Closed
Bug 831090
Opened 11 years ago
Closed 11 years ago
crash @Worker::SetEventListener with Worker and __proto__
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
People
(Reporter: nils, Assigned: Waldo)
References
Details
(Keywords: crash, sec-critical, testcase, Whiteboard: [asan])
Attachments
(1 file)
463 bytes,
text/html
|
Details |
Firefox nightly crashes when loading the attached testcase. Crashes on accessing unmapped memory. Stack backtrace on Windows: xul!`anonymous namespace'::Worker::SetEventListener+0x1e: 620656a5 8b34853c825e62 mov esi,dword ptr xul!Worker::sEventStrings (625e823c)[eax*4] ds:002b:6b4be6fc=???????? 0:000:x86> cdb: Reading initial command 'kp 16;q' ChildEBP RetAddr 0044be4c 68879ad7 xul!`anonymous namespace'::Worker::SetEventListener(struct JSContext * aCx = 0x06b1d800, class JS::Handle<JSObject *> aObj = class JS::Handle<JSObject *>, class JS::Handle<int> aIdval = class JS::Handle<int>, int aStrict = 0n0, class JS::MutableHandle<JS::Value> aVp = class JS::MutableHandle<JS::Value>)+0x1e 0044be70 688a634b mozjs!js::CallSetter+0x160697 0044bf44 687c2789 mozjs!js::baseops::SetPropertyHelper+0x1097eb 0044bf8c 687c2808 mozjs!js::DirectProxyHandler::set(struct JSContext * cx = 0x06b1d800, struct JSObject * proxy = 0x04452130, struct JSObject * receiverArg = 0x0446a180, int id_ = 0n74887776, bool strict = false, class JS::Value * vp = 0x0044bff0)+0x79 0044bfb8 687312b2 mozjs!js::DirectWrapper::set(struct JSContext * cx = 0x06b1d800, struct JSObject * wrapper = 0x04452130, struct JSObject * receiver = 0x0446a180, int id = 0n74887681, bool strict = false, class JS::Value * vp = 0x0044bff0)+0x48 0044c000 6872041e mozjs!js::CrossCompartmentWrapper::set(struct JSContext * cx = 0x06b1d800, struct JSObject * wrapper_ = 0x04452130, struct JSObject * receiver_ = 0x04452130, int id_ = 0n74887776, bool strict = false, class JS::Value * vp = 0x0044c0e0)+0xc2 0044c070 68720454 mozjs!js::Proxy::set(struct JSContext * cx = 0x06b1d800, class JS::Handle<JSObject *> proxy_ = class JS::Handle<JSObject *>, class JS::Handle<JSObject *> receiver = class JS::Handle<JSObject *>, class JS::Handle<int> id = class JS::Handle<int>, bool strict = false, class JS::MutableHandle<JS::Value> vp = class JS::MutableHandle<JS::Value>)+0x6e 0044c08c 68786ae1 mozjs!proxy_SetGeneric(struct JSContext * cx = 0x06b1d800, class JS::Handle<JSObject *> obj = class JS::Handle<JSObject *>, class JS::Handle<int> id = class JS::Handle<int>, class JS::MutableHandle<JS::Value> vp = class JS::MutableHandle<JS::Value>, int strict = 0n0)+0x24 0044c0ec 68792080 mozjs!js::SetPropertyOperation(struct JSContext * cx = 0x06b1d800, unsigned char * pc = 0x023b5930 "--- memory read error at address 0x023b5930 ---", class JS::Handle<JS::Value> lval = class