Sat Apr 19 2025 11:02:04 PDT
  • Bug ID: 1332569, 1315248, 1261335, 1321038, 1331771, 1339566, 1339591, 1240893, 1341905, 1323241, 1336467, 1270288, 1295299, 1296024, 1304201, 1306142, 1307557, 1308036, 1334246, 1334290, 1317085, 1339116, 1324000, 1323150, 1332501, 1320894, 1333752, 1303713, 1321566, 1264053, 1343513

31 bugs found.
ID Type Summary Product Comp Assignee Status Resolution Updated
1341905 CertVerifier::VerifyCertificateTransparencyPolicy assumes if builtChain is non-empty, then it has at least 2 elements (which it may not) Core Security: PSM dkeeler RESO FIXE 2017-10-26
1306142 Failure to check return code in u2f.cpp can cause security breaches Core DOM: Security jc RESO FIXE 2024-05-30
1333752 Incorrect size for memset in VCMRttFilter::Reset() and libvpx Core WebRTC: Audio/Video rjesup RESO FIXE 2018-08-24
1315248 Crash in mozilla::dom::UDPSocketParent::ConnectInternal Core DOM: Core & HTML drno RESO FIXE 2019-03-13
1270288 freetype2: use of uninitialised value in [@cf2_glyphpath_lineTo] Core Graphics: Text nobody RESO FIXE 2017-10-26
1343513 Integer overflow when validating length argument in TypedArray constructor Core JavaScript Engine andrebargull RESO FIXE 2017-11-03
1317085 Assertion failure: unwrapped->isAsync(), at js/src/vm/AsyncFunction.cpp:225 Core JavaScript Engine arai.unmht RESO FIXE 2017-10-26
1339116 Crash in RefPtr<T>::~RefPtr<T> | mozilla::dom::workers::ServiceWorkerPrivate::NoteIdleWorkerCallback Core DOM: Service Workers ben RESO FIXE 2017-10-26
1321566 e10s Crash in nsPrintEngine::PrePrintPage Core Printing: Output bobowencode RESO FIXE 2017-10-26
1324000 Crash in nsPrintEngine::DonePrintingPages Core Printing: Output bobowencode RESO FIXE 2017-10-26
1307557 Out-of-bounds access in Element::DescribeAttribute() Core DOM: Core & HTML botond RESO FIXE 2024-05-30
1339591 Possible UAFs with AutoRestore in SMIL code Core Layout brian RESO FIXE 2018-08-29
1331771 WrapperOwner::ok() does not properly handle ReturnObjectOpResult Core JavaScript Engine continuation RESO FIXE 2017-10-26
1339566 Use-after-free in nsDocShell::CreateAboutBlankViewer Core Layout dholbert RESO FIXE 2017-10-26
1308036 Overflows in nsSupportsArray could cause buffer overruns Core XPCOM ericrahm+bz RESO FIXE 2024-05-30
1323150 Crash [@ ReadDBEntry ] NSS Libraries franziskuskiefer RESO FIXE 2021-08-20
1332501 ContentPrefServiceParent calls arbitrary (content-process-controlled) methods on nsIContentPrefService2 Toolkit Preferences gijskruitbosch+bugs RESO FIXE 2017-10-26
1303713 Array out-of-bounds memory read/write/exec in CamerasParent Core Audio/Video gpascutto RESO FIXE 2022-01-04
1334290 Truncation in nsScanner Core XML hsivonen RESO FIXE 2024-05-30
1323241 Don't report that cells are gray when we don't know Core JavaScript: GC jcoppeard RESO FIXE 2017-10-26
1336467 CC weakmap fixup blackens weakmap keys with black delegates even when the map is gray Core JavaScript: GC jcoppeard RESO FIXE 2017-10-26
1295299 [harfbuzz] Assertion `i <= out_len + (len - idx)' failed [@hb_buffer_t::move_to] Core Graphics: Text jfkthame RESO FIXE 2017-10-26
1320894 CacheFileIOManager::WriteInternal writes uninitialised padding bytes to disk Core Networking: Cache michal.novotny RESO FIXE 2017-10-26
1304201 Out-of-bounds access in nsWebBrowser::RemoveWebBrowserListener() Core Graveyard Embedding: APIs myk RESO FIXE 2024-05-30
1296024 [harfbuzz] Assertion `end == match_positions[idx]' failed [@OT::apply_lookup] Core Graphics: Text nobody RESO FIXE 2017-10-26
1261335 Assertion failure: rn != scratch, at js/src/jit/arm/MacroAssembler-arm.cpp:1193 Core JavaScript Engine: J stoklund RESO DUPL 2017-10-26
1240893 crash in PLDHashTable::Remove | mozilla::a11y::AccessibleWrap::Shutdown Core Disability Access AP tbsaunde+mozbugs RESO FIXE 2017-10-26
1332569 Assertion failure: !mDocElementContainingBlock (Shouldn't have a doc element containing block here), at nsCSSFrameConstructor.cpp:2389 Core XSLT tnikkel RESO FIXE 2017-10-26
1334246 Write beyond stack bounds caused by nsScannerString functions Core XML hsivonen VERI FIXE 2024-05-30
1321038 Assertion failure: !has(reg), at js/src/jit/RegisterSets.h:860 Core JavaScript Engine sean.stangl VERI FIXE 2023-12-06
1264053 MessagePort should support transferable objects in multi-e10s Core JavaScript Engine sphink VERI FIXE 2017-10-26
31 bugs found.