Crash at g_dbus_connection_call_internal()
There's plenty of Firefox crashes caused by DBus like this one:
https://crash-stats.mozilla.org/report/index/093c06fe-19af-409c-bd09-e07480231106
https://bugzilla.mozilla.org/show_bug.cgi?id=1834219
0 libgio-2.0.so.0 g_dbus_connection_call_internal gio/gdbusconnection.c:5922
1 libgio-2.0.so.0 g_dbus_proxy_call_internal gio/gdbusproxy.c:2714
2 libgio-2.0.so.0 g_dbus_proxy_call gio/gdbusproxy.c:2955
3 libxul.so mozilla::widget::DBusProxyCall widget/gtk/AsyncDBus.cpp:56
I my reading of gio/gdbusconnection.c:5922 is correct it's UAF here:
g_return_if_fail (G_IS_DBUS_CONNECTION (connection));
Looks like proxy->priv->connection is released while Firefox still owns and use the object. Note that we track such crashes from various Firefox components and also from external libraries like libnotify or gnomevfs components.