Bug ID: 749039 Summary: Assertion failure: addr % Cell::CellSize == 0, at ../jsgc.h:859 or Crash [@ js::gc::Cell::compartment] Status: Closed, RESOLVED FIXED Product: Core Component: JavaScript Engine Platform: x86 Linux Severity: Critical Patch: Patch attached and reviewed positively. Affected Versions: - Firefox 12: Not affected - Firefox 13: Affected - Firefox 14: Affected - Firefox 15: Fixed Backtrace: Provided, indicating a segmentation fault in js::gc::Cell::compartment. Keywords: sec-critical Target Milestone: mozilla15 Group: core-security Key Points: The bug causes an assertion failure or crash related to JavaScript Engine's Garbage Collection (GC). Affects specific versions of Firefox (13, 14, 15) critically on Linux platform. Patch was developed and verified, fixing the issue in a debug build context, possibly related to stack pointer issues in the interpreter and methodjit.