Closed
Bug 1549812
Opened 6 years ago
Closed 6 years ago
crash in [@ mozilla::PresShell::ScrollFrameRectIntoView]
Categories
(Core :: Layout, defect)
Tracking
()
VERIFIED
FIXED
mozilla69
| Tracking | Status | |
|---|---|---|
| firefox-esr60 | --- | unaffected |
| firefox67 | --- | wontfix |
| firefox68 | --- | verified |
| firefox69 | --- | verified |
People
(Reporter: tsmith, Assigned: emilio)
References
(Blocks 1 open bug)
Details
(4 keywords, Whiteboard: [adv-main68-])
Attachments
(3 files, 3 obsolete files)
|
300 bytes,
text/html
|
Details | |
|
47 bytes,
text/x-phabricator-request
|
jcristau
:
approval-mozilla-beta+
|
Details | Review |
|
63.38 KB,
text/plain
|
Details |
This looks similar to bug 1535187 but it does not appear to be crashing on a framepoison address.
eip = 0xd28647d6 esp = 0xd86fc140 ebp = 0xd86fc278 ebx = 0xd7adede0
esi = 0xb62ba2c8 edi = 0xd86fc220 eax = 0xf56b77ff ecx = 0xd871a200
edx = 0xd871f600 efl = 0x00210296
OS|Android|0.0.0 Linux 4.4.124+ #1 SMP PREEMPT Sun Nov 4 14:31:25 UTC 2018 i686
CPU|x86|GenuineIntel family 6 model 6 stepping 3|4
GPU|||
Crash|SIGSEGV|0xf56b78e3|13
13|0|libxul.so|mozilla::PresShell::ScrollFrameRectIntoView(nsIFrame*, nsRect const&, mozilla::ScrollAxis, mozilla::ScrollAxis, mozilla::ScrollFlags)|hg:hg.mozilla.org/mozilla-central:layout/base/PresShell.cpp:3c70f36ad62c9c714db3199fc00e60800ee82bde|3550|0x7
13|1|libxul.so|nsListControlFrame::ScrollToFrame(mozilla::dom::HTMLOptionElement&)|hg:hg.mozilla.org/mozilla-central:layout/forms/nsListControlFrame.cpp:3c70f36ad62c9c714db3199fc00e60800ee82bde|1816|0x1a
13|2|libxul.so|nsListControlFrame::ScrollToIndex(int)|hg:hg.mozilla.org/mozilla-central:layout/forms/nsListControlFrame.cpp:3c70f36ad62c9c714db3199fc00e60800ee82bde|1806|0x14
13|3|libxul.so|non-virtual thunk to nsListControlFrame::OnOptionSelected(int, bool)|hg:hg.mozilla.org/mozilla-central:layout/forms/nsListControlFrame.cpp:3c70f36ad62c9c714db3199fc00e60800ee82bde|0|0x2c
13|4|libxul.so|mozilla::dom::HTMLSelectElement::OnOptionSelected(nsISelectControlFrame*, int, bool, bool, bool)|hg:hg.mozilla.org/mozilla-central:dom/html/HTMLSelectElement.cpp:3c70f36ad62c9c714db3199fc00e60800ee82bde|669|0xf
13|5|libxul.so|mozilla::dom::HTMLSelectElement::SetOptionsSelectedByIndex(int, int, unsigned int)|hg:hg.mozilla.org/mozilla-central:dom/html/HTMLSelectElement.cpp:3c70f36ad62c9c714db3199fc00e60800ee82bde|800|0x25
13|6|libxul.so|mozilla::dom::HTMLOptionElement::SetSelected(bool)|hg:hg.mozilla.org/mozilla-central:dom/html/HTMLOptionElement.cpp:3c70f36ad62c9c714db3199fc00e60800ee82bde|106|0x9
13|7|libxul.so|mozilla::dom::HTMLOptionElement_Binding::set_selected(JSContext*, JS::Handle<JSObject*>, mozilla::dom::HTMLOptionElement*, JSJitSetterCallArgs)|s3:gecko-generated-sources:6465919b3fc3729e4b0d657d4a372e0d7357c8bc1cd26be69e5d04ede672887704c5e2ea7eefcf286c6f9fb3ea0b1d29f24c13187e7be10eaa73a0b0e72977ef/dom/bindings/HTMLOptionElementBinding.cpp:|425|0xe
13|8|libxul.so|bool mozilla::dom::binding_detail::GenericSetter<mozilla::dom::binding_detail::NormalThisPolicy>(JSContext*, unsigned int, JS::Value*)|hg:hg.mozilla.org/mozilla-central:dom/bindings/BindingUtils.cpp:3c70f36ad62c9c714db3199fc00e60800ee82bde|3106|0x2b
