If bug 64419 is fixed, svg/dom/use-style-recalc-script-execute-crash.html will start crashing.
The problem is that the parser yields after parsing the second </script>, but before executing it. The parser is yielding to allow the first paint to occur. When the parser yields, recalcStyle() will process the <svg use> tag and build a shadow DOM for it. The shadow DOM clones the elements from the main DOM. This includes the parsed, but un-executed, second script. The cloned script will execute, because its m_alreadyStarted is false, when it's inserted in the shadow DOM. When control returns to the parser, it will execute the original script. So, we'll have executed the same block of script twice.
Bug 78902 fixes this problem as well. The shadow tree is no more constructed on recalcStyle() time.
*** This bug has been marked as a duplicate of bug 78902 ***