JS::Handle<JS::Value>, class JS::Handle<JS::Value> rval = class JS::Handle<JS::Value>)+0x241 0044cc10 6878b4ae mozjs!js::Interpret(struct JSContext * cx = 0x0044be80, class js::StackFrame * entryFrame = 0x03990020, js::InterpMode interpMode = JSINTERP_NORMAL (0n0))+0x1eb0 0044cc84 68782222 mozjs!js::RunScript(struct JSContext * cx = 0x06b1d800, class JS::Handle<JSScript *> script = class JS::Handle<JSScript *>, class js::StackFrame * fp = 0x03990020)+0x8e 0044ccdc 6872dd2d mozjs!js::ExecuteKernel(struct JSContext * cx = 0x06b1d800, class JS::Handle<JSScript *> script = class JS::Handle<JSScript *>, struct JSObject * scopeChain = 0x0444d040, class JS::Value * thisv = 0x0044cd08, js::ExecuteType type = EXECUTE_GLOBAL (0n1), class js::StackFrame * evalInFrame = 0x00000000, class JS::Value * result = 0x00000000)+0x122 0044cd10 68727d73 mozjs!js::Execute(struct JSContext * cx = 0x06b1d800, class JS::Handle<JSScript *> script = class JS::Handle<JSScript *>, struct JSObject * scopeChainArg = 0x023b5930, class JS::Value * rval = 0x00000000)+0x9d 0044cd6c 6196e3b2 mozjs!JS::Evaluate(struct JSContext * cx = 0x06b1d800, class JS::Handle<JSObject *> obj = class JS::Handle<JSObject *>, struct JS::CompileOptions options = struct JS::CompileOptions, wchar_t * chars = 0x06825a60 "start();", unsigned int length = 8, class JS::Value * rval = 0x00000000)+0xa3 0044ce30 61a98ae7 xul!nsJSContext::EvaluateString(class nsAString_internal * aScript = 0x0044ce84, struct JSObject * aScopeObject = 0x0444d040, class nsIPrincipal * aPrincipal = 0x07584fa0, class nsIPrincipal * aOriginPrincipal = 0x07584fa0, char * aURL = 0x07aebbf8 "file:///C:/Users/Password/Desktop/TestCaseStable/repro/ff.html", unsigned int aLineNo = 0x78, JSVersion aVersion = JSVERSION_DEFAULT (0n0), class nsAString_internal * aRetValue = 0x00000000, bool * aIsUndefined = 0x0044ce6b)+0x282 0044ce8c 61a98770 xul!nsGlobalWindow::RunTimeoutHandler(struct nsTimeout * aTimeout = 0x023b5930, class nsIScriptContext * aScx = 0x06b2dd30)+0x1c7 0044cf20 61a9d535 xul!nsGlobalWindow::RunTimeout(struct nsTimeout * aTimeout = 0x07aebbf8)+0x210 0044cf38 61a725fe xul!nsGlobalWindow::TimerCallback(class nsITimer * aTimer = 0x068240d0, void * aClosure = 0x07aebc40)+0x1b 0044cf78 61a72820 xul!nsTimerImpl::Fire(void)+0x12e 0044cf80 619e1dbf xul!nsTimerEvent::Run(void)+0x20 0044cff0 61b8c86f xul!nsThread::ProcessNextEvent(bool mayWait = false, bool * result = 0x0044d02c)+0x2cf 0044d024 61b9ca2b xul!mozilla::ipc::MessagePump::Run(class base::MessagePump::Delegate * aDelegate = 0x00e42001)+0x5f quit:
Attachment #702586 -
Attachment mime type: text/plain → text/html
Updated•11 years ago
|
Flags: sec-bounty?
Updated•11 years ago
|
QA Contact: mwobensmith
Comment 1•11 years ago
|
||
Matt said he'd get us an ASAN log for this.
