| 1306915
|
|
This web page only in Firefox cause short duration huge memory use?
|
Core
|
Graphics: ImageLib
|
aosmond
|
NEW
|
---
|
2022-10-11
|
| 1409998
|
|
Firefox freezes modifying SQL command on Adminer.org
|
Core
|
DOM: Events
|
nobody
|
NEW
|
---
|
2022-12-08
|
| 1471029
|
|
High cpu/gpu usage and hangs on page-http://telegra.ph/Telegram-X-03-26 & other pages
|
Core
|
Audio/Video: Playbac
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1248500
|
|
Dropdown menu buttons will not depress
|
Core
|
Widget: Win32
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1346649
|
|
Ignore scaling Print option working opposite of expected on Mac OSX
|
Core
|
Printing: Setup
|
haftandilian
|
NEW
|
---
|
2022-10-11
|
| 1430196
|
|
input type file and not working focus via TAB key in CSS
|
Core
|
Layout: Form Control
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1307833
|
|
[meta] Grayscale antialiasing instead of subpixel antialiasing is still used in some places on Mozilla Firefox Nightly 52.0a1 (2016-10-05)
|
Core
|
Graphics: Text
|
mstange.moz
|
ASSI
|
---
|
2022-10-31
|
| 1422631
|
|
suspect cubeb_data_callback called from refill_callback_duplex() while stream is draining
|
Core
|
Audio/Video: cubeb
|
achronop
|
RESO
|
FIXE
|
2018-11-05
|
| 1337418
|
|
Crash in nsACString_internal::Assign | nsACString_internal::Assign | mozilla::media::OriginKeyStore::OriginKeysTable::GetOriginKey
|
Core
|
WebRTC: Audio/Video
|
amarchesini
|
RESO
|
FIXE
|
2017-10-26
|
| 1404105
|
|
Crash in AsyncShutdownTimeout | Places Clients shutdown | sanitize.js: Sanitize,sanitize.js: Sanitize on shutdown
|
Core
|
Storage: Quota Manag
|
amarchesini
|
RESO
|
FIXE
|
2021-08-14
|
| 1452576
|
|
Crash [@ get] with StructuredCloneHolder ending up in [@ mozilla::dom::ImageBitmap::CreateFromCloneData] although DifferentProcess
|
Core
|
DOM: Core & HTML
|
amarchesini
|
RESO
|
FIXE
|
2021-10-06
|
| 1319403
|
|
deleting session cookies
|
Core
|
Networking: Cookies
|
amchung
|
RESO
|
FIXE
|
2018-12-02
|
| 1325052
|
|
Assertion failure: !elements[i].isMarkable(), at /home/andre/hg/mozilla-inbound/js/src/gc/Marking.cpp:1607
|
Core
|
JavaScript Engine
|
andrebargull
|
RESO
|
FIXE
|
2017-11-03
|
| 1406398
|
|
Assertion failure: MOZ_ASSERT(isNative()) in in js::NativeObject::lookup
|
Core
|
JavaScript Engine
|
andrebargull
|
RESO
|
FIXE
|
2018-08-28
|
| 1360334
|
|
Crash in mozilla::MediaStreamGraph::NotifyOutputData since Firefox 49
|
Core
|
Audio/Video: MediaSt
|
apehrson
|
RESO
|
FIXE
|
2018-02-01
|
| 1344034
|
|
A single RWX page is getting allocated on Windows
|
Core
|
Security
|
arthuredelstein
|
RESO
|
FIXE
|
2024-05-30
|
| 1426087
|
|
Crash due to MOZ_RELEASE_ASSERT in nsDocumentViewer::~nsDocumentViewer
|
Core
|
Layout
|
bobowencode
|
RESO
|
FIXE
|
2018-08-28
|
| 1451376
|
|
Use after free in ContentParent::AllocPPrintingParent
|
Core
|
Printing: Output
|
bobowencode
|
RESO
|
FIXE
|
2021-11-18
|
| 1395598
|
|
Intermittent AddressSanitizer: stack-buffer-overflow on address 0x7fd63cf0da90 at pc 0x7fd650221486 bp 0x7fd63e932b40 sp 0x7fd63e932b38
|
Core
|
DOM: Core & HTML
|
bugmail
|
RESO
|
FIXE
|
2020-02-28
|
| 1442328
|
|
Crash in MessageBuilder::WriteCacheResponse
|
Core
|
Disability Access AP
|
bugzilla
|
RESO
|
DUPL
|
2019-05-24
|
| 1371863
|
|
Questionable looking calls to UnwrapReflectorToISupports()
|
Core
|
XPConnect
|
bzbarsky
|
RESO
|
FIXE
|
2018-02-01
|
| 1338009
|
|
Utils#deserializePrincipal should return NullPrincipal if deserialization fails
|
Core
|
DOM: Security
|
ckerschb
|
RESO
|
FIXE
|
2017-04-23
|
| 1377426
|
|
Other CSP rules ignored when specifying sandbox 'allow-scripts'
|
Core
|
DOM: Security
|
ckerschb
|
RESO
|
FIXE
|
2024-05-30
|
| 1396320
|
|
allow-same-origin capability always granted in CSP sandbox directive
|
Core
|
DOM: Security
|
ckerschb
|
RESO
|
FIXE
|
2024-05-30
|
| 1339259
|
|
Crash in mozilla::widget::AudioSession::OnSessionDisconnectedInternal
|
Core
|
Widget: Win32
|
davidp99
|
RESO
|
FIXE
|
2018-08-28
|
| 1353216
|
|
certificate transparency signature verifications negatively impact TLS handshake performance
|
Core
|
Security: PSM
|
dkeeler
|
RESO
|
FIXE
|
2018-03-20
|
| 1368652
|
|
GetDefaultOIDFormat: buffer overflow caused by long OIDs
|
Core
|
Security: PSM
|
dkeeler
|
RESO
|
FIXE
|
2018-02-01
|
| 1368868
|
|
re-think strictness of OCSP stapling given that other browsers aren't as strict
|
Core
|
Security: PSM
|
dkeeler
|
RESO
|
FIXE
|
2018-10-15
|
| 1368870
|
|
the changes made by the bugs tracked by bug 1197205 may have introduced a number of buffer overflows
|
Core
|
Security
|
dkeeler
|
RESO
|
FIXE
|
2018-08-28
|
| 1369561
|
|
misc potentially unsafe snprintf and related calls
|
Core
|
Security
|
dkeeler
|
RESO
|
FIXE
|
2018-08-28
|
| 1411458
|
|
type confusion in VerifyCMSDetachedSignatureIncludingCertificate (potential RCE in parent process)
|
Core
|
Security: PSM
|
dkeeler
|
RESO
|
FIXE
|
2018-09-11
|
| 1408631
|
|
Crash in shutdownhang | nsThread::Shutdown | nsUrlClassifierDBService::Shutdown
|
Toolkit
|
Safe Browsing
|
dlee
|
RESO
|
FIXE
|
2018-01-16
|
| 1368030
|
|
Intermittent dom/media/tests/mochitest/test_getUserMedia_basicScreenshare.html | application terminated with exit code 5
|
Core
|
WebRTC: Audio/Video
|
dminor
|
RESO
|
FIXE
|
2018-02-01
|
| 1414829
|
|
IntermittentGECKO(3199) | SUMMARY: AddressSanitizer: heap-use-after-free /builds/worker/workspace/build/src/clang/bin/../lib/gcc/x86_64-unknown-linux-gnu/4.9.4/../../../../include/c++/4.9.4/bits/stl_iterator.h:729:20 in __normal_iterator
|
Core
|
WebRTC: Audio/Video
|
dminor
|
RESO
|
FIXE
|
2020-02-28
|
| 1417797
|
|
UAF in H264 decoder shutdown in VCMDecodedFrameCallback::Decoded()
|
Core
|
WebRTC: Audio/Video
|
dminor
|
RESO
|
FIXE
|
2021-08-31
|
| 1458048
|
|
Likely write beyond bounds in sctp_load_addresses_from_init()
|
Core
|
WebRTC: Networking
|
dminor
|
RESO
|
FIXE
|
2024-05-30
|
| 1325513
|
|
RTP header extensions potentially read out of bounds
|
Core
|
WebRTC
|
drno
|
RESO
|
FIXE
|
2017-10-26
|
| 1372383
|
|
[Libfuzzer] Heap-buffer-overflow in sdp_parse_attr_fmtp when parsing annex p attribute
|
Core
|
WebRTC: Signaling
|
drno
|
RESO
|
FIXE
|
2020-05-19
|
| 1372467
|
|
[Libfuzzer] Heap-buffer-overflow in sdp_parse_attr_fmtp
|
Core
|
WebRTC: Signaling
|
drno
|
RESO
|
FIXE
|
2020-05-19
|
| 1384801
|
|
[LibFuzzer] SDP: global-buffer-overflow [@base64_decode]
|
Core
|
WebRTC: Signaling
|
drno
|
RESO
|
FIXE
|
2020-05-19
|
| 1426988
|
|
UAF crash in libvpx 1.6.1
|
Core
|
WebRTC: Audio/Video
|
drno
|
RESO
|
FIXE
|
2018-08-28
|
| 1464063
|
|
[LibFuzzer] SDP: global-buffer-overflow [@sdp_getchoosetok]
|
Core
|
WebRTC: Signaling
|
drno
|
RESO
|
FIXE
|
2019-08-07
|
| 1387918
|
|
heap-use-after-free in [@ mozilla::a11y::DocAccessible::DoARIAOwnsRelocation]
|
Core
|
Disability Access AP
|
eitan
|
RESO
|
FIXE
|
2018-02-01
|
| 1376036
|
|
Application Reputation checks don't cover blob: and data: URLs
|
Toolkit
|
Safe Browsing
|
francois
|
RESO
|
FIXE
|
2018-02-01
|
| 1436297
|
|
100% I/O usage with Firefox 52 ESR (safebrowsing)
|
Toolkit
|
Safe Browsing
|
francois
|
RESO
|
FIXE
|
2018-04-10
|
| 1318697
|
|
Elements disappear after sliding in
|
Core
|
DOM: Animation
|
hikezoe.birchill
|
RESO
|
FIXE
|
2017-03-31
|
| 1425520
|
|
Crash in nsPlainTextSerializer::ForgetElementForPreformat
|
Core
|
DOM: Serializers
|
hsivonen
|
RESO
|
FIXE
|
2019-08-17
|
| 1441338
|
|
Update genpgocert.py to be able to recreate the pgo/certs databases
|
Core
|
Security: PSM
|
jc
|
RESO
|
FIXE
|
2018-08-28
|
| 1400003
|
|
nsTArray copies JS::ObjectPtr with memmove
|
Core
|
JavaScript: GC
|
jcoppeard
|
RESO
|
FIXE
|
2018-08-28
|
| 1346140
|
|
Use-after-free when creating dependent strings with an external base string
|
Core
|
JavaScript Engine
|
jdemooij
|
RESO
|
FIXE
|
2024-05-30
|
| 1404636
|
|
Differential Testing: Different output message involving typed arrays
|
Core
|
JavaScript Engine: J
|
jdemooij
|
RESO
|
FIXE
|
2018-08-28
|
| 1408412
|
|
Max number of actual arguments is not checked everywhere
|
Core
|
JavaScript Engine: J
|
jdemooij
|
RESO
|
FIXE
|
2018-08-28
|
| 1412420
|
|
Crash [@ js::TypeSet::GetValueType] with invalid read
|
Core
|
JavaScript Engine
|
jdemooij
|
RESO
|
FIXE
|
2018-08-28
|
| 1444668
|
|
Write beyond bounds caused by overlarge offset in WASM assembler
|
Core
|
JavaScript Engine: J
|
jdemooij
|
RESO
|
FIXE
|
2024-05-30
|
| 1292534
|
|
flex: buffer overflow in generated code
|
Core
|
Graphics: CanvasWebG
|
jgilbert
|
RESO
|
FIXE
|
2017-10-26
|
| 1333858
|
|
SEGV in AddressIsPoisoned
|
Core
|
Graphics: CanvasWebG
|
jgilbert
|
RESO
|
FIXE
|
2024-05-30
|
| 1394265
|
|
Crash in OOM | large | NS_ABORT_OOM | nsTArray_base<T>::EnsureCapacity<T> | nsTArray_base<T>::InsertSlotsAt<T> | nsTArray_Impl<T>::SetLength<T> | mozilla::WebGLContext::InitAndValidateGL
|
Core
|
Graphics: CanvasWebG
|
jgilbert
|
RESO
|
FIXE
|
2018-08-28
|
| 1402372
|
|
heap buffer overflow in VertexBuffer9 (ANGLE)
|
Core
|
Graphics: CanvasWebG
|
jgilbert
|
RESO
|
FIXE
|
2024-05-30
|
| 1442504
|
|
Disable disjoint timer queries to prevent use as a high-precision timer
|
Core
|
Graphics: CanvasWebG
|
jgilbert
|
RESO
|
FIXE
|
2019-05-24
|
| 1395138
|
|
Crash in mozilla::layers::RenderLayers<T>
|
Core
|
Graphics: Layers
|
jnicol
|
RESO
|
FIXE
|
2018-08-28
|
| 1425612
|
|
StructuredClone crash reading invalid data
|
Core
|
JavaScript Engine
|
jorendorff
|
RESO
|
FIXE
|
2021-10-06
|
| 1426783
|
|
AddressSanitizer: heap-buffer-overflow [@ __asan_memcpy] with arbitrary WRITE in JSStructuredCloneReader
|
Core
|
JavaScript Engine
|
jorendorff
|
RESO
|
FIXE
|
2021-10-06
|
| 1357599
|
|
Upgrade Firefox 54 to NSS 3.30.2, and upgrade Firefox ESR 52.2 to NSS 3.28.5 (root CA changes, only)
|
Core
|
Security: PSM
|
kaie
|
RESO
|
FIXE
|
2023-12-11
|
| 1408276
|
|
races with LIFECYCLE_WAITING_FOR_MAIN_THREAD_CLEANUP and NotifyOutputData()
|
Core
|
Audio/Video: MediaSt
|
karlt
|
RESO
|
FIXE
|
2018-08-28
|
| 1450688
|
|
Crash [@ JS::GetRealmPrivate(JS::Realm*)]
|
Core
|
XBL
|
kmaglione+bmo
