| 1452576
|
|
Crash [@ get] with StructuredCloneHolder ending up in [@ mozilla::dom::ImageBitmap::CreateFromCloneData] although DifferentProcess
|
Core
|
DOM: Core & HTML
|
amarchesini
|
RESO
|
FIXE
|
2021-10-06
|
| 1458048
|
|
Likely write beyond bounds in sctp_load_addresses_from_init()
|
Core
|
WebRTC: Networking
|
dminor
|
RESO
|
FIXE
|
2024-05-30
|
| 1464063
|
|
[LibFuzzer] SDP: global-buffer-overflow [@sdp_getchoosetok]
|
Core
|
WebRTC: Signaling
|
drno
|
RESO
|
FIXE
|
2019-08-07
|
| 1450688
|
|
Crash [@ JS::GetRealmPrivate(JS::Realm*)]
|
Core
|
XBL
|
kmaglione+bmo
|
RESO
|
FIXE
|
2019-08-07
|
| 1464829
|
|
Possible OOB read from RInstructionResults.
|
Core
|
JavaScript Engine: J
|
nicolas.b.pierron
|
RESO
|
FIXE
|
2019-08-07
|
| 1442722
|
|
Assertion failure: point.canPeek(), at js/src/vm/StructuredClone.cpp:648 or various crashes with invalid free
|
Core
|
JavaScript Engine
|
sphink
|
RESO
|
FIXE
|
2021-10-06
|
| 1456975
|
|
Segfault - buffer overflow / arbitrary memory read in IPC due to unvalidated field in nsMozIconURI deserialization
|
Core
|
Networking
|
valentin.gosu
|
RESO
|
FIXE
|
2021-11-18
|
| 1451297
|
|
IPC: crash with PImageBridge::Msg_PTextureConstructor [@I422ToARGBRow_Any_AVX2]
|
Core
|
Graphics
|
aosmond
|
RESO
|
FIXE
|
2019-08-07
|
| 1458264
|
|
ASan use-after-free in angle::LoadToNative3To4
|
Core
|
Graphics
|
jgilbert
|
RESO
|
FIXE
|
2019-08-07
|
| 1392739
|
|
IPC: wild-addr-read in various messages [@CharAt]
|
Core
|
Networking
|
valentin.gosu
|
RESO
|
FIXE
|
2021-11-18
|
| 1458270
|
|
ASan use-after-free in GfxInfo::GetFeatureStatus
|
Core
|
Graphics
|
away
|
RESO
|
FIXE
|
2019-08-07
|
| 1456189
|
|
AddressSanitizer: bad-free deserializing JSStructuredCloneData
|
Core
|
IPC
|
alex.gaynor
|
RESO
|
FIXE
|
2021-11-18
|
| 1464079
|
|
AddressSanitizer: heap-use-after-free [@ ~lock_block] with READ of size 8
|
Core
|
WebRTC
|
docfaraday
|
RESO
|
FIXE
|
2020-02-28
|
| 1465898
|
|
Heap-buffer-underflow READ 8 from HalParent::RecvEnableSwitchNotifications
|
Core
|
Hardware Abstraction
|
gsvelto
|
RESO
|
FIXE
|
2021-11-18
|
| 1465108
|
|
Uplift some compacting GC changes which landed in bug 1457703
|
Core
|
JavaScript: GC
|
jcoppeard
|
RESO
|
FIXE
|
2019-08-07
|
| 1463494
|
|
Crash in nsTArray_Impl<T>::Clear | GeckoAppShellSupport::OnSensorChanged
|
Core Graveyard
|
Widget: Android
|
rjesup
|
RESO
|
FIXE
|
2021-11-04
|
| 1437842
|
|
Crash [@ ??] with GC and TypedArray constructors
|
Core
|
JavaScript Engine
|
mgaudet
|
VERI
|
FIXE
|
2023-12-06
|