> I'm not sure exactly what qualifies for a CVE. Dan, can you help?
We'd need more evidence this is actually a vulnerability and not an unexploitable access violation. In the browser we give hypothetical attackers a giant benefit of the doubt because the ability to run scripts inside the application gives an attacker the ability to "groom" memory and time the triggering of the vulnerability.
Bug 1917475 Comment 6 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
> I'm not sure exactly what qualifies for a CVE. Dan, can you help?
We'd need more evidence this is actually a vulnerability and not an unexploitable access violation. In the browser we give hypothetical attackers a giant benefit of the doubt because the ability to run scripts inside the application gives an attacker the ability to "groom" memory and time the triggering of the vulnerability. On top of that, there are millions of potential victims for browser bugs, not tens of CI environments running this tool.