Prior to the release of Firefox 220.127.116.11 a minor security issue was discovered in the drawImage method in the Canvas API. This particular method takes an image (in the form of an IMG DOM Element), extracts the image data, and puts it into the Canvas at the desired points. If you’re interested in seeing what this method does (and aren’t running 18.104.22.168) then visit the Mozilla developer demo. The issue was that if the image was corrupted in some way, drawImage would still try to read data from it and display random bits of memory instead (oops).
This was fixed and two attachments were uploaded resolving this bug. However, that’s where the issue came in. When it came time to commit the changes, only the first patch landed (by mistake) which caused drawImage to become all wonky. Coupled by the fact that there wasn’t an immediate regression test in place to notice the obvious error. (That being said, we’re getting much better – going from very few automated tests about a year ago, to tens of thousands now.)
Nov. 26: Firefox 22.214.171.124 is released, Canvas.drawImage method is not working
Canvas users (both web applications and Firefox extensions) start to notice the following error pop up:
uncaught exception: [Exception… “Component returned failure code: 0x80040111 (NS_ERROR_NOT_AVAILABLE) [nsIDOMCanvasRenderingContext2D.drawImage]” nsresult: “0x80040111 (NS_ERROR_NOT_AVAILABLE)” location: “JS frame :: drawImage.html :: anonymous :: line 12″ data: no]
The obvious bug is spotted and the patch is landed. The question then became: How serious is this? In a nutshell: Very serious. A number of critical applications were using this functionality to draw parts of their UIs and having this fail made them unusable. Thus, the new question was: How fast can we get it out? The answer:
Nov. 29: Firefox 126.96.36.199 is released, fastest turnaround for a browser, yet.
So that’s why you’re seeing two browser updates in one week. It was a big mistake, but thankfully it was caught quickly, fixed quickly, and released quickly. And in the end, it’ll be a good thing, as I’m sure it’ll get some more regression tests landed in the suite.