Closed
Bug 790164
Opened 11 years ago
Closed 11 years ago
PresShell::DispatchTouchEvent should keep contentPresShell alive while using it
Categories
(Core :: Layout, defect)
Tracking
()
RESOLVED
FIXED
mozilla18
Tracking | Status | |
---|---|---|
firefox15 | --- | unaffected |
firefox16 | + | fixed |
firefox17 | + | fixed |
firefox18 | + | fixed |
firefox-esr10 | --- | unaffected |
People
(Reporter: smaug, Assigned: wesj)
References
Details
(Keywords: csectype-uaf, regression, sec-critical, Whiteboard: regression from 732052)
Attachments
(1 file, 1 obsolete file)
978 bytes,
patch
|
smaug
:
review+
akeybl
:
approval-mozilla-aurora+
akeybl
:
approval-mozilla-beta+
|
Details | Diff | Splinter Review |
I mentioned the problem few times in review comments, yet we have now an sg:crit bug ;) https://bugzilla.mozilla.org/show_bug.cgi?id=732052#c44
Updated•11 years ago
|
status-firefox-esr10:
--- → unaffected
status-firefox15:
--- → unaffected
status-firefox16:
--- → affected
status-firefox17:
--- → affected
status-firefox18:
--- → affected
Keywords: sec-critical
Whiteboard: regression from 732052
Assignee | ||
Comment 1•11 years ago
|
||
Assignee: nobody → wjohnston
Attachment #660146 -
Flags: review?(bugs)
Assignee | ||
Comment 2•11 years ago
|
||
Whoops. Sorry about that :(
Attachment #660146 -
Attachment is obsolete: true
Attachment #660146 -
Flags: review?(bugs)
Attachment #660147 -
Flags: review?(bugs)
Updated•11 years ago
|
Reporter | ||
Comment 3•11 years ago
|
||
Comment on attachment 660147 [details] [diff] [review] Patch v2 No need to assign nullptr.
Attachment #660147 -
Flags: review?(bugs) → review+
Assignee | ||
Comment 4•11 years ago
|
||
http://hg.mozilla.org/integration/mozilla-inbound/rev/89e726e160e5
Assignee | ||
Comment 5•11 years ago
|
||
Comment on attachment 660147 [details] [diff] [review] Patch v2 I assume we want to move this forward. [Approval Request Comment] Bug caused by (feature/regressing bug #): bug 732052 User impact if declined: Security risks if the presShell is destroyed by the touch event. Testing completed (on m-c, etc.): landed on mc today (9/11/12) Risk to taking this patch (and alternatives if risky): Low risk. String or UUID changes made by this patch: None.
Attachment #660147 -
Flags: approval-mozilla-beta?
Attachment #660147 -
Flags: approval-mozilla-aurora?
Comment 6•11 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/89e726e160e5
Status: NEW → RESOLVED
Closed: 11 years ago
Flags: in-testsuite-
Resolution: --- → FIXED
Target Milestone: --- → mozilla18
Comment 7•11 years ago
|
||
sec-critical regression in FF16 - approved for landing on branches.
Updated•11 years ago
|
Attachment #660147 -
Flags: approval-mozilla-beta?
Attachment #660147 -
Flags: approval-mozilla-beta+
Attachment #660147 -
Flags: approval-mozilla-aurora?
Attachment #660147 -
Flags: approval-mozilla-aurora+
Assignee | ||
Comment 8•11 years ago
|
||
https://hg.mozilla.org/releases/mozilla-beta/rev/e5f591a4b733 https://hg.mozilla.org/releases/mozilla-aurora/rev/75cf936e3bdc
Updated•11 years ago
|
Updated•11 years ago
|
Updated•11 years ago
|
You need to log in
before you can comment on or make changes to this bug.
Description
•