|
RESO
|
FIXE
|
2019-08-07
|
| 1411415
|
|
Initialize Values to undefined by default
|
Core
|
JavaScript Engine
|
kvijayan
|
RESO
|
FIXE
|
2018-08-28
|
| 1318070
|
|
keyword.enabled is half-broken, it's half enabled even when it's set to false
|
Firefox
|
Address Bar
|
kwierso
|
RESO
|
FIXE
|
2017-06-03
|
| 1351278
|
|
Crash on github.com with mingw-w64 compiled Firefox based on ESR 45.8.0
|
Core
|
JavaScript Engine: J
|
lhansen
|
RESO
|
FIXE
|
2017-10-26
|
| 1347262
|
|
Potential Skia overflow due to round_asymmetric_to_int bug
|
Core
|
Graphics
|
lsalzman
|
RESO
|
FIXE
|
2017-09-21
|
| 1441941
|
|
Skia and Firefox: Integer overflow in SkTDArray leading to out-of-bounds write
|
Core
|
Graphics
|
lsalzman
|
RESO
|
FIXE
|
2019-05-24
|
| 1454692
|
|
Backport relevant post-m55 Skia security fixes to ESR52
|
Core
|
Graphics
|
lsalzman
|
RESO
|
FIXE
|
2020-02-16
|
| 1437087
|
|
heap-use-after-free in [@ mozilla::EditorEventListener::UninstallFromEditor]
|
Core
|
DOM: Editor
|
m_kato
|
RESO
|
FIXE
|
2019-05-24
|
| 1348791
|
|
Unable cancel Master Password dialog. And UI deadlock until you enter the correct master password
|
Toolkit
|
Password Manager
|
mail
|
RESO
|
FIXE
|
2017-06-05
|
| 1356812
|
|
Crash in mozilla::places::Database::ForceCrashAndReplaceDatabase
|
Toolkit
|
Places
|
mak
|
RESO
|
FIXE
|
2017-09-04
|
| 1415598
|
|
Crash in nsTHashtable<T>::s_ClearEntry | PLDHashTable::RawRemove | mozilla::places::History::RegisterVisitedCallback
|
Toolkit
|
Places
|
mak
|
RESO
|
FIXE
|
2018-08-28
|
| 1340138
|
|
table use-after-free
|
Core
|
DOM: Core & HTML
|
MatsPalmgren_bugz
|
RESO
|
FIXE
|
2019-03-13
|
| 1352295
|
|
mozilla::dom::CanvasRenderingContext2D is trivially exploitable
|
Core
|
Graphics: Canvas2D
|
MatsPalmgren_bugz
|
RESO
|
FIXE
|
2017-10-26
|
| 1425780
|
|
AddressSanitizer: heap-use-after-free /builds/worker/workspace/build/src/obj-firefox/dist/include/mtransport/sigslot.h:318:13 in ~lock_block
|
Core
|
WebRTC
|
mfroman
|
RESO
|
FIXE
|
2020-02-28
|
| 1418854
|
|
Intermittent SUMMARY: AddressSanitizer: heap-use-after-free /builds/worker/workspace/build/src/netwerk/cache2/CacheFileInputStream.cpp:263:7 in CloseWithStatusLocked
|
Core
|
Networking: Cache
|
michal.novotny
|
RESO
|
FIXE
|
2020-02-28
|
| 1380426
|
|
nsWebRequestListener should be thread safe
|
WebExtensions
|
General
|
mixedpuppy
|
RESO
|
FIXE
|
2018-06-19
|
| 1404297
|
|
Crash in nsIDocument::FlushPendingLinkUpdates
|
Core
|
DOM: Core & HTML
|
mrbkap
|
RESO
|
FIXE
|
2019-03-13
|
| 1348424
|
|
Crash in objc_msgSend | TitlebarDrawCallback
|
Core
|
Widget: Cocoa
|
mstange.moz
|
RESO
|
FIXE
|
2017-10-26
|
| 1241066
|
|
getStats API always returns 1 for mozRTT
|
Core
|
WebRTC
|
na-g
|
RESO
|
FIXE
|
2017-05-05
|
| 1464829
|
|
Possible OOB read from RInstructionResults.
|
Core
|
JavaScript Engine: J
|
nicolas.b.pierron
|
RESO
|
FIXE
|
2019-08-07
|
| 1336510
|
|
lambda analysis for raw pointers misses references to |this|
|
Developer Infrastruc
|
Source Code Analysis
|
nika
|
RESO
|
FIXE
|
2022-08-17
|
| 1350649
|
|
Misleading error "Video can't be played because the file is corrupt." due to Z3C OS bug
|
Firefox for Android
|
Audio/Video
|
nobody
|
RESO
|
FIXE
|
2020-12-21
|
| 1388143
|
|
Language packs can be used to bypass extension restrictions
|
Toolkit
|
Add-ons Manager
|
nobody
|
RESO
|
WONT
|
2018-11-05
|
| 1434086
|
|
ESR version of sanitization patch from bug 1432778/1432966
|
Firefox
|
Security
|
nobody
|
RESO
|
WONT
|
2018-11-05
|
| 1340718
|
|
If a audio device (Citrix) disappears and fails on re-open attempts, output can be hung until restart
|
Core
|
Audio/Video: MediaSt
|
padenot
|
RESO
|
FIXE
|
2017-04-12
|
| 1353476
|
|
Crash in mozilla::camera::CamerasParent::IsShuttingDown
|
Core
|
WebRTC: Audio/Video
|
rjesup
|
RESO
|
FIXE
|
2017-10-26
|
| 1415582
|
|
Cleanup WebRTCGMP decoder initialization to match Encoder side
|
Core
|
WebRTC: Audio/Video
|
rjesup
|
RESO
|
FIXE
|
2018-08-28
|
| 1421963
|
|
Intermittent GECKO(3202) | ==3255==ERROR: AddressSanitizer: heap-use-after-free on address 0x61d000a582b4 at pc 0x7f1472493c22 bp 0x7f14688f2d30 sp 0x7f14688f2d28
|
Core
|
WebRTC: Audio/Video
|
rjesup
|
RESO
|
FIXE
|
2020-02-28
|
| 1346590
|
|
heap-use-after-free [@ GetBoolFlag]
|
Core
|
DOM: Core & HTML
|
smaug
|
RESO
|
FIXE
|
2019-03-13
|
| 1416307
|
|
When RefreshURI gets called with a null principal, we end up using the page's referrer as a principal
|
Core
|
DOM: Navigation
|
smaug
|
RESO
|
FIXE
|
2018-08-28
|
| 1418922
|
|
heap-use-after-free in GetSelectionRange
|
Core
|
DOM: Core & HTML
|
smaug
|
RESO
|
FIXE
|
2024-05-30
|
| 1459693
|
|
heap-use-after-free in nsFocusManager::CheckIfFocusable
|
Core
|
DOM: Core & HTML
|
smaug
|
RESO
|
FIXE
|
2024-05-30
|
| 1434384
|
|
AddressSanitizer: BUS on unknown address 0x000000000000 [@ __asan::asan_free] with clobbered bp involving StructuredClone
|
Core
|
JavaScript Engine
|
sphink
|
RESO
|
FIXE
|
2021-10-06
|
| 1442722
|
|
Assertion failure: point.canPeek(), at js/src/vm/StructuredClone.cpp:648 or various crashes with invalid free
|
Core
|
JavaScript Engine
|
sphink
|
RESO
|
FIXE
|
2021-10-06
|
| 1375146
|
|
heap-use-after-free in [@ mozilla::dom::TabParent::SendRealDragEvent]
|
Core
|
DOM: Events
|
stone123456
|
RESO
|
FIXE
|
2018-08-28
|
| 1415441
|
|
Crash in mozilla::detail::log_test called from OnMediaSinkVideoComplete()
|
Core
|
Audio/Video: Playbac
|
suro001
|
RESO
|
FIXE
|
2018-08-28
|
| 1446481
|
|
Avoid ElementsObject data being in general allocation pool
|
Core
|
JavaScript Engine
|
tcampbell
|
RESO
|
FIXE
|
2018-11-05
|
| 1424341
|
|
Allow independent and adjustable timer precision
|
Core
|
DOM: Events
|
tom
|
RESO
|
FIXE
|
2022-07-07
|
| 1380896
|
|
gmail is slow or stops responding
|
Core
|
Networking: HTTP
|
u408661
|
RESO
|
FIXE
|
2017-09-20
|
| 1416529
|
|
AddressSanitizer: heap-use-after-free @ mozilla::net::Http2Session::ProcessConnectedPush()
|
Core
|
Networking: HTTP
|
u408661
|
RESO
|
FIXE
|
2020-02-28
|
| 1334465
|
|
[e10s] Crash in IPCError-browser | PHttpChannel::Msg_SetPriority Route error: message sent to unknown actor ID
|
Core
|
Networking
|
valentin.gosu
|
RESO
|
FIXE
|
2018-02-20
|
| 1433609
|
|
IPC: global-buffer-overflow crash [@nsStandardURL::SegmentIs]
|
Core
|
Networking
|
valentin.gosu
|
RESO
|
FIXE
|
2019-05-24
|
| 1456975
|
|
Segfault - buffer overflow / arbitrary memory read in IPC due to unvalidated field in nsMozIconURI deserialization
|
Core
|
Networking
|
valentin.gosu
|
RESO
|
FIXE
|
2021-11-18
|
| 1299500
|
|
Get rid of DeviceStorage API
|
Core
|
DOM: Core & HTML
|
amarchesini
|
RESO
|
FIXE
|
2019-03-13
|
| 1419166
|
|
Cross-origin Shared Worker using data: url
|
Core
|
DOM: Workers
|
amarchesini
|
RESO
|
FIXE
|
2024-05-30
|
| 1451297
|
|
IPC: crash with PImageBridge::Msg_PTextureConstructor [@I422ToARGBRow_Any_AVX2]
|
Core
|
Graphics
|
aosmond
|
RESO
|
FIXE
|
2019-08-07
|
| 1404589
|
|
heap-use-after-free in nsStyleContext::DoGetStyleDisplay
|
Core
|
Layout
|
bugs
|
RESO
|
DUPL
|
2018-11-05
|
| 1400554
|
|
Crash in mozilla::net::nsHttpConnection::EnsureNPNComplete
|
Core
|
Networking: HTTP
|
dd.mozilla
|
RESO
|
FIXE
|
2018-08-28
|
| 1324042
|
|
Heap buffer over read [@nsTextFrame::GetRenderedText]
|
Core
|
Layout: Text and Fon
|
dholbert
|
RESO
|
FIXE
|
2018-08-28
|
| 1400399
|
|
crash near null and potential UAF in [@ PLDHashTable::Add]
|
Core
|
Disability Access AP
|
eitan
|
RESO
|
FIXE
|
2018-09-05
|
| 1329752
|
|
ESR - Configure e10s qualification criteria for ESR52
|
Firefox
|
Extension Compatibil
|
felipc
|
RESO
|
FIXE
|
2017-03-16
|
| 1416878
|
|
heap-use-after-free in nsWebShellWindow::WindowResized
|
Core
|
DOM: Core & HTML
|
freesamael
|
RESO
|
FIXE
|
2024-05-30
|
| 1413868
|
|
proxy bypass on windows via smb
|
Core
|
Networking: File
|
honzab.moz
|
RESO
|
FIXE
|
2019-08-07
|
| 1400763
|
|
heap-buffer-overflow [@ char16_t* nsTextFrameUtils::TransformText<char16_t>] with READ of size 2
|
Core
|
Layout: Text and Fon
|
jfkthame
|
RESO
|
FIXE
|
2018-08-28
|
| 1458264
|
|
ASan use-after-free in angle::LoadToNative3To4
|
Core
|
Graphics
|
jgilbert
|
RESO
|
FIXE
|
2019-08-07
|
| 1452375
|
|
AddressSanitizer: heap-buffer-overflow /builds/worker/workspace/build/src/gfx/2d/ssse3-scaler.c:202:16 in ssse3_fetch_horizontal
|
Core
|
Graphics
|
jmuizelaar
|
RESO
|
FIXE
|
2024-05-30
|
| 1382366
|
|
Crash in mozilla::SystemClockDriver::WaitForNextIteration | mozilla::MediaStreamGraphImpl::UpdateMainThreadState
|
Core
|
Audio/Video: MediaSt
|
karlt
|
RESO
|
FIXE
|
2018-08-28
|
| 1426603
|
|
Crash in mozilla::SystemClockDriver::WaitForNextIteration | mozilla::MediaStreamGraphImpl::UpdateMainThreadState
|
Core
|
Audio/Video: MediaSt
|
karlt
|
RESO
|
FIXE
|
2018-08-28
|
| 1237868
|
|
nsHostObjectProtocolHandler shouldn't be URI_IS_LOCAL_RESOURCE if it includes remote streams
|
Core
|
DOM: Security
|
kate+bugzilla
|
RESO
|
FIXE
|
2017-10-26
|
| 1366140
|
|
[TSF] Needs to grab TSF related objects during calling methods of them
|
Core
|
Widget: Win32
|
masayuki
|
RESO
|
FIXE
|
2017-10-26
|
| 1327965
|
|
[e10s] Firefox doesn't remember focused element in tab (randomly focuses urlbar) when I switch to another tab
|
Core
|
DOM: Content Process
|
nobody
|
RESO
|
WORK
|
2017-08-28
|
| 1369545
|
|
address potentially unsafe snprintf usage in PrepareAcceptLanguages
|
Core
|
Networking
|
nobody
|
RESO
|
DUPL
|
2023-10-19
|
| 1382361
|
|
Crash in nsLayoutUtils::GetCrossDocParentFrame (called from ImageLoader)
|
Core
|
Layout
|
nobody
|
RESO
|
WORK
|
2023-06-25
|
| 1443637
|
|
[Widevine] CDM crashes during playback
|
Core
|
Audio/Video: Playbac
|
nobody
|
RESO
|
DUPL
|
2022-12-09
|
| 1426129
|
|
AddressSanitizer: heap-use-after-free near [@ mozilla::camera::PCamerasChild::SendNumberOfCaptureDevices]
|
Core
|
WebRTC
|
padenot
|
RESO
|
FIXE
|
2020-02-28
|
| 1442804
|
|
Heap write analysis is detecting but not reporting errors
|
Core
|
CSS Parsing and Comp
|
sphink
|
RESO
|
FIXE
|
2019-08-07
|
| 1321384
|
|
Crash in mozilla::a11y::Accessible::SetARIAHidden
|
Core
|
