Bugzilla@Mozilla – Bug 594760
activeContent in nsEventStateManager::PostHandleEvent looks unsafe
Last modified: 2010-10-30 18:13:17 PDT
Summon comment box
Created attachment 473527 [details] [review] patch The variable is nsIContent*, but scripts may run before it is used. I don't have a testcase, but based on code this might lead to crash when using image maps and deleting the image element when it gets focus. Or something like that.
Comment on attachment 473527 [details] [review] patch Approved for 1.9.2.11 and 1.9.1.14, a=dveditz
http://hg.mozilla.org/mozilla-central/rev/99aa53d645ca http://hg.mozilla.org/releases/mozilla-1.9.1/rev/2d8e67f58719 http://hg.mozilla.org/releases/mozilla-1.9.2/rev/b48f479bfc99