| 1435036
|
|
AddressSanitizer: heap-use-after-free /builds/worker/workspace/build/src/dom/media/MediaManager.cpp:4419:7 in ChromeAffectingStateChanged
|
Core
|
WebRTC
|
apehrson
|
RESO
|
FIXE
|
2020-02-28
|
| 1439655
|
|
Wild pointer read in copy_and_extend_plane
|
Core
|
WebRTC: Audio/Video
|
apehrson
|
RESO
|
FIXE
|
2019-05-24
|
| 1436983
|
|
CodeGenerator::link can GC before capturing read barriers
|
Core
|
JavaScript: GC
|
jcoppeard
|
RESO
|
FIXE
|
2018-11-05
|
| 1437455
|
|
Assertion failure: off.assigned() && offset >= 0 && unsigned(offset) < size(), at js/src/jit/shared/IonAssemblerBuffer.h:379
|
Core
|
JavaScript Engine
|
lhansen
|
RESO
|
FIXE
|
2018-08-28
|
| 1454126
|
|
crash at null in [@ nsMappedAttributes::GetAttr]
|
Core
|
DOM: Editor
|
masayuki
|
RESO
|
FIXE
|
2019-05-24
|
| 1454359
|
|
Cherry-pick more upstream FreeType oss-fuzz fixes
|
Core
|
Graphics: Text
|
ryanvm
|
RESO
|
FIXE
|
2018-08-28
|
| 1367727
|
|
Crash in js::gc::AtomMarkingRuntime::markAtom
|
Core
|
JavaScript Engine
|
tcampbell
|
RESO
|
FIXE
|
2018-08-28
|
| 1452417
|
|
Crash in nsCOMPtr<T>::nsCOMPtr<T> | nsHostResolver::DetachCallback
|
Core
|
Networking: DNS
|
valentin.gosu
|
RESO
|
FIXE
|
2018-08-28
|
| 1436759
|
|
Intermittent SUMMARY: AddressSanitizer: heap-use-after-free /builds/worker/workspace/build/src/media/mtransport/sigslot.h:2007:11 in sigslot::_connection4<mozilla::TransportLayerIce, mozilla::NrIceMediaStream*, int, unsigned char const*, int, sigslot::si
|
Core
|
WebRTC
|
mfroman
|
RESO
|
FIXE
|
2020-02-28
|
| 1449358
|
|
Latent heap corruption on allocator mismatch in nsAuthSambaNTLM::GetNextToken()
|
Core
|
Networking: HTTP
|
alex.gaynor
|
RESO
|
FIXE
|
2024-05-30
|
| 1445234
|
|
IPC: crash [@get_gtk_cursor]
|
Core
|
DOM: Content Process
|
alex.gaynor
|
RESO
|
FIXE
|
2019-05-24
|
| 1448612
|
|
Double free in nsStreamLoader (presumably because of FetchConsumer stuff).
|
Core
|
DOM: Workers
|
emilio
|
RESO
|
FIXE
|
2018-08-28
|
| 1432323
|
|
UBSan: member access within address 0x6030002a4d80 which does not point to an object of type 'nsCOMArrayEnumerator' in /xpcom/ds/nsArrayEnumerator.cpp:197
|
Core
|
XPCOM
|
ericrahm+bz
|
RESO
|
FIXE
|
2018-11-05
|
| 1439723
|
|
Nullable::SetValue leads to footguns in the animation code
|
Core
|
DOM: Animation
|
froydnj+bz
|
RESO
|
FIXE
|
2018-11-05
|
| 1440465
|
|
uninitialized memory accesses in AutoPointerEventTargetUpdater
|
Core
|
Layout
|
froydnj+bz
|
RESO
|
FIXE
|
2018-08-28
|
| 1438827
|
|
Assertion failures while tracing ARM assembler: data >> 28 != 0xf
|
Core
|
JavaScript Engine: J
|
jcoppeard
|
RESO
|
FIXE
|
2018-11-05
|
| 1448771
|
|
Buffer overflow in hyphen (not the same as 1390550)
|
Core
|
Layout: Text and Fon
|
jfkthame
|
RESO
|
FIXE
|
2018-11-05
|
| 1453653
|
|
Cherry-pick an upstream FreeType integer overflow fix
|
Core
|
Graphics: Text
|
ryanvm
|
RESO
|
FIXE
|
2018-08-28
|
| 1449530
|
|
IPC: global-buffer-overflow crash with PDocAccessible::Msg_StateChangeEvent [@FireStateChangeEvent]
|
Core
|
Disability Access AP
|
surkov.alexander
|
RESO
|
FIXE
|
2019-05-24
|
| 1447989
|
|
Crash [@ js::ReportMagicWordFailure] or Crash [@ js::ConstraintTypeSet::addType] with GC
|
Core
|
JavaScript Engine
|
jdemooij
|
VERI
|
FIXE
|
2023-12-06
|