Disability Access AP
|
surkov.alexander
|
RESO
|
FIXE
|
2018-02-01
|
| 1423616
|
|
Determine source of XDR corruption
|
Core
|
JavaScript Engine
|
tcampbell
|
RESO
|
INCO
|
2024-02-10
|
| 1410134
|
|
use-after-destruction in nsCookieService::RemoveCookiesWithOriginAttributes
|
Core
|
Networking: Cookies
|
tihuang
|
RESO
|
FIXE
|
2018-08-28
|
| 1361699
|
|
Page loading long paused when safebrowsing files are downloaded
|
Toolkit
|
Safe Browsing
|
tnguyen
|
RESO
|
FIXE
|
2022-03-02
|
| 1430173
|
|
Set all timers' rounding to 2ms for 52.7
|
Core
|
DOM: Core & HTML
|
tom
|
RESO
|
FIXE
|
2019-03-13
|
| 1402798
|
|
SVG: Invalid memory access at 0x00009fdf8004 in isNothing
|
Core
|
SVG
|
u459114
|
RESO
|
FIXE
|
2024-05-30
|
| 1428947
|
|
OOB Write in CopyPlane within ImageContainer.cpp
|
Core
|
Graphics: Layers
|
u480271
|
RESO
|
FIXE
|
2024-05-30
|
| 1392739
|
|
IPC: wild-addr-read in various messages [@CharAt]
|
Core
|
Networking
|
valentin.gosu
|
RESO
|
FIXE
|
2021-11-18
|
| 1412081
|
|
(CVE-2017-16541) Proxy bypass caused by autofs on Mac, Linux
|
Core
|
Networking: File
|
valentin.gosu
|
RESO
|
FIXE
|
2019-08-07
|
| 1399520
|
|
Intermittent AddressSanitizer: heap-use-after-free modules/libjar/nsJAR.cpp:61:21 in Release
|
Core
|
Networking: JAR
|
xeonchen
|
RESO
|
FIXE
|
2020-02-28
|
| 1412145
|
|
Backpointer in CSSOM objects need to be cleared when they are unlinked
|
Core
|
CSS Parsing and Comp
|
xidorn+moz
|
RESO
|
FIXE
|
2018-08-28
|
| 1257921
|
|
crash in mozilla::MozPromise<T>::ThenValueBase::ResolveOrRejectRunnable::ResolveOrRejectRunnable
|
Core
|
Audio/Video: Playbac
|
alwu
|
RESO
|
WORK
|
2023-06-25
|
| 1373222
|
|
URL.createObjectURL crashes Firefox 54
|
Core
|
DOM: Core & HTML
|
amarchesini
|
RESO
|
FIXE
|
2019-03-13
|
| 1388020
|
|
IPC: heap-buffer-overflow [@raw_fTexImage2D]
|
Core
|
Graphics
|
aosmond
|
RESO
|
FIXE
|
2018-08-28
|
| 1409440
|
|
Crash in sse2::convolve_horizontally
|
Core
|
Graphics
|
aosmond
|
RESO
|
FIXE
|
2019-12-09
|
| 1458270
|
|
ASan use-after-free in GfxInfo::GetFeatureStatus
|
Core
|
Graphics
|
away
|
RESO
|
FIXE
|
2019-08-07
|
| 1315248
|
|
Crash in mozilla::dom::UDPSocketParent::ConnectInternal
|
Core
|
DOM: Core & HTML
|
drno
|
RESO
|
FIXE
|
2019-03-13
|
| 1349310
|
|
Graphite2 lz4::decompress out of bounds write
|
Core
|
Graphics: Text
|
jfkthame
|
RESO
|
FIXE
|
2024-05-30
|
| 1350047
|
|
Graphite2: out of bounds read [@ graphite2::Pass::readPass]
|
Core
|
Graphics: Text
|
jfkthame
|
RESO
|
FIXE
|
2017-10-26
|
| 1453209
|
|
Hit MOZ_CRASH(Unexpected error with MOZ_GL_DEBUG_ABORT_ON_ERROR) at /home/worker/workspace/build/src/gfx/gl/GLContext.h:769
|
Core
|
Graphics: CanvasWebG
|
jgilbert
|
RESO
|
WONT
|
2018-05-07
|
| 1319164
|
|
Message XP/Vista users running ESR 52.9 to inform them that support/security updates have ended (2018 Q2)
|
Firefox
|
Security
|
jlorenzo
|
RESO
|
FIXE
|
2018-09-07
|
| 1438425
|
|
PDocumentRenderer __delete__() passes a size and a buffer, without length checks
|
Core
|
Graphics
|
jmuizelaar
|
RESO
|
FIXE
|
2019-05-24
|
| 1224396
|
|
Overflow in makeSpace causes potential memory-safety bug
|
Core
|
Graphics
|
lsalzman
|
RESO
|
FIXE
|
2024-05-30
|
| 1368720
|
|
Update Skia to m66 branch
|
Core
|
Graphics
|
lsalzman
|
RESO
|
FIXE
|
2019-07-25
|
| 1400721
|
|
Skia mishandles FreeType 2.8.1 patent-free subpixel rendering
|
Core
|
Graphics: Text
|
lsalzman
|
RESO
|
FIXE
|
2017-12-22
|
| 1342417
|
|
Crash in mozilla::EditorBase::InsertNode
|
Core
|
DOM: Editor
|
m_kato
|
RESO
|
FIXE
|
2017-08-02
|
| 1348955
|
|
Crash in mozilla::storage::...CallbackResultNotifier::Run
|
Toolkit
|
Storage
|
mak
|
RESO
|
FIXE
|
2018-08-28
|
| 1322660
|
|
Crash in woff2 module
|
Core
|
Graphics: Text
|
martin
|
RESO
|
FIXE
|
2017-05-10
|
| 1261175
|
|
crash in nsPresContext::GetRootPresContext or nsPresContext::GetParentPresContext (from nsRefreshDriver::IsWaitingForPaint())
|
Core
|
Layout
|
matt.woodrow
|
RESO
|
FIXE
|
2018-08-28
|
| 1337548
|
|
Twice as many DidComposite messages as vsync messages in the content process
|
Core
|
Graphics
|
matt.woodrow
|
RESO
|
FIXE
|
2017-06-30
|
| 1393367
|
|
Out-of-bound read due to unchecked sizes used for std::vector::resize()
|
Core
|
Graphics
|
mikokm
|
RESO
|
FIXE
|
2018-08-28
|
| 1387799
|
|
AddressSanitizer: heap-use-after-free @ nsTArray_base<...>::Length() | mozilla::layers::CompositorBridgeChild::RecvDidComposite
|
Core
|
Graphics: Layers
|
milaninbugzilla
|
RESO
|
FIXE
|
2020-02-28
|
| 1203273
|
|
Crash in js::TraceManuallyBarrieredGenericPointerEdge after corruption (Mac OS X)
|
Core
|
JavaScript: GC
|
nobody
|
RESO
|
INCO
|
2024-02-10
|
| 1319162
|
|
Message XP/Vista users running ESR 52.8 to inform them when support/security updates will end (2018 Q2)
|
Firefox
|
Security
|
nobody
|
RESO
|
WONT
|
2018-05-07
|
| 1343567
|
|
Multiple spaces overflowing textarea and not line breaking
|
Core
|
Layout: Text and Fon
|
nobody
|
RESO
|
INVA
|
2019-05-08
|
| 1347523
|
|
Crash in js::IsWrapper
|
Core
|
XPConnect
|
nobody
|
RESO
|
INCO
|
2021-10-19
|
| 1369543
|
|
address some potentially unsafe snprintf uses in dom/
|
Core Graveyard
|
Plug-ins
|
nobody
|
RESO
|
WONT
|
2023-12-26
|
| 1404860
|
|
[meta] At least ~33000 crashes/week due to use-after-free
|
Core
|
Memory Allocator
|
nobody
|
RESO
|
WORK
|
2023-06-25
|
| 1452416
|
|
Crash in [@ mozilla::CycleCollectedJSContext::ProcessMetastableStateQueue ] fixed in FF55/56. Uplift Requested to ESR.
|
Core
|
Audio/Video: MediaSt
|
rjesup
|
RESO
|
FIXE
|
2018-05-08
|
| 1401804
|
|
Intermittent application crashed [@ js::ProxyObject::setPrivate(JS::Value const&)] (Assertion failure: !JS::GCThingIsMarkedGray(JS::GCCellPtr(priv)), at js/src/vm/ProxyObject.cpp:131)
|
Core
|
JavaScript: GC
|
jcoppeard
|
RESO
|
FIXE
|
2018-08-28
|
| 1292803
|
|
Intermittent dom/media/mediasource/test/test_WaitingToEndedTransition_mp4.html | application terminated with exit code -139
|
Core
|
Audio/Video: Playbac
|
kinetik
|
RESO
|
FIXE
|
2017-09-03
|
| 1351942
|
|
list-style-image applied to context-openlinkintab appears black if not styled with !important
|
Firefox
|
Extension Compatibil
|
nobody
|
RESO
|
WONT
|
2022-06-01
|
| 1321814
|
|
Maintenance Service Updater Callback Parameter File Deletion Elevation of Privilege
|
Toolkit
|
Application Update
|
agashlin+bz
|
RESO
|
FIXE
|
2024-05-30
|
| 1412313
|
|
ParamTraits<nsAString> Deserialization - Integer Overflow
|
Core
|
IPC
|
alex.gaynor
|
RESO
|
FIXE
|
2022-01-04
|
| 1456189
|
|
AddressSanitizer: bad-free deserializing JSStructuredCloneData
|
Core
|
IPC
|
alex.gaynor
|
RESO
|
FIXE
|
2021-11-18
|
| 1344415
|
|
Privilege escalation/Sandbox escape using PFileSystemRequestConstructor
|
Core
|
Security: Process Sa
|
amarchesini
|
RESO
|
FIXE
|
2021-10-20
|
| 1349266
|
|
AddressSanitizer: heap-buffer-overflow [@ GetParent] with READ of size 8
|
Core
|
DOM: Workers
|
amarchesini
|
RESO
|
FIXE
|
2020-02-28
|
| 1349276
|
|
Paths received by FileSystemRequestParent need to be sanitized before passed to IsDescendantPath
|
Core
|
Security: Process Sa
|
amarchesini
|
RESO
|
FIXE
|
2017-10-26
|
| 1354308
|
|
Crash in IPCError-browser | This path is not allowed.
|
Core
|
Security: Process Sa
|
amarchesini
|
RESO
|
FIXE
|
2017-05-11
|
| 1366595
|
|
Stack-use-after-scope in NS_strlen while logging errors in XHR
|
Core
|
DOM: Core & HTML
|
amarchesini
|
RESO
|
FIXE
|
2024-05-30
|
| 1369913
|
|
Possible use after free caused by WebSocket::Send()
|
Core
|
DOM: Core & HTML
|
amarchesini
|
RESO
|
FIXE
|
2024-05-30
|
| 1371889
|
|
Heap-use-after-free in mozilla::dom::(anonymous namespace)::ConsumeBodyDoneObserver<mozilla::dom::Request>::OnStreamComplete
|
Core
|
DOM: Workers
|
amarchesini
|
RESO
|
FIXE
|
2024-05-30
|
| 1374047
|
|
WebSocket - Use After Free in WebSocketImpl::DisconnectInternal()
|
Core
|
DOM: Core & HTML
|
amarchesini
|
RESO
|
FIXE
|
2024-05-30
|
| 1459206
|
|
Arbitrary file listing (content disclosure?) by compromised content process
|
Core
|
DOM: Content Process
|
amarchesini
|
RESO
|
FIXE
|
2021-12-03
|
| 1343513
|
|
Integer overflow when validating length argument in TypedArray constructor
|
Core
|
JavaScript Engine
|
andrebargull
|
RESO
|
FIXE
|
2017-11-03
|
| 1357462
|
|
Assertion failure: !denseElementsAreFrozen(), at /home/andre/git/mozilla-central/js/src/vm/NativeObject.h:1055
|
Core
|
JavaScript Engine
|
andrebargull
|
RESO
|
FIXE
|
2017-10-26
|
| 1459285
|
|
Update to tzdata2018e
|
Core
|
JavaScript: Internat
|
andrebargull
|
RESO
|
FIXE
|
2018-07-09
|
| 1345960
|
|
TOK_COMMA should be excluded from possible async method definition
|
Core
|
JavaScript Engine
|
arai.unmht
|
RESO
|
FIXE
|
2017-03-20
|
| 1342854
|
|
https://foofighters.com is especially slow in Firefox, compared to Chrome
|
Core
|
DOM: Core & HTML
|
ben
|
RESO
|
FIXE
|
2019-03-13
|
| 1440775
|
|
fetch() force-cache mode allows reading responses with cache-control:no-store and pragma:no-cache
|
Core
|
DOM: Core & HTML
|
ben
|
RESO
|
FIXE
|
2019-03-13
|
| 1297111
|
|
Invalid array access in nsExpirationTracker::RemoveObject()
|
Core
|
Graphics: ImageLib
|
bevistseng
|
RESO
|
FIXE
|
2017-10-26
|
| 1356558
|
|
heap-use-after-free in nsViewManager::IsPainting
|
Core
|
Layout
|
bevistseng
|
RESO
|
FIXE
|
2024-05-30
|
| 1375404
|
|
Assertion failure: def->type() == definiteType, at js/src/jit/IonBuilder.cpp:7169
|
Core
|
JavaScript Engine
|
bhackett1024
|
RESO
|
FIXE
|
2017-07-19
|
| 1353204
|
|
ContentPrincipal::GenerateOriginNoSuffixFromURI should not return the hostport in the ORIGIN_IS_FULL_SPEC case
|
Core
|
Security
|
bholley
|
RESO
|
FIXE
|
2017-10-26
|
| 1347164
|
|
Regression - Ringmark failure - hsla() color serializing as rgb() rather than rgba()
|
Core
|
CSS Parsing and Comp
|
bignose1007+bugzilla
|
RESO
|
FIXE
|
2017-04-07
|
| 1334097
|
|
Crash in OOM | unknown | mozalloc_abort | mozalloc_handle_oom | moz_xmalloc | mozilla::ipc::MessageChannel::MaybeUndeferIncall
|
Core
|
IPC
|
bill.mccloskey
|
RESO
|
FIXE
|
2017-05-18
|
| 1369386
|
|
Better fix for invalid small page size printer preferences.
