Firefox crashes when I attempt to View Source of the following valid HTML5 document: <!DOCTYPE html><head><title>title</title ><script src="/script1.js"></script ><script src="/script2.js"></script ><script src="/script3.js"></script ><script src="/script4.js"></script ><body> Tested in 14.0a1 (2012-04-05) using a clean profile.

I can confirm this. View the attachment, press View Source; the View Source window appears for a few seconds (with empty content area), then Firefox suddenly disappears without a message. (Not just the View Source window disappears; Firefox disappears completely.)

WFM: Mozilla/5.0 (X11; Linux x86_64; rv:10.0.3) Gecko/20100101 Firefox/10.0.3 Reproduced: Mozilla/5.0 (X11; Linux x86_64; rv:11.0) Gecko/20100101 Firefox/11.0 Mozilla/5.0 (X11; Linux x86_64; rv:12.0) Gecko/20100101 Firefox/12.0 Mozilla/5.0 (X11; Linux x86_64; rv:13.0) Gecko/20120405 Firefox/13.0a2 Mozilla/5.0 (X11; Linux x86_64; rv:14.0) Gecko/20120405 Firefox/14.0a1 bp-76049004-0fa4-490c-8d59-c2f232120406 bp-0e1b252f-9e28-4bfc-ab3b-a67432120406 bp-ba7fef1c-879c-4dfa-b3c0-234382120406 bp-bda8539f-44fe-49bf-a5c2-8f0b92120406

Last good nightly: 2011-11-01 First bad nightly: 2011-11-02 Pushlog: http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=67d1049b0bf9&tochange=978002c0b0ad

It's worth noting that Firefox can be coaxed into viewing the source of a page by e.g. redirecting to 'view-source:$URL', so an attacker can make affected versions of Firefox crash whenever a user visits a page under the attacker's control.

@Kasper: that does not seem to be a major concern; bug 626963 has allowed anyone to lock up Firefox trivially for about 15 months now.

The first bad revision is: changeset: 79505:175a0afe3c43 user: Henri Sivonen <hsivonen@iki.fi> date: Fri Jul 30 13:15:38 2010 +0300 summary: Bug 482921 part 1 - Implement HTML syntax highlighting using the new parser. r=Olli.Pettay. https://hg.mozilla.org/mozilla-central/rev/175a0afe3c43

Seems duplicate of #742414