:337; 16:521; 17:112; 18:159; 19:49; 20:14;
  frees   by size class: 8:153313; 9:36278; 10:12983; 11:13682; 12:1583; 13:972; 14:1237; 15:282; 16:451; 17:98; 18:57; 19:46; 20:11;
  rfrees  by size class:
Stats: malloc large: 334 small slow: 1833
Shadow byte and word:
  0x1ff217d3eb90: fd
  0x1ff217d3eb90: fd fd fd fd fd fd fd fd
More shadow bytes:
  0x1ff217d3eb70: 00 00 fb fb fb fb fb fb
  0x1ff217d3eb78: fb fb fb fb fb fb fb fb
  0x1ff217d3eb80: fa fa fa fa fa fa fa fa
  0x1ff217d3eb88: fa fa fa fa fa fa fa fa
=>0x1ff217d3eb90: fd fd fd fd fd fd fd fd
  0x1ff217d3eb98: fd fd fd fd fd fd fd fd
  0x1ff217d3eba0: fa fa fa fa fa fa fa fa
  0x1ff217d3eba8: fa fa fa fa fa fa fa fa
  0x1ff217d3ebb0: 00 00 fb fb fb fb fb fb
Component: General → Layout: Block and Inline
Product: Firefox → Core
QA Contact: general → layout.block-and-inline
Hmm, nsFrameList::RemoveFirstChild calls virtual functions on the frames, and the read memory doesn't include the poison value, so if the attacker can get their own address in that region, this could lead to arbitrary code execution...
CCing Simon since this is probably related to bidi.
Calling this sec-critical. Cc'ing the guru and apprentice.
Keywords: sec-critical
In a debug build this asserts and crashes like bug 765409
(In reply to Simon Montagu from comment #4)
> In a debug build this asserts and crashes like bug 765409

Same bug then?
Yes I think so -- the patch there (attachment 633853 [details] [diff] [review]) prevents the crash with this bug's testcase too.
Depends on: 765409
Can i be cced on the functional bug 765409 ?
Status: NEW → RESOLVED
Closed: 12 years ago
status-firefox-esr10: --- → unaffected
status-firefox14: --- → affected
status-firefox15: --- → affected
status-firefox16: --- → affected
Resolution: --- → DUPLICATE
Whiteboard: [sg:dupe 765409]
Whiteboard: [sg:dupe 765409] → [sg:dupe 765409][asan]
Group: core-security
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: