Steps to reproduce: 1. Load https://dave.sni.velox.ch/. Result: The https error page appears correctly, but this assertion appears on the console: ###!!! ASSERTION: Using observer service off the main thread!: 'Error', file /Users/jruderman/trunk/mozilla/xpcom/ds/nsObserverService.cpp, line 130 I don't know how to get a stack out of gdb with XPCOM_DEBUG_BREAK=trap when the assertion happens off of the main thread, so here's a stack trace from using XPCOM_DEBUG_BREAK=stack and fix-macosx-stack.pl: nsObserverService::AddObserver(nsIObserver*, char const*, int) (/Users/jruderman/trunk/mozilla/xpcom/ds/nsObserverService.cpp:130) nsCertOverrideService::Init() (/Users/jruderman/trunk/mozilla/security/manager/ssl/src/nsCertOverrideService.cpp:158) nsCertOverrideServiceConstructor(nsISupports*, nsID const&, void**) (/Users/jruderman/trunk/mozilla/security/manager/ssl/src/nsNSSModule.cpp:199) nsGenericFactory::CreateInstance(nsISupports*, nsID const&, void**) (nsGenericFactory.cpp:80) nsComponentManagerImpl::CreateInstanceByContractID(char const*, nsISupports*, nsID const&, void**) (/Users/jruderman/trunk/mozilla/xpcom/components/nsComponentManager.cpp:1800) nsComponentManagerImpl::GetServiceByContractID(char const*, nsID const&, void**) (/Users/jruderman/trunk/mozilla/xpcom/components/nsComponentManager.cpp:2233) CallGetService(char const*, nsID const&, void**) (nsComponentManagerUtils.cpp:94) nsGetServiceByContractID::operator()(nsID const&, void**) const (nsComponentManagerUtils.cpp:278) nsPrintfCString::~nsPrintfCString()+0x00000960 (/Users/jruderman/trunk/mozilla/security/nss/lib/crmf/../../../../dist/include/xpcom/nsCOMPtr.h:1294) nsPrintfCString::~nsPrintfCString()+0x000009B9 (/Users/jruderman/trunk/mozilla/security/nss/lib/crmf/../../../../dist/include/xpcom/nsCOMPtr.h:677) nsNSSBadCertHandler(void*, PRFileDesc*) (/Users/jruderman/trunk/mozilla/security/manager/ssl/src/nsNSSIOLayer.cpp:2637) _ssl3_HandleCertificate (ssl3con.c:7126) _ssl3_HandleHandshakeMessage (ssl3con.c:7782) _ssl3_HandleHandshake (ssl3con.c:7898) _ssl3_HandleRecord (ssl3con.c:8161) _ssl3_GatherCompleteHandshake (ssl3gthr.c:206) _ssl_GatherRecord1stHandshake (sslcon.c:1258) _ssl_Do1stHandshake (sslsecur.c:151) _ssl_SecureSend (sslsecur.c:1152) _ssl_SecureWrite (sslsecur.c:1197) _ssl_Write (sslsock.c:1472) nsSSLThread::Run() (/Users/jruderman/trunk/mozilla/security/manager/ssl/src/nsSSLThread.cpp:1029) nsPSMBackgroundThread::nsThreadRunner(void*) (/Users/jruderman/trunk/mozilla/security/manager/ssl/src/nsPSMBackgroundThread.cpp:44) __pt_root (/Users/jruderman/trunk/mozilla/nsprpub/pr/src/pthreads/ptthread.c:221) __pthread_body (/usr/lib/libSystem.B.dylib)

Yeah, that's bad. Don't do that.

https://freaks-unidos.net/x triggers four additional assertions: ###!!! ASSERTION: Using observer service off the main thread! ###!!! ASSERTION: nsMacLocale not thread-safe ###!!! ASSERTION: nsPlatformCharset not thread-safe ###!!! ASSERTION: nsMacLocale not thread-safe ###!!! ASSERTION: nsCharsetAlias2 not thread-safe

Does this bug has the chance to make things crash or get corrupted? Then it should get a higher priority than P5.

Yeah, this kind of thing can cause instability pretty quickly.

reproduced on windows

Are you still able to reproduce? I don't see assertions with the latest build on Linux, neither console, neither error console window.

It was fixed at bug 413627. See http://bonsai.mozilla.org/cvsview2.cgi?diff_mode=context&whitespace_mode=show&root=/cvsroot&subdir=mozilla/security/manager/ssl/src&command=DIFF_FRAMESET&file=nsCertOverrideService.cpp&rev2=1.4&rev1=1.3 Hope you are aware of possibility the code might be reentered what would be disaster.