13|9|libxul.so|CallJSNative(JSContext*, bool (*)(JSContext*, unsigned int, JS::Value*), JS::CallArgs const&)|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:3c70f36ad62c9c714db3199fc00e60800ee82bde|443|0x16
13|10|libxul.so|js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct)|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:3c70f36ad62c9c714db3199fc00e60800ee82bde|535|0xd
13|11|libxul.so|InternalCall(JSContext*, js::AnyInvokeArgs const&)|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:3c70f36ad62c9c714db3199fc00e60800ee82bde|590|0x17
13|12|libxul.so|js::CallSetter(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::Handle<JS::Value>)|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:3c70f36ad62c9c714db3199fc00e60800ee82bde|744|0x37
13|13|libxul.so|SetExistingProperty(JSContext*, JS::Handle<JS::PropertyKey>, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::Handle<js::NativeObject*>, JS::Handle<JS::PropertyResult>, JS::ObjectOpResult&)|hg:hg.mozilla.org/mozilla-central:js/src/vm/NativeObject.cpp:3c70f36ad62c9c714db3199fc00e60800ee82bde|2879|0x44
13|14|libxul.so|bool js::NativeSetProperty<(js::QualifiedBool)1>(JSContext*, JS::Handle<js::NativeObject*>, JS::Handle<JS::PropertyKey>, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::ObjectOpResult&)|hg:hg.mozilla.org/mozilla-central:js/src/vm/NativeObject.cpp:3c70f36ad62c9c714db3199fc00e60800ee82bde|2908|0x31
13|15|libxul.so|Interpret(JSContext*, js::RunState&)|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:3c70f36ad62c9c714db3199fc00e60800ee82bde|2847|0x123
13|16|libxul.so|js::RunScript(JSContext*, js::RunState&)|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:3c70f36ad62c9c714db3199fc00e60800ee82bde|423|0x7
13|17|libxul.so|js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct)|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:3c70f36ad62c9c714db3199fc00e60800ee82bde|563|0xd
13|18|libxul.so|InternalCall(JSContext*, js::AnyInvokeArgs const&)|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:3c70f36ad62c9c714db3199fc00e60800ee82bde|590|0x17
13|19|libxul.so|<name omitted>|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:3c70f36ad62c9c714db3199fc00e60800ee82bde|606|0x7
13|20|libxul.so|JS::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>)|hg:hg.mozilla.org/mozilla-central:js/src/jsapi.cpp:3c70f36ad62c9c714db3199fc00e60800ee82bde|2647|0x51
13|21|libxul.so|mozilla::dom::EventHandlerNonNull::Call(JSContext*, JS::Handle<JS::Value>, mozilla::dom::Event&, JS::MutableHandle<JS::Value>, mozilla::ErrorResult&)|s3:gecko-generated-sources:07034a91c20d743b6b1cb0050fb45856e506111933106e79effdb8dcee60d394334ccec99923dca240d02a8a2423627e46882951c1689b39a2e7f0665bac7e9b/dom/bindings/EventHandlerBinding.cpp:|267|0x24
13|22|libxul.so|void mozilla::dom::EventHandlerNonNull::Call<nsCOMPtr<mozilla::dom::EventTarget> >(nsCOMPtr<mozilla::dom::EventTarget> const&, mozilla::dom::Event&, JS::MutableHandle<JS::Value>, mozilla::ErrorResult&, char const*, mozilla::dom::CallbackObject::ExceptionHandling, JS::Realm*)|s3:gecko-generated-sources:400f5854eaa0ecaed3e4b6de4ef056ff5ed59f33939cee029fcff1b03eeff195f4c1df1e3e5019f96bbe28beb9ac8b7f3c48e72df24fb254eded6e83edd51671/dist/include/mozilla/dom/EventHandlerBinding.h:|363|0x34