|
Core
|
Printing: Output
|
bobowencode
|
RESO
|
FIXE
|
2017-07-06
|
| 1365333
|
|
Firefox is very slow on Live Nation ticket finder, with APZ enabled
|
Core
|
Panning and Zooming
|
botond
|
RESO
|
FIXE
|
2022-03-02
|
| 1339591
|
|
Possible UAFs with AutoRestore in SMIL code
|
Core
|
Layout
|
brian
|
RESO
|
FIXE
|
2018-08-29
|
| 1347168
|
|
heap-use-after-free in nsSMILCompositor::GetFirstFuncToAffectSandwich
|
Core
|
SVG
|
brian
|
RESO
|
FIXE
|
2024-05-30
|
| 1410106
|
|
fingerprinting users in private window using web-worker + indexedDB
|
Firefox
|
Private Browsing
|
bugmail
|
RESO
|
FIXE
|
2024-05-30
|
| 1342823
|
|
Crash in RefPtr<T>::RefPtr<T> | TakeFrameRequestCallbacksFrom
|
Core
|
DOM: Animation
|
bzbarsky
|
RESO
|
FIXE
|
2017-10-26
|
| 1352926
|
|
AddressSanitizer: heap-buffer-overflow on address in nsContentSink::ProcessLinkHeader(nsAString const&)
|
Core
|
DOM: Core & HTML
|
bzbarsky
|
RESO
|
FIXE
|
2020-02-28
|
| 1359859
|
|
XBL executes fields/constructors/destructors against the wrong global
|
Core
|
XBL
|
bzbarsky
|
RESO
|
FIXE
|
2017-10-26
|
| 1371424
|
|
Crash in mozilla::dom::RsaHashedKeyAlgorithm::ToObjectInternal on GC poison value
|
Core
|
DOM: Core & HTML
|
bzbarsky
|
RESO
|
FIXE
|
2019-03-13
|
| 1371853
|
|
Possible native rooting issue in XPCConvert::JSObject2NativeInterface()
|
Core
|
XPConnect
|
bzbarsky
|
RESO
|
FIXE
|
2018-02-01
|
| 1371865
|
|
PRE_HELPER_STUB calls method on native without rooting the reflector
|
Core
|
XPConnect
|
bzbarsky
|
RESO
|
FIXE
|
2018-02-01
|
| 1444231
|
|
FragmentOrElement should not QI to Element
|
Core
|
DOM: Core & HTML
|
bzbarsky
|
RESO
|
FIXE
|
2019-03-13
|
| 1467870
|
|
Sort out what should happen with Xray expandos when a node is adopted into the Xray compartment
|
Core
|
XPConnect
|
bzbarsky
|
RESO
|
FIXE
|
2019-08-07
|
| 1356601
|
|
Crash with ::first-line, CSS variables and CSS animations
|
Core
|
CSS Parsing and Comp
|
cam
|
RESO
|
FIXE
|
2017-05-18
|
| 1362924
|
|
Fix potential reentry into DocumentViewer from call sites which includes nsAutoScriptBlocker.
|
Core
|
Layout
|
cam
|
RESO
|
FIXE
|
2020-06-16
|
| 1437158
|
|
Remove proxxy support from mozharness
|
Release Engineering
|
Applications: Mozhar
|
catlee
|
RESO
|
FIXE
|
2018-02-28
|
| 1349340
|
|
Probable write beyond bounds in GetSurfaceDataImpl()
|
Core
|
DOM: Copy & Paste an
|
cervantes.yu
|
RESO
|
FIXE
|
2024-05-30
|
| 1352556
|
|
Possible integer overflow in usage of MFGetAttributeSize results
|
Core
|
Audio/Video: GMP
|
chris
|
RESO
|
FIXE
|
2017-10-26
|
| 1353975
|
|
UXSS: Origin confusion when reloading isolated data:text/html URL
|
Core
|
DOM: Navigation
|
ckerschb
|
RESO
|
FIXE
|
2024-05-30
|
| 1344467
|
|
Uninitialized value in nsDirIndexParser::ParseFormat
|
Core
|
Networking
|
daniel
|
RESO
|
FIXE
|
2024-05-30
|
| 1359639
|
|
heap-buffer-overflow READ size 4 in [@ nsDirIndexParser::ParseData]
|
Core
|
Networking
|
daniel
|
RESO
|
FIXE
|
2017-10-26
|
| 1340127
|
|
SEGV in ClearBidiControls
|
Core
|
Layout: Text and Fon
|
dbaron
|
RESO
|
FIXE
|
2024-05-30
|
| 1348894
|
|
fix integer overflow in RecyclingPlanarYCbCrImage::CopyData
|
Core
|
Graphics
|
dbaron
|
RESO
|
FIXE
|
2017-10-26
|
| 1338876
|
|
Out of bound access in nsHttpDigestAuth::ParseChallenge
|
Core
|
Networking
|
dd.mozilla
|
RESO
|
FIXE
|
2017-10-26
|
| 1364189
|
|
Make sure not to retry socketTransaction if nsHttpConnectionMgr cancels it
|
Core
|
Networking: HTTP
|
dd.mozilla
|
RESO
|
FIXE
|
2017-07-06
|
| 1339566
|
|
Use-after-free in nsDocShell::CreateAboutBlankViewer
|
Core
|
Layout
|
dholbert
|
RESO
|
FIXE
|
2017-10-26
|
| 1345873
|
|
flex items aren't sorted according to "order", if they're separated by an abspos sibling
|
Core
|
Layout
|
dholbert
|
RESO
|
FIXE
|
2017-04-10
|
| 1429768
|
|
Intermittent AddressSanitizer: heap-use-after-free /builds/worker/workspace/moz-toolchain/src/llvm/projects/compiler-rt/lib/asan/asan_interceptors.cc:458:3 in memcpy
|
Core
|
WebRTC
|
docfaraday
|
RESO
|
FIXE
|
2020-02-28
|
| 1464079
|
|
AddressSanitizer: heap-use-after-free [@ ~lock_block] with READ of size 8
|
Core
|
WebRTC
|
docfaraday
|
RESO
|
FIXE
|
2020-02-28
|
| 1356292
|
|
Installing add-ons from non-whitelisted sites no longer gives the option to allow the install if the addon load is redirected
|
Toolkit
|
Add-ons Manager
|
dtownsend
|
RESO
|
FIXE
|
2017-08-28
|
| 1348168
|
|
integer overflow in createImageBitmap() overload accepting ArrayBuffer and ArrayBufferView arguments (pwn2own 2017)
|
Core
|
Graphics
|
ehsan.akhgari
|
RESO
|
FIXE
|
2018-01-08
|
| 1385667
|
|
Firefox fails to build with recent GLIBC: error: field 'context' has incomplete type 'google_breakpad::ucontext'
|
Toolkit
|
Crash Reporting
|
emilio
|
RESO
|
FIXE
|
2018-01-23
|
| 1428589
|
|
UAF in nsCookieService (uncovered by the patch for bug 1361815).
|
Core
|
Networking: Cookies
|
emilio
|
RESO
|
FIXE
|
2019-05-24
|
| 1347748
|
|
Overflow and latent write beyond bounds in DataTransfer::GetTransferable()
|
Core
|
DOM: Copy & Paste an
|
enndeakin
|
RESO
|
FIXE
|
2024-05-30
|
| 1344081
|
|
Write beyond bounds caused by nsHttpNegotiateAuth::GenerateCredentials()
|
Core
|
Networking: HTTP
|
ericrahm+bz
|
RESO
|
FIXE
|
2024-05-30
|
| 1344305
|
|
Write beyond bounds caused by nsHttpNTLMAuth::GenerateCredentials()
|
Core
|
Networking: HTTP
|
ericrahm+bz
|
RESO
|
FIXE
|
2024-05-30
|
| 1349719
|
|
Probable write beyond bounds due to nsTSubstring_CharT::Adopt()
|
Core
|
XPCOM
|
ericrahm+bz
|
RESO
|
FIXE
|
2024-05-30
|
| 1356025
|
|
Possible write beyond bounds due to passing a large buffer to nsTSubstring_CharT::nsTSubstring_CharT()
|
Core
|
XPCOM
|
ericrahm+bz
|
RESO
|
FIXE
|
2017-10-26
|
| 1452202
|
|
Undefined behavior in PLDHashTable::operator=()
|
Core
|
XPCOM
|
ericrahm+bz
|
RESO
|
FIXE
|
2024-05-30
|
| 1346720
|
|
Content process can modify preferences it shouldn't due to input validation weaknesses
|
Core
|
Audio/Video: Playbac
|
fbraun
|
RESO
|
FIXE
|
2017-10-26
|
| 1344380
|
|
Write beyond bounds caused by bugs in Base64 de/encoding in nssb64d.c and nssb64e.c
|
NSS
|
Libraries
|
franziskuskiefer
|
RESO
|
FIXE
|
2024-05-30
|
| 1345089
|
|
DRBG addition is broken
|
NSS
|
Libraries
|
franziskuskiefer
|
RESO
|
FIXE
|
2017-10-26
|
| 1339722
|
|
Crash in nsGlobalWindow::DispatchDOMWindowCreated
|
Core
|
DOM: Core & HTML
|
freesamael
|
RESO
|
FIXE
|
2019-03-13
|
| 1348454
|
|
KeyPair Sign threads are leaked on every use of the feature
|
Core Graveyard
|
Identity
|
froydnj+bz
|
RESO
|
FIXE
|
2019-02-25
|
| 1365875
|
|
Firefox allows you to insert confirm/alert/prompt dialog in any domain
|
Toolkit Graveyard
|
Notifications and Al
|
gijskruitbosch+bugs
|
RESO
|
FIXE
|
2024-05-30
|
| 1443865
|
|
OOB write in libvpx 1.6.1
|
Core
|
WebRTC: Audio/Video
|
giles
|
RESO
|
FIXE
|
2019-05-24
|
| 1465898
|
|
Heap-buffer-underflow READ 8 from HalParent::RecvEnableSwitchNotifications
|
Core
|
Hardware Abstraction
|
gsvelto
|
RESO
|
FIXE
|
2021-11-18
|
| 1373363
|
|
After updating Firefox ESR 52 32-bit to ESR 52.2.0 32-bit, printing web pages doesn't print text
|
Core
|
Printing: Output
|
gw
|
RESO
|
FIXE
|
2017-07-12
|
| 1309438
|
|
After entering an invalid password on an NTLM authenticated site, the correct password is rejected subsequently
|
Core
|
Networking: HTTP
|
honzab.moz
|
RESO
|
FIXE
|
2017-03-31
|
| 1321612
|
|
nsMultiMixedConv::OnDataAvailable may read beyond a buffer when content is received byte-by-byte
|
Core
|
Networking
|
honzab.moz
|
RESO
|
FIXE
|
2017-10-26
|
| 1376459
|
|
AppCache issues (served on subpath allowed to set FALLBACK for whole origin, allowed to set on svg/xml)
|
Core
|
Networking: Cache
|
honzab.moz
|
RESO
|
FIXE
|
2018-02-01
|
| 1334290
|
|
Truncation in nsScanner
|
Core
|
XML
|
hsivonen
|
RESO
|
FIXE
|
2024-05-30
|
| 1336836
|
|
NULL deref at nsNCRFallbackEncoderWrapper::Encode during XPCOM shutdown after XSLT processing
|
Core
|
Internationalization
|
hsivonen
|
RESO
|
FIXE
|
2024-05-30
|
| 1440926
|
|
Overflow in nsUnicodeToBIG5::GetMaxLength can create memory-safety bugs in callers
|
Core
|
Internationalization
|
hsivonen
|
RESO
|
FIXE
|
2024-05-30
|
| 1443891
|
|
Integer overflow in nsScriptableUnicodeConverter::ConvertFromByteArray can cause a heap buffer overflow
|
Core
|
Internationalization
|
hsivonen
|
RESO
|
FIXE
|
2024-05-30
|
| 1394654
|
|
remove OS X opengl workaround from Mozilla bug 603134
|
Core
|
Widget: Cocoa
|
jaas
|
RESO
|
FIXE
|
2018-01-11
|
| 1333720
|
|
Unknown/Unsupported widget type 13/17 with firefox-52.0b1 compiled with --enable-default-toolkit=cairo-gtk2
|
Core
|
Widget: Gtk
|
james-p
|
RESO
|
FIXE
|
2018-10-17
|
| 1336467
|
|
CC weakmap fixup blackens weakmap keys with black delegates even when the map is gray
|
Core
|
JavaScript: GC
|
jcoppeard
|
RESO
|
FIXE
|
2017-10-26
|
| 1340482
|
|
Shape field not traced for non-native shaped objects
|
Core
|
JavaScript: GC
