This is a regression from bug 818716 and bug 820666. Once a PoC code runs, XBL scripts for video controls no longer work even after restarting Firefox. The problem does not happen when nglayout.debug.disable_xul_cache is true. I'm marking this as s-s since the testcase might reveal a part of bug 816071.
Created attachment 692297 [details] testcase 2 Sorry, I was wrong. The code in the old testcase is irrelevant. Steps to reproduce: 1. Run Firefox with a clean profile. 2. Load a page that contains a video element. 3. Restart Firefox. 4. Repeat 2 & 3 a few times.
So this is not a security bug, except that the first testcase might reveal a part of other security bug.
Sorry for the confusion. At first I thought the code in the 1st testcase caused the symptom, and thus I filed this bug with the wrong summary and description, and then I realized that the code is irrelevant (comment #2). Actually this bug is a duplicate of bug 823279 and already fixed, and the issue the code in the 1st testcase involved is discussed in other bugs, so there is no need to keep this bug open. But, I'm concerned that resolving this bug as a duplicate of bug 823279 might reveal that there's a known security issue involved with XBL. Please properly close this bug.
Closing per comment 5.