13|23|libxul.so|mozilla::JSEventHandler::HandleEvent(mozilla::dom::Event*)|hg:hg.mozilla.org/mozilla-central:dom/events/JSEventHandler.cpp:3c70f36ad62c9c714db3199fc00e60800ee82bde|205|0x50
13|24|libxul.so|mozilla::EventListenerManager::HandleEventSubType(mozilla::EventListenerManager::Listener*, mozilla::dom::Event*, mozilla::dom::EventTarget*)|hg:hg.mozilla.org/mozilla-central:dom/events/EventListenerManager.cpp:3c70f36ad62c9c714db3199fc00e60800ee82bde|1045|0xc
13|25|libxul.so|mozilla::EventListenerManager::HandleEventInternal(nsPresContext*, mozilla::WidgetEvent*, mozilla::dom::Event**, mozilla::dom::EventTarget*, nsEventStatus*, bool)|hg:hg.mozilla.org/mozilla-central:dom/events/EventListenerManager.cpp:3c70f36ad62c9c714db3199fc00e60800ee82bde|1240|0x1f
13|26|libxul.so|mozilla::EventTargetChainItem::HandleEvent(mozilla::EventChainPostVisitor&, mozilla::ELMCreationDetector&)|hg:hg.mozilla.org/mozilla-central:dom/events/EventDispatcher.cpp:3c70f36ad62c9c714db3199fc00e60800ee82bde|349|0x18
13|27|libxul.so|mozilla::EventTargetChainItem::HandleEventTargetChain(nsTArray<mozilla::EventTargetChainItem>&, mozilla::EventChainPostVisitor&, mozilla::EventDispatchingCallback*, mozilla::ELMCreationDetector&)|hg:hg.mozilla.org/mozilla-central:dom/events/EventDispatcher.cpp:3c70f36ad62c9c714db3199fc00e60800ee82bde|551|0x18
13|28|libxul.so|mozilla::EventDispatcher::Dispatch(nsISupports*, nsPresContext*, mozilla::WidgetEvent*, mozilla::dom::Event*, nsEventStatus*, mozilla::EventDispatchingCallback*, nsTArray<mozilla::dom::EventTarget*>*)|hg:hg.mozilla.org/mozilla-central:dom/events/EventDispatcher.cpp:3c70f36ad62c9c714db3199fc00e60800ee82bde|1047|0x23
13|29|libxul.so|nsDocumentViewer::LoadComplete(nsresult)|hg:hg.mozilla.org/mozilla-central:layout/base/nsDocumentViewer.cpp:3c70f36ad62c9c714db3199fc00e60800ee82bde|1104|0x29
13|30|libxul.so|nsDocShell::EndPageLoad(nsIWebProgress*, nsIChannel*, nsresult)|hg:hg.mozilla.org/mozilla-central:docshell/base/nsDocShell.cpp:3c70f36ad62c9c714db3199fc00e60800ee82bde|6641|0x17
13|31|libxul.so|nsDocShell::OnStateChange(nsIWebProgress*, nsIRequest*, unsigned int, nsresult)|hg:hg.mozilla.org/mozilla-central:docshell/base/nsDocShell.cpp:3c70f36ad62c9c714db3199fc00e60800ee82bde|6441|0x16
13|32|libxul.so|non-virtual thunk to nsDocShell::OnStateChange(nsIWebProgress*, nsIRequest*, unsigned int, nsresult)|hg:hg.mozilla.org/mozilla-central:docshell/base/nsDocShell.cpp:3c70f36ad62c9c714db3199fc00e60800ee82bde|0|0x2e
13|33|libxul.so|nsDocLoader::DoFireOnStateChange(nsIWebProgress*, nsIRequest*, int&, nsresult)|hg:hg.mozilla.org/mozilla-central:uriloader/base/nsDocLoader.cpp:3c70f36ad62c9c714db3199fc00e60800ee82bde|1313|0x25
13|34|libxul.so|nsDocLoader::doStopDocumentLoad(nsIRequest*, nsresult)|hg:hg.mozilla.org/mozilla-central:uriloader/base/nsDocLoader.cpp:3c70f36ad62c9c714db3199fc00e60800ee82bde|872|0x2e
13|35|libxul.so|nsDocLoader::DocLoaderIsEmpty(bool)|hg:hg.mozilla.org/mozilla-central:uriloader/base/nsDocLoader.cpp:3c70f36ad62c9c714db3199fc00e60800ee82bde|710|0x13
