This bug was filed from the Socorro interface and is report bp-fcc1786c-69e6-4a16-a156-3aa030171103. ============================================================= Top 10 frames of crashing thread: 0 xul.dll js::InterpreterFrame::prologue js/src/vm/Stack.cpp:244 1 xul.dll Interpret js/src/vm/Interpreter.cpp:1910 2 xul.dll js::RunScript js/src/vm/Interpreter.cpp:435 3 xul.dll js::ExecuteKernel js/src/vm/Interpreter.cpp:724 4 xul.dll ExecuteInExtensibleLexicalEnvironment js/src/builtin/Eval.cpp:465 5 xul.dll js::ExecuteInJSMEnvironment js/src/builtin/Eval.cpp:551 6 xul.dll js::ExecuteInJSMEnvironment js/src/builtin/Eval.cpp:509 7 xul.dll mozJSComponentLoader::ObjectForLocation js/xpconnect/loader/mozJSComponentLoader.cpp:852 8 xul.dll mozJSComponentLoader::LoadModule js/xpconnect/loader/mozJSComponentLoader.cpp:385 9 xul.dll nsComponentManagerImpl::KnownModule::Load xpcom/components/nsComponentManager.cpp:754 ============================================================= UAF going back to at least 52esr/53, and probably further. The numbers of e5 crashes seem to have bumped up in 57b10/b11 for some reason. Crashes appear to occur at two different locations in the function.

Likely a duplicate of bug 1409179.

Switching ni? to Jan who's investigating the other bug.

Ted, another XDR bug for your collection.

Thanks Jan! Almost certainly is. The crash graph for nightly went flat after I landed mitigations last week.

Crash doesn't appear in 58.0b9 and earlier crashes are consistent with problems Bug 1418894 addresses.

This is rated sec-high, but it looks like ESR52 rarely hits these crashes in practice. Should we push on backporting the XDR hardening patches there anyway or let them ride 58?

Moving this conversation to Bug 1423616.