|
jcoppeard
|
RESO
|
FIXE
|
2017-10-26
|
| 1341096
|
|
JS::IsIncrementalBarrierNeeded returns false during incremental sweeping
|
Core
|
JavaScript: GC
|
jcoppeard
|
RESO
|
FIXE
|
2017-10-26
|
| 1344686
|
|
Gray marking checks fail for Windows 7 devtools tests
|
Core
|
JavaScript: GC
|
jcoppeard
|
RESO
|
FIXE
|
2017-10-26
|
| 1358073
|
|
Crash in js::TenuringTracer::traverse<T>
|
Core
|
JavaScript: GC
|
jcoppeard
|
RESO
|
FIXE
|
2018-02-28
|
| 1363229
|
|
Crash [@ js::gc::IsInsideNursery] with nukeCCW
|
Core
|
JavaScript Engine
|
jcoppeard
|
RESO
|
DUPL
|
2018-04-03
|
| 1465108
|
|
Uplift some compacting GC changes which landed in bug 1457703
|
Core
|
JavaScript: GC
|
jcoppeard
|
RESO
|
FIXE
|
2019-08-07
|
| 1368105
|
|
Assertion failure: offset < base()->length(), at js/src/vm/String.h:735 with dumpStringRepresentation
|
Core
|
JavaScript Engine
|
jdemooij
|
RESO
|
FIXE
|
2018-02-01
|
| 1368362
|
|
Assertion failure: MIR instruction returned object with unexpected type, at js/src/jit/MacroAssembler.cpp:1695 with wasm
|
Core
|
JavaScript Engine
|
jdemooij
|
RESO
|
FIXE
|
2018-02-01
|
| 1371283
|
|
Crash [@ ??] with OOM
|
Core
|
JavaScript Engine
|
jdemooij
|
RESO
|
FIXE
|
2018-02-01
|
| 1352745
|
|
Graphite2 heap-buffer-overflow write [@ lz4::decompress]
|
Core
|
Graphics: Text
|
jfkthame
|
RESO
|
FIXE
|
2017-10-26
|
| 1352747
|
|
Graphite2 heap-buffer-overflow write [@ lz4::decompress] src/Decompressor.cpp:90
|
Core
|
Graphics: Text
|
jfkthame
|
RESO
|
FIXE
|
2017-10-26
|
| 1355174
|
|
Graphite2: out of bounds read [@ graphite2::Silf::readGraphite]
|
Core
|
Graphics: Text
|
jfkthame
|
RESO
|
FIXE
|
2017-10-26
|
| 1355182
|
|
Graphite2: Assertion 'size() > n' failed [@ graphite2::FeatureRef::applyValToFeature]
|
Core
|
Graphics: Text
|
jfkthame
|
RESO
|
FIXE
|
2017-10-26
|
| 1356607
|
|
Graphite2: heap-buffer-overflow read [@ graphite2::Silf::getClassGlyph]
|
Core
|
Graphics: Text
|
jfkthame
|
RESO
|
FIXE
|
2017-10-26
|
| 1358551
|
|
Graphite2: use of uninitialized memory [@ graphite2::GlyphCache::Loader::read_glyph]
|
Core
|
Graphics: Text
|
jfkthame
|
RESO
|
FIXE
|
2017-10-26
|
| 1390550
|
|
Buffer Overflow in Hyphen
|
Core
|
Layout: Text and Fon
|
jfkthame
|
RESO
|
FIXE
|
2018-02-01
|
| 1390980
|
|
Domain spoofing thanks to U+0F8C rendered as 'space' on Mac OS 10.11
|
Firefox
|
Address Bar
|
jfkthame
|
RESO
|
FIXE
|
2024-05-30
|
| 1328762
|
|
Invalid read @ libGLESv2.dll!rx::Image11::disassociateStorage() | Assertion failure: !err
|
Core
|
Graphics: CanvasWebG
|
jgilbert
|
RESO
|
FIXE
|
2017-11-02
|
| 1348660
|
|
Implement a method to retrieve usage data for all origins at once
|
Core
|
Storage: Quota Manag
|
jvarga
|
RESO
|
FIXE
|
2018-09-12
|
| 1350564
|
|
Crash in mozilla::dom::quota::UsageRequest::GetResult
|
Core
|
Storage: Quota Manag
|
jvarga
|
RESO
|
FIXE
|
2017-10-30
|
| 1356824
|
|
AddressSanitizer: heap-use-after-free WRITE of size 4 dom/indexedDB/ActorsParent.cpp:21164:10
|
Core
|
Storage: IndexedDB
|
jvarga
|
RESO
|
FIXE
|
2024-05-30
|
| 1342913
|
|
When stream ID change during internal seeking, waiting promise will never be resolved.
|
Core
|
Audio/Video: Playbac
|
jya-moz
|
RESO
|
FIXE
|
2017-07-12
|
| 1351349
|
|
Crash in igd10iumd32.dll | CContext::EmptyOutAllDDIBindPoints
|
Core
|
Graphics
|
kev155266
|
RESO
|
FIXE
|
2017-08-02
|
| 1371689
|
|
Update convolver.cpp and related imported Chromium Source Code
|
Core
|
Graphics
|
lsalzman
|
RESO
|
FIXE
|
2018-02-01
|
| 1462682
|
|
Firefox/Skia: Heap overflow in SkScan::FillPath due to precision error
|
Core
|
Graphics
|
lsalzman
|
RESO
|
FIXE
|
2019-05-24
|
| 1372063
|
|
Crash in OOM | large | mozalloc_abort | mozalloc_handle_oom | moz_xrealloc | nsTArray_base<T>::EnsureCapacity<T> | nsTArray_Impl<T>::AppendElements<T> | nsDataObj::CStream::OnDataAvailable
|
Core
|
Widget: Win32
|
m_kato
|
RESO
|
FIXE
|
2017-08-01
|
| 1380292
|
|
heap-use-after-free in ~nsStyleContext, nsFrameManager::CaptureFrameState etc
|
Core
|
DOM: Editor
|
m_kato
|
RESO
|
FIXE
|
2024-05-30
|
| 1380824
|
|
Assertion failure: uint32_t(startOffset) <= startParent->Length() && uint32_t(endOffset) <= endParent->Length() [@nsContentSubtreeIterator::Init]
|
Core
|
DOM: Core & HTML
|
m_kato
|
RESO
|
FIXE
|
2019-03-13
|
| 1342440
|
|
wasm: keep wasm disabled in esr52
|
Core
|
JavaScript Engine
|
mail
|
RESO
|
FIXE
|
2017-02-24
|
| 1357366
|
|
Avoid a possible crash loop in Places Database corruption handling
|
Toolkit
|
Places
|
mak
|
RESO
|
FIXE
|
2017-08-28
|
| 1342552
|
|
Crash in nsViewManager::GetRootWidget
|
Core
|
DOM: Events
|
masayuki
|
RESO
|
FIXE
|
2017-10-26
|
| 1367692
|
|
Crash in CTipFnHotkeyManager::InitContextHotkeys (ja, win10 creators update)
|
Core
|
Widget: Win32
|
masayuki
|
RESO
|
FIXE
|
2017-10-26
|
| 1368318
|
|
Crash in IsWindowColorDark
|
Core
|
Widget: Win32
|
masayuki
|
RESO
|
FIXE
|
2017-09-04
|
| 1343606
|
|
Crash near null [@ nsSplittableFrame::GetNextInFlow]
|
Core
|
Layout
|
MatsPalmgren_bugz
|
RESO
|
FIXE
|
2019-05-07
|
| 1343795
|
|
heap-use-after-free in mozilla::dom::Selection::ScrollIntoView
|
Core
|
DOM: Selection
|
MatsPalmgren_bugz
|
RESO
|
FIXE
|
2024-05-30
|
| 1347979
|
|
heap-use-after-free in GetRequiredInnerTextLineBreakCount
|
Core
|
DOM: Core & HTML
|
MatsPalmgren_bugz
|
RESO
|
FIXE
|
2024-05-30
|
| 1352093
|
|
Use-after-free due to ref counter overflow in CanvasRenderingContext2D
|
Core
|
Graphics: Canvas2D
|
MatsPalmgren_bugz
|
RESO
|
FIXE
|
2017-10-26
|
| 1355873
|
|
Improve the error handling and cleanup our canvas2d code
|
Core
|
Graphics: Canvas2D
|
MatsPalmgren_bugz
|
RESO
|
FIXE
|
2017-05-03
|
| 1336699
|
|
Uninitialized value in nsFtpState::R_pasv
|
Core Graveyard
|
Networking: FTP
|
mcmanus
|
RESO
|
FIXE
|
2024-02-08
|
| 1348409
|
|
Assertion failure: XRE_IsParentProcess() with window.find
|
Core
|
DOM: Core & HTML
|
mconley
|
RESO
|
FIXE
|
2019-03-13
|
| 1424373
|
|
Tab crash reporter is activating auto-submission of crash reports anytime a tab crashes with no crash report
|
Firefox
|
General
|
mconley
|
RESO
|
FIXE
|
2018-02-17
|
| 1342360
|
|
Crash in mozilla::net::WyciwygChannelParent::ActorDestroy
|
Core
|
Networking
|
michal.novotny
|
RESO
|
FIXE
|
2017-04-07
|
| 1342366
|
|
Crash in nsWyciwygChannel::GetCharsetAndSource
|
Core
|
Networking
|
michal.novotny
|
RESO
|
FIXE
|
2017-05-05
|
| 1329796
|
|
Crash in mozilla::dom::CanvasRenderingContext2D::StrokeRect
|
Core
|
Graphics: Canvas2D
|
milaninbugzilla
|
RESO
|
FIXE
|
2017-10-26
|
| 1320273
|
|
DLL Hijacking - Firefox installer on Windows 7
|
Firefox
|
Installer
|
molly
|
RESO
|
DUPL
|
2024-05-30
|
| 1375472
|
|
Install timeout regression as a consequence of DLL delay loading from bug 1361326
|
Firefox
|
Installer
|
molly
|
RESO
|
FIXE
|
2017-07-24
|
| 1349595
|
|
Possible integer overflow in allocation size in GMPVideoi420FrameImpl::CreateEmptyFrame?
|
Core
|
Audio/Video: GMP
|
mozbugz
|
RESO
|
FIXE
|
2018-06-04
|
| 1428880
|
|
Switch ESR to use Google as default
|
Firefox
|
Search
|
mozilla
|
RESO
|
FIXE
|
2018-01-16
|
| 1377618
|
|
Potential UAF in TLS 1.2 server when verifying client authentication
|
NSS
|
Libraries
|
mt
|
RESO
|
FIXE
|
2018-02-01
|
| 1440717
|
|
AddressSanitizer: heap-use-after-free [@ mozilla::gl::GLContext::MakeCurrent] with READ of size 8
|
Core
|
Graphics: Layers
|
nical.bugzilla
|
RESO
|
FIXE
|
2020-02-28
|
| 1464039
|
|
Heap-buffer-overflow READ 4 · qcms_transform_module_clut_only
|
Core
|
Graphics: Color Mana
|
nical.bugzilla
|
RESO
|
FIXE
|
2019-08-22
|
| 1348143
|
|
Use of uninitialized objects / use after free causes memory corruption via DataTransfer::FillInExternalCustomTypes()
|
Core
|
DOM: Copy & Paste an
|
nika
|
RESO
|
FIXE
|
2024-05-30
|
| 1315153
|
|
Message XP/Vista users to inform them that v52 will be the last major version they receive (2017 Q1)
|
Firefox
|
Security
|
nobody
|
RESO
|
FIXE
|
2017-06-28
|
| 1318645
|
|
Crash in mozilla::a11y::Accessible::Elm
|
Core
|
Disability Access AP
|
nobody
|
RESO
|
FIXE
|
2017-10-26
|
| 1324804
|
|
[Non-e10s] Select not working when confirmation geolocation popup is open
|
Toolkit Graveyard
|
Notifications and Al
|
nobody
|
RESO
|
FIXE
|
2023-07-06
|
| 1345456
|
|
Favicon fails to display for majority of tabs upon restart.
|
Firefox
|
Tabbed Browser
|
nobody
|
RESO
|
FIXE
|
2021-05-28
|
| 1345836
|
|
Crash in __crt_stdio_input::input_processor<T>::process_string_specifier_tchar<T>
|
Toolkit
|
Startup and Profile
|
nobody
|
RESO
|
WONT
|
2017-09-05
|
| 1346414
|
|
Demonstrate new OSX update process works with new Mac code signing keypair.
|
Toolkit
|
Application Update
|
nobody
|
RESO
|
FIXE
|
2017-08-29
|
| 1348644
|
|
Copied part of URL suggestions in awesomebar that contain both '?' and '&' is just symbols (U+E5E5)
|
Firefox
|
Address Bar
|
nobody
|
RESO
|
DUPL
|
2020-08-08
|
| 1369396
|
|
Release 52.1.2 (32-bit) is unstable and crashing.