13|36|libxul.so|nsDocLoader::OnStopRequest(nsIRequest*, nsresult)|hg:hg.mozilla.org/mozilla-central:uriloader/base/nsDocLoader.cpp:3c70f36ad62c9c714db3199fc00e60800ee82bde|598|0xf
13|37|libxul.so|non-virtual thunk to nsDocLoader::OnStopRequest(nsIRequest*, nsresult)|hg:hg.mozilla.org/mozilla-central:uriloader/base/nsDocLoader.cpp:3c70f36ad62c9c714db3199fc00e60800ee82bde|0|0x26
13|38|libxul.so|mozilla::net::nsLoadGroup::RemoveRequest(nsIRequest*, nsISupports*, nsresult)|hg:hg.mozilla.org/mozilla-central:netwerk/base/nsLoadGroup.cpp:3c70f36ad62c9c714db3199fc00e60800ee82bde|568|0x21
13|39|libxul.so|mozilla::dom::Document::DoUnblockOnload()|hg:hg.mozilla.org/mozilla-central:dom/base/Document.cpp:3c70f36ad62c9c714db3199fc00e60800ee82bde|8012|0x27
13|40|libxul.so|mozilla::dom::nsUnblockOnloadEvent::Run()|hg:hg.mozilla.org/mozilla-central:dom/base/Document.cpp:3c70f36ad62c9c714db3199fc00e60800ee82bde|7968|0x13
13|41|libxul.so|nsThread::ProcessNextEvent(bool, bool*)|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThread.cpp:3c70f36ad62c9c714db3199fc00e60800ee82bde|1180|0x16
13|42|libxul.so|NS_ProcessNextEvent(nsIThread*, bool)|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThreadUtils.cpp:3c70f36ad62c9c714db3199fc00e60800ee82bde|486|0x11
13|43|libxul.so|mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*)|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessagePump.cpp:3c70f36ad62c9c714db3199fc00e60800ee82bde|88|0xd
13|44|libxul.so|MessageLoop::RunInternal()|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:3c70f36ad62c9c714db3199fc00e60800ee82bde|315|0x16
13|45|libxul.so|MessageLoop::Run()|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:3c70f36ad62c9c714db3199fc00e60800ee82bde|290|0xb
13|46|libxul.so|nsBaseAppShell::Run()|hg:hg.mozilla.org/mozilla-central:widget/nsBaseAppShell.cpp:3c70f36ad62c9c714db3199fc00e60800ee82bde|137|0xe
13|47|libxul.so|nsAppStartup::Run()|hg:hg.mozilla.org/mozilla-central:toolkit/components/startup/nsAppStartup.cpp:3c70f36ad62c9c714db3199fc00e60800ee82bde|276|0x18
13|48|libxul.so|XREMain::XRE_mainRun()|hg:hg.mozilla.org/mozilla-central:toolkit/xre/nsAppRunner.cpp:3c70f36ad62c9c714db3199fc00e60800ee82bde|4548|0x10
13|49|libxul.so|XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&)|hg:hg.mozilla.org/mozilla-central:toolkit/xre/nsAppRunner.cpp:3c70f36ad62c9c714db3199fc00e60800ee82bde|4686|0x8
13|50|libxul.so|XRE_main(int, char**, mozilla::BootstrapConfig const&)|hg:hg.mozilla.org/mozilla-central:toolkit/xre/nsAppRunner.cpp:3c70f36ad62c9c714db3199fc00e60800ee82bde|4767|0xf
13|51|libxul.so|GeckoStart|hg:hg.mozilla.org/mozilla-central:toolkit/xre/nsAndroidStartup.cpp:3c70f36ad62c9c714db3199fc00e60800ee82bde|47|0xd
13|52|libxul.so|mozilla::BootstrapImpl::GeckoStart(_JNIEnv*, char**, int, mozilla::StaticXREAppData const&)|hg:hg.mozilla.org/mozilla-central:toolkit/xre/Bootstrap.cpp:3c70f36ad62c9c714db3199fc00e60800ee82bde|77|0x11
13|53|libmozglue.so|Java_org_mozilla_gecko_mozglue_GeckoLoader_nativeRun|hg:hg.mozilla.org/mozilla-central:mozglue/android/APKOpen.cpp:3c70f36ad62c9c714db3199fc00e60800ee82bde|372|0x2a
13|54|libart.so||||0x634318
Flags: in-testsuite?
