Closed Bug 812929 Opened 9 years ago Closed 9 years ago

imgRequestProxy crash with contenteditable, list-style-image

Categories

(Core :: ImageLib, defect)

x86_64
macOS
defect
Not set
critical

Tracking

()

RESOLVED DUPLICATE of bug 788959

People

(Reporter: jruderman, Assigned: jdm)

References

(Blocks 2 open bugs)

Details

(Keywords: crash, sec-critical, testcase, Whiteboard: [sg:dupe 788959])

Crash Data

Attachments

(2 files, 1 obsolete file)

Sometimes this appears as imgRequestProxy::BlockOnload calling a random address.
Attached file stack
Nightly: bp-3179ed13-0ee5-4ea3-bd12-a5d102121118
Keywords: sec-critical
With this patch I wasn't able to reproduce the intermittent crash in many minutes of frequent refreshing through multiple tabs.
Attachment #683771 - Flags: review?(bzbarsky)
Assignee: nobody → josh
Comment on attachment 683771 [details] [diff] [review]
Clear the listener associated with cancelled bullet frame image requests.

Wrong bug.
Attachment #683771 - Flags: review?(bzbarsky)
Attachment #683771 - Attachment is obsolete: true
I can't seem to reproduce this with the patch in bug 788959 applied.
Now you're just showing off :)
Whiteboard: [Fix on bug 788959]
Depends on: CVE-2013-0762
Can we mark this fixed now?
Sure
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: CVE-2013-0762
Whiteboard: [Fix on bug 788959] → [sg:dupe 788959]
Group: core-security
You need to log in before you can comment on or make changes to this bug.