|
Firefox
|
Untriaged
|
nobody
|
RESO
|
WORK
|
2017-08-28
|
| 1379885
|
|
heap-use-after-free in NeedToDrawShadow
|
Core
|
Graphics: Canvas2D
|
nobody
|
RESO
|
WORK
|
2024-05-30
|
| 1406040
|
|
Minor update of ESR breaks addons and changes things
|
Firefox
|
Extension Compatibil
|
nobody
|
RESO
|
WONT
|
2017-11-01
|
| 1424684
|
|
Slugish response from UI during general usage
|
Firefox
|
General
|
nobody
|
RESO
|
WONT
|
2018-03-09
|
| 1427191
|
|
Update tests failing for Win7 for 57.0.3
|
Firefox
|
General
|
nobody
|
RESO
|
WORK
|
2018-02-08
|
| 1449928
|
|
Backport CVE-2017-15422 to ESR52
|
Core
|
JavaScript: Internat
|
nobody
|
RESO
|
WONT
|
2020-06-29
|
| 1451260
|
|
Firefox fails to launch with the latest Kaspersky (G) patch
|
External Software Af
|
Other
|
nobody
|
RESO
|
FIXE
|
2020-06-17
|
| 1463741
|
|
ESR 52.8 crashes on mobile
|
Core
|
JavaScript Engine
|
nobody
|
RESO
|
WONT
|
2018-07-05
|
| 1273265
|
|
Firefox Mark of the Web bypass (MSVR 1533)
|
Firefox
|
File Handling
|
paolo.mozmail
|
RESO
|
FIXE
|
2017-11-01
|
| 1361892
|
|
Null READ in txParamArrayHolder::~txParamArrayHolder()
|
Core
|
XSLT
|
peterv
|
RESO
|
FIXE
|
2017-05-26
|
| 1357593
|
|
spidermonkey tests fail on other 64-bit architectures
|
Core
|
JavaScript Engine
|
philip.chimento
|
RESO
|
FIXE
|
2017-10-13
|
| 1404787
|
|
Change some symbols to public in SpiderMonkey shared library
|
Core
|
JavaScript Engine
|
philip.chimento
|
RESO
|
FIXE
|
2017-11-02
|
| 1340263
|
|
Simplify bouncer SHA1 logic to serve only ESR52 based installers
|
Webtools
|
Bouncer
|
rail
|
RESO
|
FIXE
|
2017-08-28
|
| 1336964
|
|
Arbitrary file "deletion" as SYSTEM with maintenance service
|
Toolkit
|
Application Update
|
robert.strong.bugs
|
RESO
|
FIXE
|
2024-05-30
|
| 1336979
|
|
32 byte arbitrary file reads as SYSTEM with maintenance service
|
Toolkit
|
Application Update
|
robert.strong.bugs
|
RESO
|
FIXE
|
2024-05-30
|
| 1342742
|
|
Arbitrary code execution as SYSTEM using Updater to overwrite updater.ini
|
Toolkit
|
Application Update
|
robert.strong.bugs
|
RESO
|
FIXE
|
2024-05-30
|
| 1348645
|
|
Maintenance Service updater PatchFile file manipulation
|
Toolkit
|
Application Update
|
robert.strong.bugs
|
RESO
|
FIXE
|
2024-05-30
|
| 1358336
|
|
Updater reports that 52.0.2 must be installed even though running 53.0
|
Toolkit
|
Application Update
|
robert.strong.bugs
|
RESO
|
FIXE
|
2017-05-04
|
| 1339612
|
|
Update libogg to 1.3.2
|
Core
|
Audio/Video
|
ryanvm
|
RESO
|
FIXE
|
2017-11-08
|
| 1343453
|
|
3 public security flaws in libevent, which may affect mozilla products
|
Core
|
IPC
|
ryanvm
|
RESO
|
FIXE
|
2017-10-26
|
| 1398021
|
|
Update lz4 to 1.8.0
|
Core
|
MFBT
|
ryanvm
|
RESO
|
FIXE
|
2019-10-28
|
| 1453653
|
|
Cherry-pick an upstream FreeType integer overflow fix
|
Core
|
Graphics: Text
|
ryanvm
|
RESO
|
FIXE
|
2018-08-28
|
| 1342101
|
|
Crash [@ js::IsDerivedProxyObject] or Assertion failure: CurrentThreadCanAccessZone(zone), at gc/Heap.h:1262
|
Core
|
JavaScript Engine
|
shu
|
RESO
|
FIXE
|
2017-10-26
|
| 1364513
|
|
Potential Integer overflow in dom/canvas/ImageBitmap.cpp with use of uninitialized memory
|
Core
|
Graphics: Canvas2D
|
smaug
|
RESO
|
FIXE
|
2018-02-01
|
| 1371657
|
|
Heap use-after-free in @[nsFrameSelection::cycleCollection::TraverseNative(void*, nsCycleCollectionTraversalCallback&) /home/worker/workspace/build/src/layout/generic/nsSelection.cpp:613]
|
Core
|
DOM: Editor
|
smaug
|
RESO
|
FIXE
|
2018-02-01
|
| 1380284
|
|
heap-use-after-free in mozilla::a11y::DocAccessible::RelocateARIAOwnedIfNeeded
|
Core
|
DOM: Editor
|
smaug
|
RESO
|
FIXE
|
2024-05-30
|
| 1397811
|
|
heap-use-after-free in [@ nsINode::DeleteProperty]
|
Core
|
DOM: Core & HTML
|
smaug
|
RESO
|
FIXE
|
2019-03-13
|
| 1434580
|
|
Testcase for bug 1423159 fails in different place on esr52
|
Core
|
DOM: Events
|
smaug
|
RESO
|
FIXE
|
2019-05-24
|
| 1363280
|
|
Intermittent damp | application crashed [@ mozilla::layers::AutoLayerTransactionParentAsyncMessageSender::AutoLayerTransactionParentAsyncMessageSender(mozilla::layers::LayerTransactionParent *,nsTArray<mozilla::layers::OpDestroy> const *)]
|
Core
|
Graphics: Layers
|
sotaro.ikeda.g
|
RESO
|
FIXE
|
2017-10-26
|
| 1343261
|
|
Crash [@ JSObject::compartment] or Crash [@ js::gc::GCRuntime::markCompartments] with nukeCCW
|
Core
|
JavaScript: GC
|
sphink
|
RESO
|
FIXE
|
2017-10-26
|
| 1386787
|
|
IPC: heap-buffer-overflow [@ JSStructuredCloneReader::read]
|
Core
|
JavaScript Engine
|
sphink
|
RESO
|
FIXE
|
2018-02-01
|
| 1389974
|
|
Static analysis missing a rooting hazard in NPAPI code?
|
Core
|
JavaScript: GC
|
sphink
|
RESO
|
FIXE
|
2018-02-01
|
| 1372849
|
|
WindowsDllDetourPatcher Destructor Exploit Primitive
|
Core
|
Security
|
stephen
|
RESO
|
FIXE
|
2018-02-01
|
| 1347075
|
|
negative size memmove in mozilla::a11y::Accessible::InsertChildAt
|
Core
|
Disability Access AP
|
surkov.alexander
|
RESO
|
FIXE
|
2024-05-30
|
| 1349847
|
|
Crash in mozilla::a11y::Accessible::HasGenericType
|
Core
|
Disability Access AP
|
surkov.alexander
|
RESO
|
FIXE
|
2017-05-31
|
| 1363027
|
|
Crash in mozilla::a11y::Accessible::RemoveChild
|
Core
|
Disability Access AP
|
surkov.alexander
|
RESO
|
FIXE
|
2017-09-04
|
| 1372985
|
|
heap-buffer-overflow in [@ mozilla::a11y::DocAccessible::PutChildrenBack]
|
Core
|
Disability Access AP
|
surkov.alexander
|
RESO
|
FIXE
|
2018-02-01
|
| 1398381
|
|
Heap Buffer Overflow in CopyNativeVertexData (ANGLE)
|
Core
|
Graphics: CanvasWebG
|
svargas
|
RESO
|
FIXE
|
2024-05-30
|
| 1383000
|
|
UAF in nsJAR::GetInputStreamWithSpec in nsJAR.cpp
|
Core
|
Networking: JAR
|
tbourvon
|
RESO
|
FIXE
|
2019-04-12
|
| 1383002
|
|
UAF in nsMIMEHeaderParamImpl::DecodeRFC5987Param in nsMIMEHeaderParamImpl.cpp
|
Core
|
Networking
|
tbourvon
|
RESO
|
FIXE
|
2019-04-12
|
| 1446365
|
|
Out of bounds write in libtremor
|
Core
|
Audio/Video
|
tdaede
|
RESO
|
FIXE
|
2018-11-05
|
| 1422735
|
|
Change symbol upload URL from Socorro to Tecken
|
Firefox Build System
|
General
|
ted
|
RESO
|
FIXE
|
2018-03-02
|
| 1324140
|
|
Various dom::Promise methods assume that it's holding an actual Promise object, when it may not
|
Core
|
DOM: Core & HTML
|
till
|
RESO
|
FIXE
|
2019-03-13
|
| 1346012
|
|
Crash in PromiseReactionRecord::setHandlerArg
|
Core
|
JavaScript Engine
|
till
|
RESO
|
FIXE
|
2017-10-26
|
| 1273537
|
|
A click into the location bar can lead to a Location Bar Spoofing vulnerability (URL and SSL Spoofing) using the onblur event and change the URL size by a bigger URL size.
|
Firefox
|
Address Bar
|
timdream
|
RESO
|
FIXE
|
2024-05-30
|
| 1342567
|
|
Crash in nsExpirationTracker<T>::RemoveObject
|
Core
|
Graphics: ImageLib
|
tnikkel
|
RESO
|
FIXE
|
2017-10-26
|
| 1348941
|
|
Possible integer overflow in allocation size in nsBMPEncoder::AddImageFrame?
|
Core
|
Graphics: ImageLib
|
tnikkel
|
RESO
|
FIXE
|
2017-10-26
|
| 1344368
|
|
Upgrade Firefox 52 to NSS 3.28.4
|
Core
|
Security: PSM
|
ttaubert
|
RESO
|
FIXE
|
2023-12-11
|
| 1349621
|
|
Use of uninitialized memory [@ NS_GetFinalChannelURI]
|
Core
|
Networking
|
twsmith
|
RESO
|
FIXE
|
2017-10-26
|
| 1346392
|
|
server that tries ntlm over h2 needs an h1 fallback
|
Core
|
Networking
|
u408661
|
RESO
|
FIXE
|
2017-10-27
|
| 1349921
|
|
Cached iframe executes previously loaded and dynamically inserted scripts, makes network calls before "onload" event.
|
Core
|
Networking
|
u408661
|
RESO
|
FIXE
|
2017-08-07
|
| 1360574
|
|
Firefox stops working after 900 connections when using NTLM proxy
|
Core
|
Networking
|
u408661
|
RESO
|
FIXE
|
2017-10-27
|
| 1359697
|
|
Don't poll for captive portal detection
|
Core
|
Networking
|
valentin.gosu
|
RESO
|
FIXE
|
2017-05-28
|
| 1345222
|
|
ClearType rendering broken and inconsistent with OS settings
|
Core
|
Graphics
|
VYV03354
|
RESO
|
FIXE
|
2018-01-23
|
| 1426719
|
|
Latest insider build of Windows 10 (17063) breaks sound playback completely
|
Core
|
Audio/Video
|
achronop
|
VERI
|
FIXE
|
2018-03-12
|
| 1337392
|
|
in a pre filled textbox, cursor is behind all text, previously it was on the first position
|
Core
|
DOM: Core & HTML
|
afarre
|
VERI
|
FIXE
|
2017-06-23
|
| 1047098
|
|
'Clear Recent History' with 'Cache' or 'Offline Website Data' doesn't clear QuotaManager storage and ServiceWorkers
|
Core
|
DOM: Core & HTML
|
amarchesini
|
VERI
|
FIXE
|
2021-08-09
|
| 1338144
|
|
disable service workers and push notifications on 52 ESR
|
Core
|
DOM: Service Workers
|
amarchesini
|
VERI
|
FIXE
|
2018-04-30
|
| 1419363
|
|
heap-use-after-free in mozilla::dom::HTMLMediaElement::NotifyMediaStreamTracksAvailable
|
Core
|
Audio/Video: MediaSt
|
apehrson
|
VERI
|
FIXE
|
2024-05-30
|
| 1394530
|
|
Assertion failure: this->is<T>(), at js/src/jsobj.h:575 with Promise
|
Core
|
JavaScript Engine
|
arai.unmht
|
VERI
|
FIXE
|
2023-12-06
|
| 1449898
|
|
Race condition in PDF Viewer allows circumventing same-origin policy for PDF files
|
Firefox
|
PDF Viewer
|
bdahl
|
VERI
|
FIXE
|
2024-05-30
|
| 1308761
|
|
Re-enable non-Flash plugins for ESR52
|
Core Graveyard
|
Plug-ins
|
benjamin
|
VERI
|
FIXE
|
2022-05-16
|
| 1378826
|
|
Removing the last track from a recorder results in crash
|
Core
|
Audio/Video: Recordi
|
brycebugemail
|
VERI
|
FIXE
|
2018-02-01
|
| 1375708
|
|
Netflix broken on Linux in Firefox 54
|
Core
|
Audio/Video: GMP
|
chris
|
VERI
|
FIXE
|
2017-07-06
|
| 1432358
|
|
Universal CSP strict-dynamic bypass via require.js of browser resource
|
Core
|
DOM: Security
|
ckerschb
|
VERI
|
FIXE
|
2024-05-30
|
| 1407740
|
|
Crash with failed "@mozilla.org/docshell;1" instance
|
Core
|
DOM: Navigation
|
continuation
|
VERI
|
FIXE
|
2018-08-28
|
| 1433005
|
|
Crash when WebRTC RTP payload type is incorrect
|
Core
|
WebRTC
|