Assertion failure: JSID_IS_INT(aIdval), at c:/dev/mozilla-inbound/dom/workers/Worker.cpp:184
Status: UNCONFIRMED → NEW
Ever confirmed: true
Comment 3•11 years ago
|
||
ASan log from build from 2013-01-16 (Mac): ============================ ==8286== ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x00010521e648 sp 0x7fff5fbf0ba0 bp 0x7fff5fbf0e30 T0) AddressSanitizer can not provide additional info. #0 0x10521e647 in (anonymous namespace)::Worker::SetEventListener(JSContext*, JS::Handle<JSObject*>, JS::Handle<jsid>, int, JS::MutableHandle<JS::Value>) (in XUL) + 951 #1 0x107d5c43e in js::CallJSPropertyOpSetter(JSContext*, int (*)(JSContext*, JS::Handle<JSObject*>, JS::Handle<jsid>, int, JS::MutableHandle<JS::Value>), JS::Handle<JSObject*>, JS::Handle<jsid>, int, JS::MutableHandle<JS::Value>) (in XUL) + 446 #2 0x107d580a6 in js::CallSetter(JSContext*, JS::Handle<JSObject*>, JS::Handle<jsid>, int (*)(JSContext*, JS::Handle<JSObject*>, JS::Handle<jsid>, int, JS::MutableHandle<JS::Value>), unsigned int, unsigned int, int, JS::MutableHandle<JS::Value>) (in XUL) + 726 #3 0x107ccf884 in js::baseops::SetPropertyHelper(JSContext*, JS::Handle<JSObject*>, JS::Handle<JSObject*>, JS::Handle<jsid>, unsigned int, JS::MutableHandle<JS::Value>, int) (in XUL) + 1460 #4 0x107b04e14 in JSObject::setGeneric(JSContext*, JS::Handle<JSObject*>, JS::Handle<JSObject*>, JS::Handle<jsid>, JS::MutableHandle<JS::Value>, int) (in XUL) + 292 #5 0x107d38b4e in js::DirectProxyHandler::set(JSContext*, JSObject*, JSObject*, jsid, bool, JS::Value*) (in XUL) + 814 #6 0x107eac764 in js::Wrapper::set(JSContext*, JSObject*, JSObject*, jsid, bool, JS::Value*) (in XUL) + 244 #7 0x107eaf35d in js::CrossCompartmentWrapper::set(JSContext*, JSObject*, JSObject*, jsid, bool, JS::Value*) (in XUL) + 829 #8 0x107d4d979 in js::Proxy::set(JSContext*, JS::Handle<JSObject*>, JS::Handle<JSObject*>, JS::Handle<jsid>, bool, JS::MutableHandle<JS::Value>) (in XUL) + 1449 #9 0x107d5132e in proxy_SetGeneric(JSContext*, JS::Handle<JSObject*>, JS::Handle<jsid>, JS::MutableHandle<JS::Value>, int) (in XUL) + 30 #10 0x107cbefda in JSObject::nonNativeSetProperty(JSContext*, JS::Handle<JSObject*>, JS::Handle<jsid>, JS::MutableHandle<JS::Value>, int) (in XUL) + 266 #11 0x107b04dfb in JSObject::setGeneric(JSContext*, JS::Handle<JSObject*>, JS::Handle<JSObject*>, JS::Handle<jsid>, JS::MutableHandle<JS::Value>, int) (in XUL) + 267 #12 0x107c803c3 in js::SetPropertyOperation(JSContext*, unsigned char*, JS::Handle<JS::Value>, JS::Handle<JS::Value>) (in XUL) + 4659 #13 0x107c5f393 in js::Interpret(JSContext*, js::StackFrame*, js::InterpMode) (in XUL) + 35699 #14 0x1080b1a9c in js::mjit::EnterMethodJIT(JSContext*, js::StackFrame*, void*, JS::Value*, bool) (in XUL) + 860 #15 0x1080b202b in CheckStackAndEnterMethodJIT(JSContext*, js::StackFrame*, void*, bool) (in XUL) + 299 #16 0x1080b1e56 in js::mjit::JaegerShot(JSContext*, bool) (in XUL) + 454 #17 0x107c56592 in js::RunScript(JSContext*, JS::Handle<JSScript*>, js::StackFrame*) (in XUL) + 946 #18 0x107c6ce2e in js::InvokeKernel(JSContext*, JS::CallArgs, js::MaybeConstruct) (in XUL) + 1102 #19 0x107e1a071 in js::Invoke(JSContext*, js::InvokeArgsGuard&, js::MaybeConstruct) (in XUL) + 65 #20 0x107c6d950 in js::Invoke(JSContext*, JS::Value const&, JS::Value const&, unsigned int, JS::Value*, JS::Value*) (in XUL) + 720 #21 0x107af4cfa in