关键信息 漏洞描述 摘要: "This is unsafe! Fix the caller!" and more with mutation events, XBL, contenteditable 类型: defect 产品: Core 组件: DOM: editor 平台: x86 macos 优先级: Not set 严重性: normal 状态 状态: RESOLVED FIXED 里程碑: mozilla1.9.3a5 跟踪标志: - blocking2.0: final+ - blocking1.9.2: .9-fixed - status1.9.1: wanted 解决方案 关联补丁: Fixes all assertions and seems regression-free. 回归风险: Patch tested for some time, seems safe. 附录 Testcase: TestCase attached with issue, involves XBL. 备注: - Issue related to contenteditable events, XBL, and contenteditable elements. - Security-sensitive bug affecting XBL binding handling, especially when encountering malformed XBL files. 测试结果: No assertion errors after applying the patch.