dminor
|
VERI
|
FIXE
|
2019-05-24
|
| 1423086
|
|
Use After Free in PeerConnectionImpl::DTMFSendTimerCallback_m()
|
Core
|
WebRTC: Signaling
|
docfaraday
|
VERI
|
FIXE
|
2024-05-30
|
| 1363723
|
|
heap-use-after-free in mozilla::a11y::DocAccessible::DoARIAOwnsRelocation
|
Core
|
Disability Access AP
|
eitan
|
VERI
|
FIXE
|
2024-05-30
|
| 1376163
|
|
[10.13] No audio playback on YouTube, no audio/video on Netflix (macOS High Sierra 10.13 Beta)
|
Core
|
Security: Process Sa
|
haftandilian
|
VERI
|
FIXE
|
2017-10-09
|
| 1392988
|
|
Firefox 55.02 on macOS High Sierra cannot play AES encrypted video
|
Core
|
Audio/Video: Playbac
|
haftandilian
|
VERI
|
FIXE
|
2017-10-09
|
| 1409951
|
|
crash and potential UAF in [@ nsPlainTextSerializer::ScanElementForPreformat]
|
Core
|
DOM: Core & HTML
|
hsivonen
|
VERI
|
FIXE
|
2019-06-03
|
| 1435946
|
|
/build/pgo/certs/pgoca.ca expires 2018-05-18
|
Firefox Build System
|
General
|
jc
|
VERI
|
FIXE
|
2019-02-05
|
| 1447989
|
|
Crash [@ js::ReportMagicWordFailure] or Crash [@ js::ConstraintTypeSet::addType] with GC
|
Core
|
JavaScript Engine
|
jdemooij
|
VERI
|
FIXE
|
2023-12-06
|
| 1360309
|
|
Security issue: Domain spoofing thanks to U+0F8C rendered as space on Mac
|
Firefox
|
Address Bar
|
jfkthame
|
VERI
|
FIXE
|
2024-05-30
|
| 1422389
|
|
AddressSanitizer: negative-size-param near [@ mozilla::MediaEngineDefaultVideoSource::Notify]
|
Core
|
WebRTC: Audio/Video
|
jib
|
VERI
|
FIXE
|
2020-02-28
|
| 1447080
|
|
Security: SEE_MASK_FLAG_NO_UI behavior changes in Windows 10, allowing SmartScreen bypass
|
Core
|
Widget: Win32
|
jmathies
|
VERI
|
FIXE
|
2019-01-15
|
| 1459383
|
|
Use After Free in indexedDB
|
Core
|
Storage: IndexedDB
|
jvarga
|
VERI
|
FIXE
|
2024-05-30
|
| 1452619
|
|
SyntaxError when creating literal RegExp in eval
|
Core
|
JavaScript Engine
|
jwalden
|
VERI
|
FIXE
|
2021-05-04
|
| 1367128
|
|
Crash in OOM | large | mozalloc_abort | mozalloc_handle_oom | moz_xrealloc | nsTArray_base<T>::EnsureCapacity<T> | nsTArray_Impl<T>::AppendElement<T> | mp4_demuxer::MoofParser::RebuildFragmentedIndex
|
Core
|
Audio/Video: Playbac
|
jya-moz
|
VERI
|
FIXE
|
2017-07-28
|
| 1395508
|
|
Firefox address bar spoof using RTL language and references
|
Firefox
|
Address Bar
|
mak
|
VERI
|
FIXE
|
2024-05-30
|
| 1415133
|
|
Downgrading Firefox 57 to 52 ESR loses bookmarks
|
Firefox
|
Bookmarks & History
|
mak
|
VERI
|
FIXE
|
2018-04-09
|
| 1437842
|
|
Crash [@ ??] with GC and TypedArray constructors
|
Core
|
JavaScript Engine
|
mgaudet
|
VERI
|
FIXE
|
2023-12-06
|
| 1345413
|
|
Crash in nsDependentCString::nsDependentCString
|
Toolkit
|
Startup and Profile
|
mh+mozilla
|
VERI
|
FIXE
|
2018-06-15
|
| 1346648
|
|
ClearKeyDecryptor Integer Overflow Remote (ZDI-CAN-4535)
|
Core
|
Audio/Video: Playbac
|
mozbugz
|
VERI
|
FIXE
|
2017-10-26
|
| 1399400
|
|
heap-use-after-free in nsGenericHTMLElement::GetFormControlFrame
|
Core
|
DOM: Core & HTML
|
mrbkap
|
VERI
|
FIXE
|
2024-05-30
|
| 1369771
|
|
Confirm launching executable more often on Windows
|
Firefox
|
Downloads Panel
|
mstriemer
|
VERI
|
FIXE
|
2018-06-25
|
| 1414619
|
|
Assertion failure: isAttached(), at js/src/builtin/TypedObject.cpp:1342
|
Core
|
JavaScript Engine
|
nobody
|
VERI
|
FIXE
|
2023-12-06
|
| 1437450
|
|
Assertion failure: startOfUninitialized <= nfixed, at js/src/jit/MacroAssembler.cpp:1163
|
Core
|
JavaScript Engine: J
|
nobody
|
VERI
|
FIXE
|
2023-12-06
|
| 1465458
|
|
Inconsistent MIME type handling across platforms, failing to open downloaded file on Windows
|
Firefox
|
File Handling
|
paolo.mozmail
|
VERI
|
FIXE
|
2018-08-29
|
| 1387427
|
|
heap-use-after-free in txNameTest::matches
|
Core
|
XSLT
|
peterv
|
VERI
|
FIXE
|
2024-05-30
|
| 1448705
|
|
speex: heap-buffer-overflow in resampler_basic_direct_single
|
Core
|
Audio/Video: Playbac
|
rjesup
|
VERI
|
FIXE
|
2019-05-24
|
| 1414452
|
|
Assertion failure: IsIdle(oldState), at /build/src/xpcom/ds/PLDHashTable.h:132
|
Core
|
DOM: Core & HTML
|
smaug
|
VERI
|
FIXE
|
2019-03-13
|
| 1381016
|
|
Youtube Live video stops after about 5-10 minutes
|
Core
|
Networking: HTTP
|
u408661
|
VERI
|
FIXE
|
2017-09-15
|
| 1414425
|
|
Resource Timing API leaks URL after subframe navigation again
|
Core
|
Networking: HTTP
|
valentin.gosu
|
VERI
|
FIXE
|
2024-05-30
|
| 1452075
|
|
PDF Viewer will run code from PDF files, missing validation for /Domain and /Range parameters
|
Firefox
|
PDF Viewer
|
ydelendik
|
VERI
|
FIXE
|
2024-05-30
|
| 1373220
|
|
Crash in nsCOMPtr_base::assign_with_AddRef | nsBaseWidget::AddChild
|
Core
|
Widget: Win32
|
davidp99
|
VERI
|
FIXE
|
2018-04-03
|
| 1406750
|
|
heap-use-after-free in GetContentRectRelativeToSelf
|
Core
|
CSS Parsing and Comp
|
emilio
|
VERI
|
FIXE
|
2024-05-30
|
| 1366203
|
|
Changing URL locations while a page is loading temporarily reverts the URL
|
Firefox
|
Address Bar
|
gijskruitbosch+bugs
|
VERI
|
FIXE
|
2017-07-05
|
| 1331209
|
|
Crash in mozilla::ipc::MessageChannel::CxxStackFrame::CxxStackFrame | mozilla::ipc::MessageChannel::Send | mozilla::dom::asmjscache::PAsmJSCacheEntryParent::SendOnOpenMetadataForRead
|
Core
|
JavaScript Engine
|
mail
|
VERI
|
FIXE
|
2018-08-28
|
| 1343256
|
|
Bookmark keywords disappear from one bookmark when adding a keyword to another bookmark
|
Firefox
|
Bookmarks & History
|
mak
|
VERI
|
FIXE
|
2017-05-29
|
| 1310454
|
|
Japanese IMEs spontaneously switch to Hiragana while typing in the address bar
|
Core
|
Widget: Win32
|
masayuki
|
VERI
|
FIXE
|
2017-06-06
|
| 1301056
|
|
[e10s] Link with target="_blank" to download a file leaves a about:blank window/tab open after the download
|
Firefox
|
File Handling
|
mrbkap
|
VERI
|
FIXE
|
2017-06-27
|
| 1355340
|
|
mouse scroll slow, inaccurate, dropping ticks, jumping
|
Core
|
Widget: Cocoa
|
mstange.moz
|
VERI
|
FIXE
|
2017-06-26
|
| 1438025
|
|
browser.downloads.download should remove \u202E (RLO) chars
|
WebExtensions
|
Untriaged
|
tomica
|
VERI
|
FIXE
|
2024-05-30
|
| 1386905
|
|
stylo: Assertion failure: !mInStyleRefresh
|
Core
|
CSS Parsing and Comp
|
xidorn+moz
|
VERI
|
FIXE
|
2017-09-05
|
| 1407751
|
|
Crash with failed "@mozilla.org/net/osfileconstantsservice;1" and "@mozilla.org/places/colorAnalyzer;1" instances
|
Core
|
XPCOM
|
amarchesini
|
VERI
|
FIXE
|
2018-08-28
|
| 1318845
|
|
[e10s] Print output are garbage
|
Core
|
Printing: Output
|
gw
|
VERI
|
FIXE
|
2022-09-09
|
| 1393840
|
|
Assertion failure: mList.GetChildren()->GetTop()->GetType() == DisplayItemType::TYPE_TRANSFORM
|
Core
|
Web Painting
|
u459114
|
VERI
|
FIXE
|
2018-08-28
|
| 1355576
|
|
Implement clearing of LocalStorage in browsingData API
|
WebExtensions
|
Compatibility
|
wisniewskit
|
VERI
|
FIXE
|
2018-06-19
|
| 1462912
|
|
permafail many crashes [@ mozilla::BufferList<InfallibleAllocPolicy>::Extract(mozilla::BufferList<InfallibleAllocPolicy>::IterImpl &,unsigned int,bool *)] on opt when Gecko 62 merges to Beta on 2018-06-14
|
Core
|
IPC
|
alex.gaynor
|
VERI
|
FIXE
|
2018-06-07
|
| 1349862
|
|
XMLHttpRequest returning corrupt data for large blobs
|
Core
|
DOM: Core & HTML
|
amarchesini
|
VERI
|
FIXE
|
2017-04-20
|
| 1453127
|
|
SEGV in mozilla::MediaEncoder::AudioTrackListener::NotifyRealtimeTrackData
|
Core
|
WebRTC: Audio/Video
|
apehrson
|
VERI
|
FIXE
|
2024-05-30
|
| 1368732
|
|
Assertion failure: args[1].isString(), at js/src/builtin/RegExp.cpp:1116 with Intl
|
Core
|
JavaScript Engine
|
arai.unmht
|
VERI
|
FIXE
|
2023-12-06
|
| 1175418
|
|
Contenteditable: Typing beside a text node creates a new text node
|
Core
|
DOM: Editor
|
ayg
|
VERI
|
FIXE
|
2017-05-11
|
| 1450534
|
|
Aborting load potentially exposes PDF Viewer APIs to webpages
|
Firefox
|
PDF Viewer
|
bdahl
|
VERI
|
FIXE
|
2024-05-30
|
| 1437507
|
|
Assertion failure: !shape->inDictionary(), at js/src/vm/Shape.cpp:271
|
Core
|
JavaScript Engine
|
bhackett1024
|
VERI
|
FIXE
|
2023-12-06
|
| 1342395
|
|
Crash in the content process when printing a pdf document
|
Core
|
Printing: Output
|
bobowencode
|
VERI
|
FIXE
|
2017-03-24
|
| 1443092
|
|
heap-use-after-free in nsIFrame::GetClipPropClipRect
|
Core
|
Web Painting
|
botond
|
VERI
|
FIXE
|
2024-05-30
|
| 1368490
|
|
Write past end of allocation in InterleaveTrackData
|
Core
|
Audio/Video: Playbac
|
brycebugemail
|
VERI
|
FIXE
|
2024-05-30
|
| 1218437
|
|
Firefox crash by checking x instanceof Components.Exception when x is not an object
|
Core
|
XPConnect
|
bzbarsky
|
VERI
|
FIXE
|
2017-10-26
|
| 1328861
|
|
Crash in arena_dalloc | mozilla::binding_danger::TErrorResult<T>::ClearDOMExceptionInfo
|
Core
|
DOM: Core & HTML
|
bzbarsky
|
VERI
|
FIXE
|
2019-03-13
|
| 1371259
|
|
heap-use-after-free in nsComputedDOMStyle::UpdateCurrentStyleSources
|
Core
|
DOM: Core & HTML
|
bzbarsky
|
VERI
|
FIXE
|
2024-05-30
|
| 1378147
|
|
heap-use-after-free in mozilla::dom::ImageDocument::UpdateSizeFromLayout
|
Core
|
DOM: Core & HTML
|
bzbarsky
|
VERI
|
FIXE
|
2024-05-30
|
| 1453339
|
|
Assertion failure: js::GetObjectCompartment(aGlobal->GetGlobalJSObject()) == js::GetObjectCompartment(aPromiseObj), at /builds/worker/workspace/build/src/dom/promise/Promise.cpp:450
|
Core
|
DOM: Core & HTML
|
bzbarsky
|
VERI
|
FIXE
|
2019-03-13
|
| 1464784
|
|
heap-use-after-free in nsINode::Append
|
Core
|
DOM: Core & HTML
|
bzbarsky
|
VERI
|
FIXE
|
2024-05-30
|
| 1353312
|
|
logical property on pseudo-element that disallows it (e.g., border-inline-* on ::first-line) causes access violation at 0x14141414
|
Core
|
CSS Parsing and Comp
|
cam
|
VERI
|
FIXE
|
2024-05-30
|
| 1425000
|
|
heap-use-after-free in gfxUserFontEntry::DoLoadNextSrc
|
Core
|
DOM: CSS Object Mode
|
cam
|
VERI
|
FIXE
|
2024-05-30
|
| 1346620
|
|
Netflix has never worked on Firefox: "The WidevineCdm plugin has crashed."
