Comment 9 for bug 69719

This seems like a security vulnerability, however, I am not sure whether it is know or not. If you have time, perhaps you could try to look it up in https://launchpad.net/distros/ubuntu/+source/firefox/+bugs

or upstream in https://bugzilla.mozilla.org

Try using parts of the testcase to find it:

range = document.createRange();
range.selectNode(document.firstChild);
range.createContextualFragment('<span></span>');