Steps to reproduce: 1. Load testcase 2. Refresh testcase (& drag windows across testcase, if that doesn't do it) ACTUAL RESULTS: - Linux: There's a 1px-wide bar of random pixels at the right edge of the viewport - Windows: The right 2/3 of the viewport is entirely black See upcoming screenshots for examples. BUILDS TESTED: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.2) Gecko/2008090211 Ubuntu/8.10 (intrepid) Firefox/3.0.2 Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1 NOTE: This bug is worse in trunk (as compared to FF3.0.x) due to the fact that window.sizeToContent() apparently fails in trunk, leaving a large window with a much larger area of corruption.

Marking as security-sensitive, since this looks like it could be a UMR-type bug.

Adding URL where I initially found this, which has larger content. On Linux FF3.0.x, the bug manifests at this URL as a 1px-wide line of random pixels going all the way down the right side of this page. On Windows FF3.0.x, it's a 1px-wide line of *black* pixels.

(In reply to comment #0) > NOTE: This bug is worse in trunk (as compared to FF3.0.x) due to the fact that > window.sizeToContent() apparently fails in trunk BTW, I filed bug 455577 for the window.sizeToContent() failure in trunk.

Cautiously marking wanted and not blocking for 1.9, pending on 455577 resolution.

Marking as wanted1.9.0.x+ for now so we can investigate.

Marking sg:low as other UMR bugs have been. Feel free to increase severity if you feel it's warranted.

FWIW, this bug's testcase now hangs mozilla-central builds. I've filed bug 472730 on the hang.

Any potential UMR data leak is painted on the page, which pages should not be able to read. The only thing I can think of is Canvas's drawWindow() method which web content is not allowed to use. I think we can unhide this bug.

ss: there's been a bmo reoorg so hitting 'gfx' gets you to gfx: color management not gfx: thebes. I think this is another mis-assignment.

FWIW, this is still a bug in latest trunk. Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.3a1pre) Gecko/20091009 Minefield/3.7a1pre

Testcase is WFM against Firefox 4 and upwards (tested on WinXP).

I don't see this on linux either.

It actually looks like window.sizeToContent() doesn't do anything anymore (at least, not for me). As shown in the screenshots, that function (called on pageload for this testcase) used to make the Firefox window shrink-wrap its content ("foo"). However, that doesn't seem to happen now. So this isn't necessarily fixed -- it's just impossible to *try* to reproduce it, with the existing testcase at this point.