In bug 1028588 we removed dangerous public destructors of XPCOM-refcounted classes outside of a finite whitelist, see HasDangerousPublicDestructor. Now we are going over the entries in this whitelist. One of them is: nsNSSCertificate

try: https://tbpl.mozilla.org/?tree=Try&rev=daa327c18c40

Comment on attachment 8464348 [details] [diff] [review] Remove dangerous public destructor of nsNSSCertificate. Review of attachment 8464348 [details] [diff] [review]: ----------------------------------------------------------------- ::: security/manager/ssl/src/nsClientAuthRemember.cpp @@ +113,5 @@ > > { > ReentrantMonitorAutoEnter lock(monitor); > if (aClientCert) { > + RefPtr<nsNSSCertificate> pipCert = new nsNSSCertificate(aClientCert); Same question as with the other bug (i.e. maybe use this instead: 'RefPtr<nsNSSCertificate> pipCert(new nsNSSCertificate(aClientCert));') ::: security/manager/ssl/src/nsNSSCertificateDB.cpp @@ +1239,5 @@ > for (node = CERT_LIST_HEAD(certList); > !CERT_LIST_END(node, certList); > node = CERT_LIST_NEXT(node)) { > if (getCertType(node->cert) == type) { > + RefPtr<nsNSSCertificate> pipCert = new nsNSSCertificate(node->cert); same

I don't know either, so I just changed it. https://hg.mozilla.org/integration/mozilla-inbound/rev/7dc88a0988df