1488738
|
|
Outdated and Minified JavaScript
|
Firefox
|
Normandy Client
|
nobody
|
UNCO
|
---
|
2024-03-08
|
1406996
|
|
stylo: Investigate crash reports around Rust HashMaps
|
Core
|
CSS Parsing and Comp
|
nobody
|
NEW
|
---
|
2023-04-02
|
1445198
|
|
Review panel usage spoofing in Firefox
|
Firefox
|
Security
|
nobody
|
NEW
|
---
|
2022-10-11
|
552308
|
|
Possible integer overflows in WOFF
|
Core
|
Layout: Text and Fon
|
nobody
|
NEW
|
---
|
2022-10-10
|
793437
|
|
NS_ProxyRelease is security hazard
|
Core
|
XPCOM
|
nobody
|
NEW
|
---
|
2022-10-10
|
1274144
|
|
"ASSERTION: element already removed from map" with dir=auto
|
Core
|
DOM: Core & HTML
|
nobody
|
NEW
|
---
|
2022-10-11
|
1279994
|
|
reject UniquePtr<T> when we want to delete T specially
|
Developer Infrastruc
|
Source Code Analysis
|
nobody
|
NEW
|
---
|
2022-10-11
|
1463873
|
|
Systematically set CLOEXEC to prevent leaking file descriptors to fork+exec child processes
|
Core
|
General
|
nobody
|
NEW
|
---
|
2023-02-26
|
1730797
|
|
Using capped, unpartitioned thread-pools for cross-site and / or cross-profile communication
|
Core
|
Privacy: Anti-Tracki
|
nobody
|
NEW
|
---
|
2024-05-30
|
1895915
|
|
Audit cargo audit output
|
Firefox Build System
|
General
|
nobody
|
NEW
|
---
|
2024-05-21
|
1685446
|
|
gl.cc not built with ASan
|
Core
|
Graphics: WebRender
|
nobody
|
NEW
|
---
|
2024-04-01
|
652818
|
|
Science says we should do a security audit of nsContentUtils.cpp
|
Core
|
DOM: Core & HTML
|
nobody
|
NEW
|
---
|
2022-10-10
|
811529
|
|
Use safe memory cleanup to avoid removal of memset by VC++2010 /O2
|
NSS
|
Libraries
|
nobody
|
NEW
|
---
|
2023-11-06
|
834540
|
|
Do more validation of zip file names
|
Core
|
Networking: JAR
|
nobody
|
NEW
|
---
|
2022-10-10
|
1325617
|
|
SecMap - Identify steps for reproducibility
|
mozilla.org
|
Security Assurance
|
catlee
|
NEW
|
---
|
2024-06-09
|
1860860
|
|
[meta] Audit ContentParent IPC code with no coverage
|
Core
|
DOM: Content Process
|
continuation
|
NEW
|
---
|
2023-12-01
|
194449
|
|
POP Security Review Action Items
|
MailNews Core
|
Networking: POP
|
nobody
|
NEW
|
---
|
2022-11-15
|
330070
|
|
Investigate mail URLs for abusable actions
|
MailNews Core
|
Networking
|
nobody
|
NEW
|
---
|
2022-10-10
|
622012
|
|
News uris allow you to execute arbitrary commands on server
|
MailNews Core
|
Networking: NNTP
|
nobody
|
NEW
|
---
|
2022-10-10
|
919486
|
|
[tracking] Report signed integer overflows within our codebase
|
mozilla.org
|
Security Assurance:
|
nobody
|
NEW
|
---
|
2014-08-22
|
926593
|
|
"ASSERTION: Redraw with no canvas element or docshell!" with drawWindow, cycle collection
|
Core
|
Graphics
|
nobody
|
NEW
|
---
|
2022-10-11
|
984012
|
|
Consider removing the security.turn_off_all_security_so_that_viruses_can_take_over_this_computer pref
|
Core
|
XPConnect
|
nobody
|
NEW
|
---
|
2023-06-19
|
1017646
|
|
Somehow ensure that the assumption that nsTArray makes about its template argument (that it is memmovable) is correct
|
Core
|
XPCOM
|
nobody
|
NEW
|
---
|
2022-10-11
|
1324378
|
|
Add static analysis to check that var is not used after Send__delete__(var)
|
Developer Infrastruc
|
Source Code Analysis
|
nobody
|
NEW
|
---
|
2022-10-11
|
1745121
|
|
Malicious third-party CSS can allow text content to be exfiltrated (with e.g. custom web-fonts)
|
Core
|
Layout: Text and Fon
|
nobody
|
NEW
|
---
|
2022-03-27
|
1841706
|
|
StaticRefPtr<> can cause UAFs if used with concurrent threads
|
Core
|
XPCOM
|
nobody
|
NEW
|
---
|
2024-06-11
|
1878926
|
|
Evaluate expat CVE-2023-52425, CVE-2023-52426, & CVE-2024-28757 fixes
|
Core
|
XML
|
nobody
|
NEW
|
---
|
2024-06-02
|
858721
|
|
UXSS using carefully timed history navigations
|
Core
|
DOM: Navigation
|
smaug
|
NEW
|
---
|
2022-10-10
|
1177759
|
|
Fuzzing parts of NSS
|
mozilla.org
|
Security Assurance:
|
twsmith
|
NEW
|
---
|
2023-12-11
|
1544232
|
|
Possible vulnerabilities in allowing unbounded system resource usage for installed service workers
|
Core
|
DOM: Service Workers
|
bugmail
|
ASSI
|
---
|
Thu 21:34
|
1651987
|
|
[meta] Audit and convert incorrect uses of nsContentPolicyType::TYPE_OTHER
|
Core
|
DOM: Security
|
fbraun
|
ASSI
|
---
|
2022-04-11
|
1207753
|
|
[meta] Add static thread-safety lock/mutex analysis based on clang GUARDED_BY()
|
Core
|
XPCOM
|
rjesup
|
ASSI
|
---
|
2024-05-02
|
1267539
|
|
Strange error message in error console: Couldn't decrypt string.
|
Thunderbird
|
Security
|
nobody
|
REOP
|
---
|
2022-10-11
|