JS_CallFunctionValue(JSContext*, JSObject*, JS::Value, unsigned int, JS::Value*, JS::Value*) (in XUL) + 650 #22 0x10677d982 in mozilla::dom::EventHandlerNonNull::Call(JSContext*, JSObject*, nsIDOMEvent*, mozilla::ErrorResult&) (in XUL) + 450 #23 0x105196ae6 in JS::Value mozilla::dom::EventHandlerNonNull::Call<nsISupports*>(nsISupports* const&, nsIDOMEvent*, mozilla::ErrorResult&) (in XUL) + 262 #24 0x105195045 in nsJSEventListener::HandleEvent(nsIDOMEvent*) (in XUL) + 789 #25 0x104b721f7 in nsEventListenerManager::HandleEventSubType(nsListenerStruct*, nsIDOMEventListener*, nsIDOMEvent*, nsIDOMEventTarget*, nsCxPusher*) (in XUL) + 359 #26 0x104b72614 in nsEventListenerManager::HandleEventInternal(nsPresContext*, nsEvent*, nsIDOMEvent**, nsIDOMEventTarget*, nsEventStatus*, nsCxPusher*) (in XUL) + 932 #27 0x104bbe61b in nsEventTargetChainItem::HandleEvent(nsEventChainPostVisitor&, bool, nsCxPusher*) (in XUL) + 523 #28 0x104bbb81e in nsEventTargetChainItem::HandleEventTargetChain(nsEventChainPostVisitor&, nsDispatchingCallback*, bool, nsCxPusher*) (in XUL) + 942 #29 0x104bbcefa in nsEventDispatcher::Dispatch(nsISupports*, nsPresContext*, nsEvent*, nsIDOMEvent*, nsEventStatus*, nsDispatchingCallback*, nsCOMArray<nsIDOMEventTarget>*) (in XUL) + 3930 #30 0x104333a66 in nsDocumentViewer::LoadComplete(tag_nsresult) (in XUL) + 1222 #31 0x105ba0a7c in nsDocShell::EndPageLoad(nsIWebProgress*, nsIChannel*, tag_nsresult) (in XUL) + 1212 #32 0x105b9ec5d in nsDocShell::OnStateChange(nsIWebProgress*, nsIRequest*, unsigned int, tag_nsresult) (in XUL) + 3373 #33 0x105b9f0bf in non-virtual thunk to nsDocShell::OnStateChange(nsIWebProgress*, nsIRequest*, unsigned int, tag_nsresult) (in XUL) + 15 #34 0x105bee115 in nsDocLoader::DoFireOnStateChange(nsIWebProgress*, nsIRequest*, int&, tag_nsresult) (in XUL) + 1045 #35 0x105bed7fb in nsDocLoader::doStopDocumentLoad(nsIRequest*, tag_nsresult) (in XUL) + 427 #36 0x105bebbc4 in nsDocLoader::DocLoaderIsEmpty(bool) (in XUL) + 1540 #37 0x105bed02d in nsDocLoader::OnStopRequest(nsIRequest*, nsISupports*, tag_nsresult) (in XUL) + 1901 #38 0x105bed5dc in non-virtual thunk to nsDocLoader::OnStopRequest(nsIRequest*, nsISupports*, tag_nsresult) (in XUL) + 12 #39 0x103c62770 in nsLoadGroup::RemoveRequest(nsIRequest*, nsISupports*, tag_nsresult) (in XUL) + 1952 #40 0x104964247 in nsDocument::DoUnblockOnload() (in XUL) + 567 #41 0x104950dc6 in nsDocument::DispatchContentLoadedEvents() (in XUL) + 1814 #42 0x104986ef9 in nsRunnableMethodImpl<void (nsDocument::*)(), true>::Run() (in XUL) + 137 #43 0x106a6fefb in nsThread::ProcessNextEvent(bool, bool*) (in XUL) + 2139 #44 0x1069b679e in NS_ProcessPendingEvents_P(nsIThread*, unsigned int) (in XUL) + 254 #45 0x1061b8c13 in nsBaseAppShell::NativeEventCallback() (in XUL) + 451 #46 0x10613886a in nsAppShell::ProcessGeckoEvents(void*) (in XUL) + 490 #47 0x7fff88bed100 in __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ (in CoreFoundation) + 16 #48 0x7fff88beca24 in __CFRunLoopDoSources0 (in CoreFoundation) + 244 #49 0x7fff88c0fdc4 in __CFRunLoopRun (in CoreFoundation) + 788 #50 0x7fff88c0f6b1 in CFRunLoopRunSpecific (in CoreFoundation) + 289 #51 0x7fff8594b0a3 in RunCurrentEventLoopInMode (in HIToolbox) + 208 #52 0x7fff8594ad83 in ReceiveNextEventCommon (in HIToolbox) + 165 #53 0x7fff8594acd2 in BlockUntilNextEventMatchingListInMode (in HIToolbox) + 61 #54 0x7fff8b122612 