|
Assignee | |
Updated•6 years ago
|
Flags: needinfo?(emilio)
|
|
Assignee | |
Comment 1•6 years ago
|
||
Can't repro locally, any particular pref that's needed?
Flags: needinfo?(emilio) → needinfo?(twsmith)
|
|
Assignee | |
Comment 3•6 years ago
|
||
Yup, I'll try to set it up next week or such, apparently this is Android-specific.
Flags: needinfo?(emilio)
|
|
Assignee | |
Comment 4•6 years ago
|
||
Where to even start. This is the caret code again. Diagnostics in a second.
Assignee: nobody → emilio
Flags: needinfo?(emilio)
|
|
Assignee | |
Comment 5•6 years ago
|
||
Also I'm pretty sure this is frame poisoning.
|
|
Assignee | |
Comment 6•6 years ago
|
||
ScrollToShowRect already considers that possibility, so not doing it on the
caller is a bug.
Ideally scroll observers shouldn't be able to run script, more to that in a
second.
|
|
Assignee | |
Comment 7•6 years ago
|
||
There are four caret events in there. The last one is the problematic one, that ends up running the ActionBarHandler.jsm code, and flushing layout via the Selection stringifier.
|
|
Assignee | |
Comment 8•6 years ago
|
||
Instead, post the event for the next turn of the event loop.
In this case, what killed the frame is ActionBarHandler.jsm via
Selection.toString().
Depends on D31088
|
|
Assignee | |
Comment 9•6 years ago
|
||
I think these should hold, everything that runs under them should just schedule
other stuff to some later date:
- Synth mouse events -> scheduled as refresh driver observers.
- Scroll events -> Scheduled as well.
- Caret state change events -> Also scheduled after last patch.
- IME and accessibility stuff -> I don't think they can reenter layout.
We can always revert this if it causes troubles, plus it shouldn't crash on
release so should be fine.
Depends on D31089
|
||
Comment 10•6 years ago
|
||
This one looks like fun too: bp-43903a6c-d68c-40ee-958b-c476e0190508
|
|
Assignee | |
Comment 11•6 years ago
|
||
Yeah, that one's known, bug 1530190
|
||
Updated•6 years ago
|
Keywords: sec-moderate
|
||
Comment 12•6 years ago
|
||
This was pushed to autoland but backed out for testAccessibleCarets.js robocop failures.
https://hg.mozilla.org/integration/autoland/rev/c81a6ac1b8941c4e2d3e596e9f172f8d255ac721
Flags: needinfo?(emilio)
|
|
Assignee | |
Comment 13•6 years ago
|
||
Ting-Yu, do you know how can I run those tests locally? I think those tests just need to wait for a tick sometime now.
Flags: needinfo?(aethanyc)
A long time ago, I followed https://wiki.mozilla.org/Auto-tools/Projects/Robocop, and executed ./mach robocop testAccessibleCarets. I was able to run it in android emulator locally.
Today, I run it again. I hit bug 1552964 as well as this error.
Automation Error: No crash directory (/sdcard/tests/profile/minidumps) found on remote device
0:26.85 ERROR runApp() exited with code 1
0:27.31 INFO PROCESS-CRASH | Automation Error: Missing end of test marker (process crashed?)
I didn't dig deeper to tell whether it was my local issue or not. Maybe you'll have luck running it either in emulator or in real device.
