| 1325513
|
|
RTP header extensions potentially read out of bounds
|
Core
|
WebRTC
|
drno
|
RESO
|
FIXE
|
2017-10-26
|
| 1352295
|
|
mozilla::dom::CanvasRenderingContext2D is trivially exploitable
|
Core
|
Graphics: Canvas2D
|
MatsPalmgren_bugz
|
RESO
|
FIXE
|
2017-10-26
|
| 1348424
|
|
Crash in objc_msgSend | TitlebarDrawCallback
|
Core
|
Widget: Cocoa
|
mstange.moz
|
RESO
|
FIXE
|
2017-10-26
|
| 1366140
|
|
[TSF] Needs to grab TSF related objects during calling methods of them
|
Core
|
Widget: Win32
|
masayuki
|
RESO
|
FIXE
|
2017-10-26
|
| 1349266
|
|
AddressSanitizer: heap-buffer-overflow [@ GetParent] with READ of size 8
|
Core
|
DOM: Workers
|
amarchesini
|
RESO
|
FIXE
|
2020-02-28
|
| 1357462
|
|
Assertion failure: !denseElementsAreFrozen(), at /home/andre/git/mozilla-central/js/src/vm/NativeObject.h:1055
|
Core
|
JavaScript Engine
|
andrebargull
|
RESO
|
FIXE
|
2017-10-26
|
| 1297111
|
|
Invalid array access in nsExpirationTracker::RemoveObject()
|
Core
|
Graphics: ImageLib
|
bevistseng
|
RESO
|
FIXE
|
2017-10-26
|
| 1352556
|
|
Possible integer overflow in usage of MFGetAttributeSize results
|
Core
|
Audio/Video: GMP
|
chris
|
RESO
|
FIXE
|
2017-10-26
|
| 1359639
|
|
heap-buffer-overflow READ size 4 in [@ nsDirIndexParser::ParseData]
|
Core
|
Networking
|
daniel
|
RESO
|
FIXE
|
2017-10-26
|
| 1347748
|
|
Overflow and latent write beyond bounds in DataTransfer::GetTransferable()
|
Core
|
DOM: Copy & Paste an
|
enndeakin
|
RESO
|
FIXE
|
2024-05-30
|
| 1356025
|
|
Possible write beyond bounds due to passing a large buffer to nsTSubstring_CharT::nsTSubstring_CharT()
|
Core
|
XPCOM
|
ericrahm+bz
|
RESO
|
FIXE
|
2017-10-26
|
| 1342552
|
|
Crash in nsViewManager::GetRootWidget
|
Core
|
DOM: Events
|
masayuki
|
RESO
|
FIXE
|
2017-10-26
|
| 1367692
|
|
Crash in CTipFnHotkeyManager::InitContextHotkeys (ja, win10 creators update)
|
Core
|
Widget: Win32
|
masayuki
|
RESO
|
FIXE
|
2017-10-26
|
| 1352093
|
|
Use-after-free due to ref counter overflow in CanvasRenderingContext2D
|
Core
|
Graphics: Canvas2D
|
MatsPalmgren_bugz
|
RESO
|
FIXE
|
2017-10-26
|
| 1349595
|
|
Possible integer overflow in allocation size in GMPVideoi420FrameImpl::CreateEmptyFrame?
|
Core
|
Audio/Video: GMP
|
mozbugz
|
RESO
|
FIXE
|
2018-06-04
|
| 1363280
|
|
Intermittent damp | application crashed [@ mozilla::layers::AutoLayerTransactionParentAsyncMessageSender::AutoLayerTransactionParentAsyncMessageSender(mozilla::layers::LayerTransactionParent *,nsTArray<mozilla::layers::OpDestroy> const *)]
|
Core
|
Graphics: Layers
|
sotaro.ikeda.g
|
RESO
|
FIXE
|
2017-10-26
|
| 1346012
|
|
Crash in PromiseReactionRecord::setHandlerArg
|
Core
|
JavaScript Engine
|
till
|
RESO
|
FIXE
|
2017-10-26
|
| 1342567
|
|
Crash in nsExpirationTracker<T>::RemoveObject
|
Core
|
Graphics: ImageLib
|
tnikkel
|
RESO
|
FIXE
|
2017-10-26
|
| 1368732
|
|
Assertion failure: args[1].isString(), at js/src/builtin/RegExp.cpp:1116 with Intl
|
Core
|
JavaScript Engine
|
arai.unmht
|
VERI
|
FIXE
|
2023-12-06
|
| 1362590
|
|
Crash at weird memory address or Assertion failure: index < length_, at js/src/jit/FixedList.h:83
|
Core
|
JavaScript Engine
|
shu
|
VERI
|
FIXE
|
2023-12-06
|