Description of problem: Scrolling down page at the following URL makes firefox crash with a heap corruption error. URL: http://blog.rp.pl/haszczynski/2008/01/13/czy-tajwan-bedzie-mniej-tajwanski/ Version-Release number of selected component (if applicable): firefox-2.0.0.10-3.fc8 How reproducible: Always. Steps to Reproduce: 1. Visit the URL cited above. 2. Start scrolling the page down, I usually use arrow keys. Actual results: firefox reports heap corruption and quits. Expected results: firefox allows to read the page. Additional info: running firefox with MALLOC_CHECK_=2 suggests that there is some invalid free involved.
Created attachment 291575 [details] stack trace when running firefox under gdb with MALLOC_CHECK_ set.
At this point, we're going to only be taking security fixes and major stability fixes into this release of Fedora. However, we still want to ensure the bug is fixed in the next version. We'd appreciate if you could test Firefox 3, available at http://www.mozilla.com/en-US/firefox/all-beta.html or now shipping as the default in Fedora rawhide and provide feedback as to whether it still exists so we can file a ticket upstream to try to fix it in Firefox 3 before it is released.
The problem is still there in firefox-2.0.0.12-1.fc8 but firefox-3 downloaded from the location specified above does not display this erroneous behavior.
Since there are insufficient details provided in this report for us to investigate the issue further, and we have not received feedback to the information we have requested above, we will assume the problem was not reproducible, or has been fixed in one of the updates we have released for the reporter's distribution. Users who have experienced this problem are encouraged to upgrade to the latest update of their distribution, and if this issue turns out to still be reproducible in the latest update, please reopen this bug with additional information. Closing as INSUFFICIENT_DATA. [This is a mass-closing request, if you think that this bug shouldn't be closed, please, reopen with additional information.]
The bug is still present in the most recent release of this program for F8, that is firefox-2.0.0.13-1.fc8
BTW, the bug is trivially reproduced. Please actually do pay attention to the information provided by the reporters.
Fixed in F9/FF3 so closing as RAWHIDE.