|
Core
|
Audio/Video: GMP
|
chris
|
VERI
|
FIXE
|
2017-08-04
|
| 1408005
|
|
Crash with failed "@mozilla.org/downloads/application-reputation-service;1" instance
|
Toolkit
|
Downloads API
|
continuation
|
VERI
|
FIXE
|
2018-08-28
|
| 1408017
|
|
Crash with failed "@mozilla.org/startupcache/cache;1" instances
|
Core
|
XPCOM
|
continuation
|
VERI
|
FIXE
|
2018-08-28
|
| 1342661
|
|
Out of bound read in nsBinHexDecoder::DetectContentType
|
Core
|
Networking
|
daniel
|
VERI
|
FIXE
|
2024-05-30
|
| 1344461
|
|
Heap buffer overflow in nsDirIndexParser::ParseData
|
Core
|
Networking
|
daniel
|
VERI
|
FIXE
|
2024-05-30
|
| 1346419
|
|
Assertion failure: mLength > 0 (|First()| called on an empty string)
|
Core
|
Networking
|
daniel
|
VERI
|
FIXE
|
2017-10-26
|
| 1343330
|
|
some icons are display as encoding in print preview window
|
Toolkit
|
Printing
|
dao+bmo
|
VERI
|
FIXE
|
2017-04-11
|
| 1351827
|
|
Current about:home page still uses the old mozilla logo
|
Firefox
|
General
|
dao+bmo
|
VERI
|
FIXE
|
2017-08-28
|
| 1412252
|
|
heap-use-after-free in nsComputedDOMStyle::UpdateCurrentStyleSources
|
Core
|
DOM: CSS Object Mode
|
emilio
|
VERI
|
FIXE
|
2024-05-30
|
| 1449548
|
|
Lightweight themes can be installed automatically, without user's consent
|
Toolkit
|
Add-ons Manager
|
gijskruitbosch+bugs
|
VERI
|
FIXE
|
2024-05-30
|
| 1404481
|
|
Audios/Videos are crashing on FF ESR 52 on a Mac 10.13 device
|
Core
|
Audio/Video: Playbac
|
haftandilian
|
VERI
|
DUPL
|
2017-10-05
|
| 1351462
|
|
Don't reuse a connection that has not finished an NTLM authentication (may lead to proxy or server confusion, we may open prompt)
|
Core
|
Networking
|
honzab.moz
|
VERI
|
FIXE
|
2018-04-04
|
| 1354796
|
|
Right-click new tab loses URL information if site is down
|
Core
|
Networking
|
honzab.moz
|
VERI
|
FIXE
|
2017-08-08
|
| 1334246
|
|
Write beyond stack bounds caused by nsScannerString functions
|
Core
|
XML
|
hsivonen
|
VERI
|
FIXE
|
2024-05-30
|
| 1350844
|
|
Assertion failure: zone->gcSweepGroupEdges().empty(), at js/src/jsgc.cpp:4568 with nukeCCW
|
Core
|
JavaScript Engine
|
jcoppeard
|
VERI
|
FIXE
|
2023-12-06
|
| 1372112
|
|
XUL Injection in Inspector Image Tooltip
|
DevTools
|
Inspector
|
jdescottes
|
VERI
|
FIXE
|
2018-06-13
|
| 1342841
|
|
Lao script rendering issue; vowel misplacement
|
Core
|
Graphics: Text
|
jfkthame
|
VERI
|
FIXE
|
2017-03-24
|
| 1345461
|
|
Graphite2 FeatureRef::applyValToFeature heap overflow
|
Core
|
Graphics: Text
|
jfkthame
|
VERI
|
FIXE
|
2024-05-30
|
| 1364283
|
|
Security: disallow "Canadian Syllabics" unicode block from IDN domains
|
Core
|
Networking
|
jfkthame
|
VERI
|
FIXE
|
2024-05-30
|
| 1459162
|
|
heap-buffer-overflow in mozilla::dom::CanvasRenderingContext2D::PutImageData
|
Core
|
Graphics: Canvas2D
|
jfkthame
|
VERI
|
FIXE
|
2024-05-30
|
| 1357090
|
|
Out-of-bounds array access in WebGLTexture::ImageInfoAtFace
|
Core
|
Graphics: CanvasWebG
|
jgilbert
|
VERI
|
FIXE
|
2024-05-30
|
| 1341191
|
|
Feed Reader IPC can be used to bypass process sandboxing
|
Firefox Graveyard
|
RSS Discovery and Pr
|
jonathan
|
VERI
|
FIXE
|
2018-12-20
|
| 1365189
|
|
type confusion in mozilla::SVGGeometryFrame::GetCanvasTM
|
Core
|
SVG
|
jwatt
|
VERI
|
FIXE
|
2024-05-30
|
| 1430557
|
|
heap-buffer-overflow in DOMSVGPathSegCurvetoCubicAbs
|
Core
|
SVG
|
jwatt
|
VERI
|
FIXE
|
2024-05-30
|
| 1353088
|
|
Crash in vcruntime140.dll@0xc387 | nsTArray_base<T>::ShiftData<T> | nsTArray_Impl<T>::RemoveElementsAt | mozilla::TrackBuffersManager::InitializationSegmentReceived
|
Core
|
Audio/Video: Playbac
|
jya-moz
|
VERI
|
FIXE
|
2017-10-26
|
| 1436241
|
|
Firefox allows flash to follow 307 redirects to other origins with arbitrary content-types
|
Core Graveyard
|
Plug-ins
|
kyle
|
VERI
|
FIXE
|
2022-05-16
|
| 1448774
|
|
heap-use-after-free in mozilla::CharIterator::GetOriginalGlyphOffsets
|
Core
|
SVG
|
longsonr
|
VERI
|
FIXE
|
2024-05-30
|
| 1418447
|
|
Heap overflow write in SkEdgeBuilder::buildPoly
|
Core
|
Graphics
|
lsalzman
|
VERI
|
FIXE
|
2024-05-30
|
| 1343642
|
|
heap-use-after-free in nsFrameSelection::PhysicalMove
|
Core
|
DOM: Editor
|
masayuki
|
VERI
|
FIXE
|
2024-05-30
|
| 1346499
|
|
KeyboardEvent.ctrlKey of "keypress" event at Ctrl + Space on Windows should be true unless it doesn't cause different character without Ctrl key
|
Core
|
Widget: Win32
|
masayuki
|
VERI
|
FIXE
|
2017-05-04
|
| 1354443
|
|
Investigate the lifetime of nsPrintEngine, nsPrintData and nsPrintObject if they're really safe
|
Core
|
Printing: Output
|
masayuki
|
VERI
|
FIXE
|
2018-02-01
|
| 1359547
|
|
heap-use-after-free in mozilla::IMEContentObserver::HandleQueryContentEvent
|
Core
|
DOM: UI Events & Foc
|
masayuki
|
VERI
|
FIXE
|
2024-05-30
|
| 1340186
|
|
heap-use-after-free in nsFrameManagerBase::UndisplayedMap::RemoveNodeFor
|
Core
|
DOM: Selection
|
MatsPalmgren_bugz
|
VERI
|
FIXE
|
2024-05-30
|
| 1343552
|
|
ASAN: out-of-bounds read in gfxTextRun (after "ASSERTION: Invalid offset" and "ASSERTION: Substring out of range")
|
Core
|
Layout: Text and Fon
|
MatsPalmgren_bugz
|
VERI
|
FIXE
|
2018-07-02
|
| 1371890
|
|
out of bounds read in [@ PR_FormatTimeUSEnglish]
|
Core Graveyard
|
Networking: FTP
|
michal.novotny
|
VERI
|
FIXE
|
2024-02-08
|
| 1361326
|
|
DLL Hijacking Firefox installer
|
Firefox
|
Installer
|
molly
|
VERI
|
FIXE
|
2024-05-30
|
| 1359837
|
|
If xpinstall.enabled is false and locked, pages should not be able to use mozAddonManager
|
Toolkit
|
Add-ons Manager
|
mozilla
|
VERI
|
FIXE
|
2018-03-07
|
| 1336622
|
|
Pixelstealing and history-stealing through floating-point timing side channel with SVG filters.
|
Core
|
SVG
|
mstange.moz
|
VERI
|
FIXE
|
2020-10-07
|
| 1389908
|
|
macOS: HTML color picker crashes Firefox
|
Core
|
Widget: Cocoa
|
mstange.moz
|
VERI
|
FIXE
|
2018-07-03
|
| 1342057
|
|
DataTransfer.items always uses application/x-moz-file as mime-type for file items
|
Core
|
DOM: Events
|
nika
|
VERI
|
FIXE
|
2017-05-18
|
| 1215648
|
|
Maintenance Service helper.exe File Deletion Elevation of Privilege
|
Firefox
|
Installer
|
nobody
|
VERI
|
FIXE
|
2024-05-30
|
| 1332597
|
|
Crash [@ MustSkipMarking<js::jit::JitCode*>] or Assertion failure: addr % CellSize == 0, at gc/Heap.h:1168 with Workers
|
Core
|
JavaScript Engine
|
nobody
|
VERI
|
FIXE
|
2023-12-06
|
| 1338383
|
|
Assertion failure: zone->gcZoneGroupEdges().empty(), at js/src/jsgc.cpp:4511
|
Core
|
JavaScript: GC
|
nobody
|
VERI
|
FIXE
|
2023-12-06
|
| 1357022
|
|
Assertion failure: obj->is<CrossCompartmentWrapperObject>(), at js/src/jscompartment.cpp:433 with nukeCCW
|
Core
|
JavaScript Engine
|
nobody
|
VERI
|
FIXE
|
2023-12-06
|
| 1366903
|
|
Crash [@ JSObject::finalize] or Assertion failure: obj->getElementsHeader()->ownerObject() != obj, at js/src/vm/NativeObject.cpp:977
|
Core
|
JavaScript Engine
|
nobody
|
VERI
|
FIXE
|
2023-12-06
|
| 1368576
|
|
Assertion failure: !ins->hasDefUses(), at js/src/jit/TypePolicy.cpp:302
|
Core
|
JavaScript Engine
|
nobody
|
VERI
|
FIXE
|
2023-12-06
|
| 1369994
|
|
Assertion failure: isInt32(), at dist/include/js/Value.h:605
|
Core
|
JavaScript Engine
|
nobody
|
VERI
|
FIXE
|
2023-12-06
|
| 1371586
|
|
XUL injection in StyleEditorUI.jsm
|
DevTools
|
Style Editor
|
ntim.bugs
|
VERI
|
FIXE
|
2018-06-13
|
| 1468217
|
|
.SettingContent-ms file extension bypasses 'dangerous file' prompt leading to WebExt RCE
|
WebExtensions
|
Untriaged
|
paolo.mozmail
|
VERI
|
FIXE
|
2024-05-30
|
| 1336828
|
|
UAF in nsAutoPtr destructor during XSLT processing
|
Core
|
XSLT
|
peterv
|
VERI
|
FIXE
|
2024-05-30
|
| 1336830
|
|
UAF in nsTArray Length() during XSLT processing
|
Core
|
XSLT
|
peterv
|
VERI
|
FIXE
|
2024-05-30
|
| 1336832
|
|
UAF in txExecutionState destructor during XSLT processing
|
Core
|
XSLT
|
peterv
|
VERI
|
FIXE
|
2024-05-30
|
| 1445278
|
|
Search is broken on Firefox 52.7.0 - Italian build
|
Firefox
|
Search
|
ryanvm
|
VERI
|
FIXE
|
2018-03-14
|
| 1354294
|
|
Crashes (null Deref) in ScriptedProxyHandler::construct with lastpass addon
|
Core
|
JavaScript Engine
|
shu
|
VERI
|
FIXE
|
2021-11-29
|
| 1362590
|
|
Crash at weird memory address or Assertion failure: index < length_, at js/src/jit/FixedList.h:83
|
Core
|
JavaScript Engine
|
shu
|
VERI
|
FIXE
|
2023-12-06
|
| 1322896
|
|
(cross domain) Iframe breakes scope on location.reload
|
Core
|
DOM: Navigation
|
smaug
|
VERI
|
FIXE
|
2024-05-30
|
| 1346654
|
|
heap-use-after-free in nsFrameSelection::MoveCaret
|
Core
|
DOM: Selection
|
smaug
|
VERI
|
FIXE
|
2024-05-30
|
| 1349946
|
|
heap-use-after-free in nsFocusManager::CheckIfFocusable
|
Core
|
DOM: Core & HTML
|
smaug
|
VERI
|
FIXE
|
2024-05-30
|
| 1350683
|
|
heap-use-after-free in nsTransactionManager::EndTransaction
|
Core
|
DOM: Editor
|
smaug
|
VERI
|
FIXE
|
2024-05-30
|
| 1355039
|
|
heap-use-after-free in mozilla::net::PredictorLearn
|
Core
|
DOM: Navigation
|
smaug
|
VERI
|
FIXE
|
2024-05-30
|
| 1363396
|
|
heap-use-after-free in nsDocViewerSelectionListener::NotifySelectionChanged
|
Core
|
Layout
|
smaug
|
VERI
|
FIXE
|
2024-05-30
|
| 1423159
|
|
heap-use-after-free in mozilla::CreateMouseOrPointerWidgetEvent
|
Core
|
DOM: Events
|
smaug
|
VERI
|
FIXE
|
2024-05-30
|
| 1342472
|
|
It is no longer possible to use backspace on Mac to delete a site exception (AppConstants is undefined)
|
Firefox
|
Settings UI
|
standard8
|
VERI
|
FIXE
|
2017-05-30
|
| 1376399
|
|
Hard crash in FF 54 and Nightly 56 on Windows 7
|
Core
|
Graphics: CanvasWebG
|
svargas
|
VERI
|
FIXE
|
2017-11-28
|
| 1446062
|
|
ZDI-CAN-5822 - Mozilla Firefox Audio Driver Out of Bounds
|
Core
|
Audio/Video
|
tdaede
|
VERI
|
FIXE
|
2018-11-07
|
| 1446068
|
|
ZDI-CAN-5823 - Mozilla Firefox Audio Driver Out of Bounds (variant)
|
Core
|
Audio/Video
|
tdaede
|
VERI
|
FIXE
|
2018-11-05
|
| 1376087
|
|
heap-use-after-free in nsImageLoadingContent::Notify
|
Core
|
DOM: Core & HTML
|
tnikkel
|
VERI
|
FIXE
|
2024-05-30
|
| 1427870
|
|
Reduce precision of performance.now() to 20us
|
Core
|
DOM: Core & HTML
|
tom
|
VERI
|
FIXE
|
2019-03-13
|
| 1343505
|
|
Firefox crashed when encounter immature HTTP/2 server send DATA frame padding length large than payload length
|
Core
|
Networking: HTTP
|
u408661
|
VERI
|
FIXE
|
2024-05-30
|
| 1408990
|
|
Resource Timing API leaks URL after subframe navigation
|
Core
|
Networking
|
valentin.gosu
|
VERI
|
FIXE
|
2024-05-30
|
| 1347617
|
|
Memory disclosure in ConvolvePixel
|
Core
|
Graphics
|
vincent.liu1013
|
VERI
|
FIXE
|
2017-09-25
|
| 1365602
|
|
heap-use-after-free in nsQuoteList::RecalcAll
|
Core
|
Layout
|
xidorn+moz
|
VERI
|
FIXE
|
2024-05-30
|
