Closed Bug 767174 Opened 12 years ago Closed 12 years ago

Use After free bug in Firefox 13.0.1

Categories

(Core :: DOM: Core & HTML, defect)

Product:
Core
Component:
DOM: Core & HTML
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 740707

People

(Reporter: security, Unassigned)

Details

Attachments

(1 file)

crash.zip
149.75 KB, application/java-archive
Details
Attached file crash.zip 
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_3) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5

Steps to reproduce:

Fuzzed using modified Cross Fuzzer attached with this bug report. 


Actual results:

The browser crashes due to not being able to free memory after closing the tab.

The crash report is available at https://crash-stats.mozilla.com/report/index/92a5a4ca-df3f-47d3-889e-971b02120619 


Expected results:

It should have worked perfectly without any crashes.
Attachment #635490 - Attachment mime type: application/octet-stream → application/java-archive
This looks like a dupe of bug 740707.  Please file a new bug if you can reproduce in 14.
Group: core-security
Status: UNCONFIRMED → RESOLVED
Closed: 12 years ago
Component: Untriaged → DOM: Core & HTML
Product: Firefox → Core
QA Contact: untriaged → general
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: