| 1379414
|
|
Potential read beyond bounds in ReadCompressedIndexDataValuesFromBlob()
|
Core
|
Storage: IndexedDB
|
bevistseng
|
RESO
|
FIXE
|
2024-05-30
|
| 1348955
|
|
Crash in mozilla::storage::...CallbackResultNotifier::Run
|
Core
|
SQLite and Embedded
|
mak
|
RESO
|
FIXE
|
2024-08-20
|
| 1385112
|
|
Assertion failure: length != 0, at js/src/frontend/TokenStream.cpp:59
|
Core
|
JavaScript Engine
|
arai.unmht
|
RESO
|
FIXE
|
2018-02-01
|
| 1367497
|
|
Crash in ExpirationTrackerImpl<T>::RemoveObjectLocked
|
Core
|
XPCOM
|
bevistseng
|
RESO
|
FIXE
|
2018-02-01
|
| 1392105
|
|
Crash [@ js::jit::AssemblerBuffer<1024, js::jit::Instruction>::getInst] or Assertion failure: data >> 28 != 0xf (The instruction does not have condition code), at jit/arm/Assembler-arm.h:1996
|
Core
|
JavaScript Engine
|
bugzilla
|
RESO
|
FIXE
|
2018-02-01
|
| 1388113
|
|
Intermittent AddressSanitizer: heap-use-after-free [@nsCOMPtr<nsIAtom>::assign_with_AddRef(nsISupports*)]
|
Core
|
CSS Parsing and Comp
|
cam
|
RESO
|
FIXE
|
2020-02-28
|
| 1369560
|
|
address potentially unsafe snprintf usage in FPSCounter
|
Core
|
Graphics
|
dkeeler
|
RESO
|
FIXE
|
2018-02-01
|
| 1378658
|
|
Allocating a huge buffer can return a previously freed huge buffer with its contents unaltered
|
Core
|
Memory Allocator
|
mh+mozilla
|
RESO
|
FIXE
|
2018-02-01
|
| 1388045
|
|
Branch Pruning suggests to optimize away observable operands.
|
Core
|
JavaScript Engine: J
|
nicolas.b.pierron
|
RESO
|
FIXE
|
2018-02-01
|
| 1387659
|
|
heap-use-after-free in [@ GetLayerManager]
|
Core
|
Graphics
|
sotaro.ikeda.g
|
RESO
|
FIXE
|
2018-02-01
|
| 1394522
|
|
Null check ref pointers when iterating over intersection observers
|
Core
|
Layout
|
tschneider
|
RESO
|
FIXE
|
2018-02-01
|
| 1395919
|
|
Assertion failure: MIR instruction returned object with unexpected type, at js/src/jit/MacroAssembler.cpp:1715 or Assertion failure: Unexpected object type, at jit/MacroAssembler.cpp:1715
|
Core
|
JavaScript Engine
|
nobody
|
VERI
|
FIXE
|
2023-12-06
|