in _DPSNextEvent (in AppKit) + 684 #55 0x7fff8b121ed1 in -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] (in AppKit) + 127 #56 0x1061370b5 in -[GeckoNSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] (in XUL) + 245 #57 0x7fff8b119282 in -[NSApplication run] (in AppKit) + 516 #58 0x106139449 in nsAppShell::Run() (in XUL) + 185 #59 0x105d0dce7 in nsAppStartup::Run() (in XUL) + 311 #60 0x103bc649f in XREMain::XRE_mainRun() (in XUL) + 4287 #61 0x103bc7457 in XREMain::XRE_main(int, char**, nsXREAppData const*) (in XUL) + 599 #62 0x103bc7912 in XRE_main (in XUL) + 146 #63 0x1000031e8 in 0x2000031e8 #64 0x10000252f in 0x20000252f #65 0x100001a93 in 0x200001a93 #66 0x0 in 0x0000000100000000 (in firefox-bin) Stats: 986M malloced (701M for red zones) by 1392583 calls Stats: 127M realloced by 55974 calls Stats: 900M freed by 1123789 calls Stats: 853M really freed by 1053942 calls Stats: 458M (117257 full pages) mmaped in 744 calls mmaps by size class: 7:311220; 8:114632; 9:29667; 10:13797; 11:8925; 12:7040; 13:2048; 14:864; 15:816; 16:1072; 17:468; 18:46; 19:38; 20:24; 21:11; 22:5; 23:3; 24:1; mallocs by size class: 7:854033; 8:288459; 9:89546; 10:60949; 11:51397; 12:21431; 13:10941; 14:5070; 15:4792; 16:3174; 17:2388; 18:161; 19:119; 20:69; 21:29; 22:13; 23:7; 24:5; frees by size class: 7:687861; 8:218664; 9:71293; 10:53900; 11:48276; 12:19040; 13:10214; 14:4567; 15:4586; 16:2685; 17:2354; 18:135; 19:101; 20:63; 21:27; 22:12; 23:6; 24:5; rfrees by size class: 7:642449; 8:206305; 9:67677; 10:50896; 11:44943; 12:17944; 13:9771; 14:4437; 15:4353; 16:2545; 17:2281; 18:134; 19:97; 20:61; 21:27; 22:12; 23:6; 24:4; Stats: malloc large: 10857 small slow: 20227 ==8286== ABORTING
I'm going to tentatively move this over to spirdermonkey... Basically the Worker code uses tinyIds as args to this function and SM is somehow losing track of the fact that it needs to do so. In my debug build I see this in jscntxtinlines.h: 465 inline bool 466 CallSetter(JSContext *cx, HandleObject obj, HandleId id, StrictPropertyOp op, unsigned attrs, 467 unsigned shortid, JSBool strict, MutableHandleValue vp) 468 { 469 if (attrs & JSPROP_SETTER) 470 return InvokeGetterOrSetter(cx, obj, CastAsObjectJsval(op), 1, vp.address(), vp.address()); 471 472 if (attrs & JSPROP_GETTER) 473 return js_ReportGetterOnlyAssignment(cx); 474 475 if (!(attrs & JSPROP_SHORTID)) 476 return CallJSPropertyOpSetter(cx, op, obj, id, strict, vp); 477 478 RootedId nid(cx, INT_TO_JSID(shortid)); 479 480 return CallJSPropertyOpSetter(cx, op, obj, nid, strict, vp); 481 } We're crashing when we call CallJSPropertyOpSetter on 476, apparently because the attrs no longer includes the SHORTID flag. I can fix all the uses of tinyIds that I have to check for this problem rather than assert but it seems like this should be fixed in the engine to me.
Assignee: nobody → general
Component: DOM: Workers → JavaScript Engine
Updated•11 years ago
|
Comment 5•11 years ago
|
||
> I can fix all the uses of tinyIds that I have to check for this problem
> rather than assert but it seems like this should be fixed in the engine to
> me.
any progress on either one of these options?
Updated•11 years ago
|
Flags: sec-bounty?
Updated•11 years ago
|
Keywords: sec-high → sec-critical
Comment 7•11 years ago
|
||
Naveed, this bug is dead in the water. Can you take this and get it assigned to someone to fix?
