Mon Sep 30 2024 04:43:18 PDT
  • Bug ID: 1808352, 1811637, 1815904, 1817442, 1818674
ID Type Summary Product Comp Assignee Status Resolution Updated
1808352 Crash in [@ mozilla::dom::Element::ClassList] on JS_SWEPT_TENURED_PATTERN poison values Core JavaScript Engine: J jdemooij RESO FIXE 2023-10-24
1811637 Use-after-free crash in [@ g_type_check_instance_cast] Core Widget: Gtk stransky RESO FIXE 2023-10-17
1815904 Crash in [@ nsStringBuffer::AddRef] on poison value from QuotaManager::QuotaManager during shutdown Core Storage: Quota Manag jstutte RESO FIXE 2023-10-17
1817442 AddressSanitizer: negative-size-param: (size=-1956016352) [@ __asan_memcpy] Core Graphics: Canvas2D lsalzman VERI FIXE 2023-12-06
1818674 fix a multiply in gfx/2d/DataSurfaceHelpers.cpp that can overflow signed int32 Core Graphics: Canvas2D tnikkel RESO FIXE 2023-10-17
5 bugs found.
REST | CSV | Feed | iCalendar
Change Columns 		Edit Search
as

File a new bug in the "Core" product