Comment on attachment 8634026 [details] [diff] [review] patch [Security approval request comment] This is similar to https://bugzilla.mozilla.org/show_bug.cgi?id=1183901#c3

sec-approval+. We should take this on affected branches as well.

Comment on attachment 8634026 [details] [diff] [review] patch [Approval Request Comment] https://bugzilla.mozilla.org/show_bug.cgi?id=1183901#c3 The patch seems to apply cleanly to esr38 too.

I have the same question here as in https://bugzilla.mozilla.org/show_bug.cgi?id=1183901#c8. If the browser is not affected in the default configuration, do we need to uplift the fix?

abillings - Can we let this fix ride the trains like bug 1183901?

Yes, it can ride the trains too.

Comment on attachment 8634026 [details] [diff] [review] patch As per comment 8, we're going to let this ride the trains.

Comment on attachment 8634026 [details] [diff] [review] patch NOTE: Please see https://wiki.mozilla.org/Release_Management/B2G_Landing to better understand the B2G approval process and landings. [Approval Request Comment] Bug caused by (feature/regressing bug #): bug 854736 User impact if declined: crashes in certified apps that use WebComponents Testing completed: just tree herder Risk to taking this patch (and alternatives if risky): low, this is pretty standard stuff String or UUID changes made by this patch: none (This is similar to bug 1183901.)

Comment on attachment 8634026 [details] [diff] [review] patch This is sec-high, so it has auto-approval for uplift to affected active B2G branches.

https://hg.mozilla.org/releases/mozilla-b2g37_v2_2/rev/1d69c96a0517 https://hg.mozilla.org/releases/mozilla-b2g37_v2_2r/rev/1d69c96a0517 https://hg.mozilla.org/releases/mozilla-b2g34_v2_1s/rev/be0a244d16c7

Olli, would this benefit from a test?

bug 1183604 made us assert hard on debug builds if this kind of mistake happens in the future.

Was this disabled in 41, like bug 1183901?

yeah, this is web components stuff too, so, not enabled by default.