Sat Apr 19 2025 10:51:10 PDT
  • Bug ID: 1445234, 1449530, 1437455, 1447989, 1438827, 1436983, 1435036, 1440465, 1439723, 1448771, 1453653, 1454359, 1432323, 1454126, 1436759, 1439655, 1448612, 1449358, 1367727, 1452417

20 bugs found.
ID Type Summary Product Comp Assignee Status Resolution Updated
1435036 AddressSanitizer: heap-use-after-free /builds/worker/workspace/build/src/dom/media/MediaManager.cpp:4419:7 in ChromeAffectingStateChanged Core WebRTC apehrson RESO FIXE 2020-02-28
1439655 Wild pointer read in copy_and_extend_plane Core WebRTC: Audio/Video apehrson RESO FIXE 2019-05-24
1436983 CodeGenerator::link can GC before capturing read barriers Core JavaScript: GC jcoppeard RESO FIXE 2018-11-05
1437455 Assertion failure: off.assigned() && offset >= 0 && unsigned(offset) < size(), at js/src/jit/shared/IonAssemblerBuffer.h:379 Core JavaScript Engine lhansen RESO FIXE 2018-08-28
1454126 crash at null in [@ nsMappedAttributes::GetAttr] Core DOM: Editor masayuki RESO FIXE 2019-05-24
1454359 Cherry-pick more upstream FreeType oss-fuzz fixes Core Graphics: Text ryanvm RESO FIXE 2018-08-28
1367727 Crash in js::gc::AtomMarkingRuntime::markAtom Core JavaScript Engine tcampbell RESO FIXE 2018-08-28
1452417 Crash in nsCOMPtr<T>::nsCOMPtr<T> | nsHostResolver::DetachCallback Core Networking: DNS valentin.gosu RESO FIXE 2018-08-28
1436759 Intermittent SUMMARY: AddressSanitizer: heap-use-after-free /builds/worker/workspace/build/src/media/mtransport/sigslot.h:2007:11 in sigslot::_connection4<mozilla::TransportLayerIce, mozilla::NrIceMediaStream*, int, unsigned char const*, int, sigslot::si Core WebRTC mfroman RESO FIXE 2020-02-28
1449358 Latent heap corruption on allocator mismatch in nsAuthSambaNTLM::GetNextToken() Core Networking: HTTP alex.gaynor RESO FIXE 2024-05-30
1445234 IPC: crash [@get_gtk_cursor] Core DOM: Content Process alex.gaynor RESO FIXE 2019-05-24
1448612 Double free in nsStreamLoader (presumably because of FetchConsumer stuff). Core DOM: Workers emilio RESO FIXE 2018-08-28
1432323 UBSan: member access within address 0x6030002a4d80 which does not point to an object of type 'nsCOMArrayEnumerator' in /xpcom/ds/nsArrayEnumerator.cpp:197 Core XPCOM ericrahm+bz RESO FIXE 2018-11-05
1439723 Nullable::SetValue leads to footguns in the animation code Core DOM: Animation froydnj+bz RESO FIXE 2018-11-05
1440465 uninitialized memory accesses in AutoPointerEventTargetUpdater Core Layout froydnj+bz RESO FIXE 2018-08-28
1438827 Assertion failures while tracing ARM assembler: data >> 28 != 0xf Core JavaScript Engine: J jcoppeard RESO FIXE 2018-11-05
1448771 Buffer overflow in hyphen (not the same as 1390550) Core Layout: Text and Fon jfkthame RESO FIXE 2018-11-05
1453653 Cherry-pick an upstream FreeType integer overflow fix Core Graphics: Text ryanvm RESO FIXE 2018-08-28
1449530 IPC: global-buffer-overflow crash with PDocAccessible::Msg_StateChangeEvent [@FireStateChangeEvent] Core Disability Access AP surkov.alexander RESO FIXE 2019-05-24
1447989 Crash [@ js::ReportMagicWordFailure] or Crash [@ js::ConstraintTypeSet::addType] with GC Core JavaScript Engine jdemooij VERI FIXE 2023-12-06
20 bugs found.

File a new bug in the "Core" product