Sat Apr 19 2025 13:26:58 PDT
  • Bug ID: 1359639, 1349595, 1352295, 1352556, 1342552, 1342567, 1346012, 1366140, 1368732, 1297111, 1362590, 1357462, 1363280, 1349266, 1352093, 1348424, 1347748, 1356025, 1325513, 1367692

20 bugs found.
ID Type Summary Product Comp Assignee Status Resolution Updated
1325513 RTP header extensions potentially read out of bounds Core WebRTC drno RESO FIXE 2017-10-26
1352295 mozilla::dom::CanvasRenderingContext2D is trivially exploitable Core Graphics: Canvas2D MatsPalmgren_bugz RESO FIXE 2017-10-26
1348424 Crash in objc_msgSend | TitlebarDrawCallback Core Widget: Cocoa mstange.moz RESO FIXE 2017-10-26
1366140 [TSF] Needs to grab TSF related objects during calling methods of them Core Widget: Win32 masayuki RESO FIXE 2017-10-26
1349266 AddressSanitizer: heap-buffer-overflow [@ GetParent] with READ of size 8 Core DOM: Workers amarchesini RESO FIXE 2020-02-28
1357462 Assertion failure: !denseElementsAreFrozen(), at /home/andre/git/mozilla-central/js/src/vm/NativeObject.h:1055 Core JavaScript Engine andrebargull RESO FIXE 2017-10-26
1297111 Invalid array access in nsExpirationTracker::RemoveObject() Core Graphics: ImageLib bevistseng RESO FIXE 2017-10-26
1352556 Possible integer overflow in usage of MFGetAttributeSize results Core Audio/Video: GMP chris RESO FIXE 2017-10-26
1359639 heap-buffer-overflow READ size 4 in [@ nsDirIndexParser::ParseData] Core Networking daniel RESO FIXE 2017-10-26
1347748 Overflow and latent write beyond bounds in DataTransfer::GetTransferable() Core DOM: Copy & Paste an enndeakin RESO FIXE 2024-05-30
1356025 Possible write beyond bounds due to passing a large buffer to nsTSubstring_CharT::nsTSubstring_CharT() Core XPCOM ericrahm+bz RESO FIXE 2017-10-26
1342552 Crash in nsViewManager::GetRootWidget Core DOM: Events masayuki RESO FIXE 2017-10-26
1367692 Crash in CTipFnHotkeyManager::InitContextHotkeys (ja, win10 creators update) Core Widget: Win32 masayuki RESO FIXE 2017-10-26
1352093 Use-after-free due to ref counter overflow in CanvasRenderingContext2D Core Graphics: Canvas2D MatsPalmgren_bugz RESO FIXE 2017-10-26
1349595 Possible integer overflow in allocation size in GMPVideoi420FrameImpl::CreateEmptyFrame? Core Audio/Video: GMP mozbugz RESO FIXE 2018-06-04
1363280 Intermittent damp | application crashed [@ mozilla::layers::AutoLayerTransactionParentAsyncMessageSender::AutoLayerTransactionParentAsyncMessageSender(mozilla::layers::LayerTransactionParent *,nsTArray<mozilla::layers::OpDestroy> const *)] Core Graphics: Layers sotaro.ikeda.g RESO FIXE 2017-10-26
1346012 Crash in PromiseReactionRecord::setHandlerArg Core JavaScript Engine till RESO FIXE 2017-10-26
1342567 Crash in nsExpirationTracker<T>::RemoveObject Core Graphics: ImageLib tnikkel RESO FIXE 2017-10-26
1368732 Assertion failure: args[1].isString(), at js/src/builtin/RegExp.cpp:1116 with Intl Core JavaScript Engine arai.unmht VERI FIXE 2023-12-06
1362590 Crash at weird memory address or Assertion failure: index < length_, at js/src/jit/FixedList.h:83 Core JavaScript Engine shu VERI FIXE 2023-12-06
20 bugs found.

File a new bug in the "Core" product