Open
Bug 905036
Opened 11 years ago
Updated 2 years ago
ASSERTION: mForm should be null at this point!: '!mForm', file content/html/content/src/nsGenericHTMLElement.cpp, line 3170
Categories
(Core :: DOM: Core & HTML, defect)
Tracking
()
NEW
People
(Reporter: smontagu, Unassigned)
References
Details
Attachments
(1 file)
|
(deleted),
text/html
|
Details |
See also bug 616027; not sure if this is a dupe or not.
The testcase, originally from bug 894137, asserts since that bug is fixed (and also before the checkin of bug 548206).
###!!! ASSERTION: mForm should be null at this point!: '!mForm', file content/html/content/src/nsGenericHTMLElement.cpp, line 3170
It's not a recent regression: the assertion goes back at least to 2010-09-07, the earliest debug builds I could find on ftp.mozilla.org/pub/firefox/nightly/
|
Reporter | |
Updated•11 years ago
|
tracking-firefox-esr17:
--- → ?
|
|
Reporter | |
Updated•11 years ago
|
status-b2g18:
--- → affected
tracking-b2g18:
--- → ?
|
||
Comment 1•11 years ago
|
||
This is a dup. Trying to find the bug...
|
|
||
Comment 2•11 years ago
|
||
Oh, silly me. I just read the summary of the bugmail I got :)
|
||
Comment 3•11 years ago
|
||
Is this assertion a security problem or is it hidden just because the original test case is bad?
|
||
Comment 4•11 years ago
|
||
> Is this assertion a security problem
Probably not, tagging it sec-other for now...
> is it hidden just because the original test case is bad?
Yes, bug 894137 affects FF23 and is wontfixed there.
Keywords: sec-other
|
|
Reporter | |
Comment 5•11 years ago
|
||
I filed it as security because of the test case from a sec-critical bug and because of what Mats said there in bug 894137 comment 10: "a different test
could trigger the crash (use-after-free via mForm)."
|
||
Comment 6•11 years ago
|
||
Leaving this esr17? for now, but if it gets fixed on trunk & branches we'd need to have more clarification about 'sec-other' since currently that would not fit the criteria for landing to ESR.
|
|
Reporter | |
Updated•10 years ago
|
Blocks: CVE-2013-1724
|
||
Updated•10 years ago
|
|
|
||
Comment 7•10 years ago
|
||
FWIW bug 1162765 should eliminate the security risk here.
|
||
Updated•9 years ago
|
Group: core-security → dom-core-security
|
||
Updated•8 years ago
|
status-b2g18:
affected → ---
status-firefox22:
affected → ---
status-firefox23:
affected → ---
status-firefox24:
affected → ---
status-firefox25:
affected → ---
status-firefox-esr17:
affected → ---
tracking-b2g18:
? → ---
tracking-firefox-esr17:
? → ---
|
|
||
Comment 8•4 years ago
|
||
The related sec bug has been unhidden.
Group: dom-core-security
Keywords: sec-other
|
|
||
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•