Flags: needinfo?(aethanyc)
|
|
Assignee | |
Comment 15•6 years ago
|
||
I'll land all patches but the first in a separate batch and separate bug for
regression tracking purposes.
|
|
Assignee | |
Comment 16•6 years ago
|
||
Waiting on review of the test fix, this can land afterwards, though I'll probably land the three later patches in a separate bug.
Flags: needinfo?(emilio)
|
||
Comment 17•6 years ago
|
||
Comment on attachment 9064795 [details]
Bug 1549812 - Don't run arbitrary script from AccessibleCaretManager callbacks. r=TYLin
Revision D31089 was moved to bug 1553772. Setting attachment 9064795 [details] to obsolete.
Attachment #9064795 -
Attachment is obsolete: true
|
|
||
Comment 18•6 years ago
|
||
Comment on attachment 9064796 [details]
Bug 1549812 - Try to assert a bit harder about stuff not flushing under our nose. r=TYLin,mats
Revision D31090 was moved to bug 1553772. Setting attachment 9064796 [details] to obsolete.
Attachment #9064796 -
Attachment is obsolete: true
|
|
||
Comment 19•6 years ago
|
||
Comment on attachment 9066823 [details]
Bug 1549812 - fix testAccessibleCarets.js to account for more async event dispatching. r=TYLin
Revision D32194 was moved to bug 1553772. Setting attachment 9066823 [details] to obsolete.
Attachment #9066823 -
Attachment is obsolete: true
|
||
Comment 20•6 years ago
|
||
https://hg.mozilla.org/integration/autoland/rev/c2327979957d727efdea1d7f87d9f044aace1da8
https://hg.mozilla.org/mozilla-central/rev/c2327979957d
Group: layout-core-security → core-security-release
Status: NEW → RESOLVED
Closed: 6 years ago
status-firefox69:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla69
|
|
Assignee | |
Comment 22•6 years ago
|
||
Comment on attachment 9064793 [details]
Bug 1549812 - ScrollFrameRectIntoView should handle the frame going away. r=mats
Beta/Release Uplift Approval Request
- User impact if declined: Potential crash on Android.
- Is this code covered by automated tests?: Yes
- Has the fix been verified in Nightly?: No
- Needs manual test from QE?: Yes
- If yes, steps to reproduce: Open test-case on Fennec.
- List of other uplifts needed: None
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): Just a missing check.
- String changes made/needed: none
Flags: needinfo?(emilio)
Attachment #9064793 -
Flags: approval-mozilla-beta?
|
|
Assignee | |
Updated•6 years ago
|
Flags: qe-verify+
|
||
Comment 23•6 years ago
|
||
Comment on attachment 9064793 [details]
Bug 1549812 - ScrollFrameRectIntoView should handle the frame going away. r=mats
android crash fix, approved for 68.0b5
Attachment #9064793 -
Flags: approval-mozilla-beta? → approval-mozilla-beta+
|
|
||
Comment 24•6 years ago
|
||
| uplift | ||
|
||
Comment 25•6 years ago
|
||
Verified as fixed on the latest version of Nightly 68.0a1 (2019-05-26) using Samsung Galaxy Tab S3 (Android 8.0). I'll let the qe-verify flag till the verification on Beta, thanks.
|
|
||
Updated•6 years ago
|
QA Whiteboard: [qa-triaged]
|
|
||
Comment 26•6 years ago
|
||
Verified as fixed on Beta 68.0b5 using Samsung Galaxy Note 8 (Android 9). Due to my findings, I'll remove the qe-verify flag, thanks.
|
|
||
Updated•6 years ago
|
status-firefox67:
--- → wontfix
status-firefox-esr60:
--- → unaffected
|
||
Updated•5 years ago
|
QA Whiteboard: [qa-triaged] → [qa-triaged][adv-main68-]
|
|
||
Updated•5 years ago
|
QA Whiteboard: [qa-triaged][adv-main68-] → [qa-triaged]
Whiteboard: [adv-main68-]
|
|
||
Updated•5 years ago
|
Group: core-security-release
You need to log in
before you can comment on or make changes to this bug.
Description
•