https://crash-stats.mozilla.com/report/index/bp-53ad29ed-bdd9-48e9-b7f2-d9d502130505 Happens on current nightly. Steps to reproduce: 1) Go to google.com 2) Open Web Console 3) Type in window.content 4) Click on [object Window] (which should open a dialog with all attributes) 5) CRASH
This crash stack involves DebuggerObject_unsafeDereference, which was added in bug 837723 (Fx23). That's the most recent code that has changed in the stack, so I'd guess that's at fault. This is debugger-only, so maybe not really s-s in that case. Aside from that, there is lots of Xray-y stuff in the stack. Code from bug 836301 (Fx 22) is the most recently changed that I can see.
Summary: crash in js::CompartmentChecker::fail with window.content → Debugger unsafeDereference is unsafe with xrays
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 867771
You need to log in before you can comment on or make changes to this bug.