Use After free bug in Firefox 13.0.1

RESOLVED DUPLICATE of bug 740707

Status

()

Core
DOM: Core & HTML
RESOLVED DUPLICATE of bug 740707
6 years ago
6 years ago

People

(Reporter: XYSEC, Unassigned)

Tracking

Trunk
x86
Mac OS X
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

149.75 KB, application/java-archive
Details
(Reporter)

Description

6 years ago
Created attachment 635490 [details]
crash.zip

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_3) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5

Steps to reproduce:

Fuzzed using modified Cross Fuzzer attached with this bug report. 


Actual results:

The browser crashes due to not being able to free memory after closing the tab.

The crash report is available at https://crash-stats.mozilla.com/report/index/92a5a4ca-df3f-47d3-889e-971b02120619 


Expected results:

It should have worked perfectly without any crashes.
Attachment #635490 - Attachment mime type: application/octet-stream → application/java-archive
This looks like a dupe of bug 740707.  Please file a new bug if you can reproduce in 14.
Group: core-security
Status: UNCONFIRMED → RESOLVED
Last Resolved: 6 years ago
Component: Untriaged → DOM: Core & HTML
Product: Firefox → Core
QA Contact: untriaged → general
Resolution: --- → DUPLICATE
Duplicate of bug: 740707
You need to log in before you can comment on or make changes to this bug.