| 1341905
|
|
CertVerifier::VerifyCertificateTransparencyPolicy assumes if builtChain is non-empty, then it has at least 2 elements (which it may not)
|
Core
|
Security: PSM
|
dkeeler
|
RESO
|
FIXE
|
2017-10-26
|
| 1306142
|
|
Failure to check return code in u2f.cpp can cause security breaches
|
Core
|
DOM: Security
|
jc
|
RESO
|
FIXE
|
2024-05-30
|
| 1333752
|
|
Incorrect size for memset in VCMRttFilter::Reset() and libvpx
|
Core
|
WebRTC: Audio/Video
|
rjesup
|
RESO
|
FIXE
|
2018-08-24
|
| 1315248
|
|
Crash in mozilla::dom::UDPSocketParent::ConnectInternal
|
Core
|
DOM: Core & HTML
|
drno
|
RESO
|
FIXE
|
2019-03-13
|
| 1270288
|
|
freetype2: use of uninitialised value in [@cf2_glyphpath_lineTo]
|
Core
|
Graphics: Text
|
nobody
|
RESO
|
FIXE
|
2017-10-26
|
| 1343513
|
|
Integer overflow when validating length argument in TypedArray constructor
|
Core
|
JavaScript Engine
|
andrebargull
|
RESO
|
FIXE
|
2017-11-03
|
| 1317085
|
|
Assertion failure: unwrapped->isAsync(), at js/src/vm/AsyncFunction.cpp:225
|
Core
|
JavaScript Engine
|
arai.unmht
|
RESO
|
FIXE
|
2017-10-26
|
| 1339116
|
|
Crash in RefPtr<T>::~RefPtr<T> | mozilla::dom::workers::ServiceWorkerPrivate::NoteIdleWorkerCallback
|
Core
|
DOM: Service Workers
|
ben
|
RESO
|
FIXE
|
2017-10-26
|
| 1321566
|
|
e10s Crash in nsPrintEngine::PrePrintPage
|
Core
|
Printing: Output
|
bobowencode
|
RESO
|
FIXE
|
2017-10-26
|
| 1324000
|
|
Crash in nsPrintEngine::DonePrintingPages
|
Core
|
Printing: Output
|
bobowencode
|
RESO
|
FIXE
|
2017-10-26
|
| 1307557
|
|
Out-of-bounds access in Element::DescribeAttribute()
|
Core
|
DOM: Core & HTML
|
botond
|
RESO
|
FIXE
|
2024-05-30
|
| 1339591
|
|
Possible UAFs with AutoRestore in SMIL code
|
Core
|
Layout
|
brian
|
RESO
|
FIXE
|
2018-08-29
|
| 1331771
|
|
WrapperOwner::ok() does not properly handle ReturnObjectOpResult
|
Core
|
JavaScript Engine
|
continuation
|
RESO
|
FIXE
|
2017-10-26
|
| 1339566
|
|
Use-after-free in nsDocShell::CreateAboutBlankViewer
|
Core
|
Layout
|
dholbert
|
RESO
|
FIXE
|
2017-10-26
|
| 1308036
|
|
Overflows in nsSupportsArray could cause buffer overruns
|
Core
|
XPCOM
|
ericrahm+bz
|
RESO
|
FIXE
|
2024-05-30
|
| 1323150
|
|
Crash [@ ReadDBEntry ]
|
NSS
|
Libraries
|
franziskuskiefer
|
RESO
|
FIXE
|
2021-08-20
|
| 1332501
|
|
ContentPrefServiceParent calls arbitrary (content-process-controlled) methods on nsIContentPrefService2
|
Toolkit
|
Preferences
|
gijskruitbosch+bugs
|
RESO
|
FIXE
|
2017-10-26
|
| 1303713
|
|
Array out-of-bounds memory read/write/exec in CamerasParent
|
Core
|
Audio/Video
|
gpascutto
|
RESO
|
FIXE
|
2022-01-04
|
| 1334290
|
|
Truncation in nsScanner
|
Core
|
XML
|
hsivonen
|
RESO
|
FIXE
|
2024-05-30
|
| 1323241
|
|
Don't report that cells are gray when we don't know
|
Core
|
JavaScript: GC
|
jcoppeard
|
RESO
|
FIXE
|
2017-10-26
|
| 1336467
|
|
CC weakmap fixup blackens weakmap keys with black delegates even when the map is gray
|
Core
|
JavaScript: GC
|
jcoppeard
|
RESO
|
FIXE
|
2017-10-26
|
| 1295299
|
|
[harfbuzz] Assertion `i <= out_len + (len - idx)' failed [@hb_buffer_t::move_to]
|
Core
|
Graphics: Text
|
jfkthame
|
RESO
|
FIXE
|
2017-10-26
|
| 1320894
|
|
CacheFileIOManager::WriteInternal writes uninitialised padding bytes to disk
|
Core
|
Networking: Cache
|
michal.novotny
|
RESO
|
FIXE
|
2017-10-26
|
| 1304201
|
|
Out-of-bounds access in nsWebBrowser::RemoveWebBrowserListener()
|
Core Graveyard
|
Embedding: APIs
|
myk
|
RESO
|
FIXE
|
2024-05-30
|
| 1296024
|
|
[harfbuzz] Assertion `end == match_positions[idx]' failed [@OT::apply_lookup]
|
Core
|
Graphics: Text
|
nobody
|
RESO
|
FIXE
|
2017-10-26
|
| 1261335
|
|
Assertion failure: rn != scratch, at js/src/jit/arm/MacroAssembler-arm.cpp:1193
|
Core
|
JavaScript Engine: J
|
stoklund
|
RESO
|
DUPL
|
2017-10-26
|
| 1240893
|
|
crash in PLDHashTable::Remove | mozilla::a11y::AccessibleWrap::Shutdown
|
Core
|
Disability Access AP
|
tbsaunde+mozbugs
|
RESO
|
FIXE
|
2017-10-26
|
| 1332569
|
|
Assertion failure: !mDocElementContainingBlock (Shouldn't have a doc element containing block here), at nsCSSFrameConstructor.cpp:2389
|
Core
|
XSLT
|
tnikkel
|
RESO
|
FIXE
|
2017-10-26
|
| 1334246
|
|
Write beyond stack bounds caused by nsScannerString functions
|
Core
|
XML
|
hsivonen
|
VERI
|
FIXE
|
2024-05-30
|
| 1321038
|
|
Assertion failure: !has(reg), at js/src/jit/RegisterSets.h:860
|
Core
|
JavaScript Engine
|
sean.stangl
|
VERI
|
FIXE
|
2023-12-06
|
| 1264053
|
|
MessagePort should support transferable objects in multi-e10s
|
Core
|
JavaScript Engine
|
sphink
|
VERI
|
FIXE
|
2017-10-26
|