Assignee: general → nihsanullah
Whiteboard: [asan]
Updated•11 years ago
|
Flags: needinfo?(nihsanullah)
Updated•11 years ago
|
status-b2g18:
--- → ?
status-firefox21:
--- → wontfix
status-firefox22:
--- → affected
status-firefox23:
--- → affected
status-firefox24:
--- → affected
status-firefox-esr17:
--- → ?
Updated•11 years ago
|
Assignee | ||
Comment 8•11 years ago
|
||
Yoink.
Assignee: nihsanullah → jwalden+bmo
Flags: needinfo?(nihsanullah)
Assignee | ||
Comment 9•11 years ago
|
||
I can't reproduce this with the attached testcase. My suspicion is that new Worker(null), since this bug was filed, has been kneecapped, and that something else needs to be done here to make this testcase work/crash again. I can probably puzzle something out with some guessing -- or fall back to building and testing an older build, although then I'll hit potential issues when I write a fix and need to verify it against trunk -- but someone more knowledgeable about what might have changed in how we process that first argument to the Worker constructor might be able to do it quicker.
Comment 10•11 years ago
|
||
No more crash for me either - using today's m-c ASan build as well as recent FF23 ASan build also.
Comment 11•11 years ago
|
||
Nils - do you have another test case by any chance that might help us surface this? Or verify that this issue is actually fixed?
status-firefox25:
--- → affected
Assignee | ||
Comment 12•11 years ago
|
||
bent, any thoughts on a Worker-side change that might have triggered comment 9? I think I lack the time to do the archaeology myself to find the cause, if indeed that guess is at all correct.
Flags: needinfo?(bent.mozilla)
I haven't seen anything change in this code wrt tinyIds.
Flags: needinfo?(bent.mozilla)
Assignee | ||
Comment 14•11 years ago
|
||
Not wrt tinyids -- wrt |new Worker(null)| and that possibly spinning up a worker in the past, where it doesn't now (because of URL syntax-checking or similar?).
Flags: needinfo?(bent.mozilla)
Ah! Maybe bug 587251 is what you're looking for (and hey, look who filed it!).
Flags: needinfo?(bent.mozilla)
Comment 16•11 years ago
|
||
Any updates on this?
Reporter | ||
Comment 17•11 years ago
|
||
I haven't seen any of these crashes with my fuzzer in a while now ...
Comment 18•11 years ago
|
||
Jesse, can you auto-bisect using the testcase here to see when this got fixed/obscured?
Flags: needinfo?(jruderman)
Updated•11 years ago
|
tracking-firefox25:
--- → -
Updated•11 years ago
|
Depends on: CVE-2013-5602
Comment 19•11 years ago
|
||
Seems this was fixed/obscured on May 5: http://hg.mozilla.org/mozilla-central/rev/adaaf6641785 Bug 855971 - Switch HTMLDocument to WebIDL bindings. r=bz. Tested using debug builds on Mac and watching for the assertion. (This doesn't seem to match Waldo's theory.)
Flags: needinfo?(jruderman)
Comment 20•11 years ago
|
||
Note that bug 897678 has what looks like a testcase that reproduces this exact issue on trunk.
Comment 21•11 years ago
|
||
Any updates, Jeff?
Assignee | ||
Comment 22•11 years ago
|
||
I'm fairly sure bug 897678 will fix this.
Flags: needinfo?(jwalden+bmo)
Updated•11 years ago
|
Comment 23•11 years ago
|
||
Assuming wontfix for 23 and 24. Waldo can you verify bug 897678 fixes this one? (Or pass to someone who can)
Flags: needinfo?(jwalden+bmo)
Assignee | ||
Comment 24•11 years ago
|
||
The similarity between the testcase here, and the testcase there, is enough I'm pretty confident calling this a dup. (Technically no one can reproduce this, because this testcase broke with other changes we've made semi-recently. If you wanted absolute, 100% proof you'd probably want to take a patch from here, apply it against a super-old build where this testcase failed, and check for bustage. But I don't think it's worth the trouble, given the similarity of that testcase to this one.)
Flags: needinfo?(jwalden+bmo)
Updated•11 years ago
|
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → DUPLICATE
Updated•11 years ago
|
tracking-firefox26:
+ → ---
Updated•9 years ago
|
Group: core-security → core-security-release
Updated•8 years ago
|
Group: core-security-release
You need to log in
before you can comment on or make changes to this bug.
Description
•