| 1204310
|
|
My login window does not accepts special characters
|
Core
|
Security
|
nobody
|
UNCO
|
---
|
2022-10-11
|
| 1318652
|
|
automatic contextual container based on domain (or regex)
|
Core
|
Security
|
nobody
|
UNCO
|
---
|
2022-10-11
|
| 1408820
|
|
Security: I want an option to disable non-active tabs from making web requests (or continuing socket communication)
|
Core
|
Security
|
nobody
|
UNCO
|
---
|
2022-10-11
|
| 1534581
|
|
Exposed chrome:// resources allow browser version, OS, and locale detection
|
Core
|
Security
|
nobody
|
UNCO
|
---
|
2022-10-11
|
| 344945
|
|
Restrict ajax/javascript scope to DOM element.
|
Core
|
Security
|
nobody
|
UNCO
|
---
|
2022-10-10
|
| 409362
|
|
Browser hangs when accessing a https website with a security certificate.
|
Core
|
Security
|
nobody
|
UNCO
|
---
|
2024-07-08
|
| 453025
|
|
security devices only loaded on application start
|
Core
|
Security
|
nobody
|
UNCO
|
---
|
2022-10-10
|
| 461571
|
|
###!!! ASSERTION: Could not find EV root in NSS storage: 'entry.cert', file /home/mmokrejs/proj/comm-central/mozilla/security/manager/ssl/src/nsIdentityChecking.cpp, line 753
|
Core
|
Security
|
nobody
|
UNCO
|
---
|
2023-12-11
|
| 461630
|
|
equivocal PKCS#11 token identification
|
Core
|
Security
|
nobody
|
UNCO
|
---
|
2022-10-10
|
| 487786
|
|
When typing in a password input field, no other element on the page should steal focus
|
Core
|
Security
|
nobody
|
UNCO
|
---
|
2022-10-10
|
| 494578
|
|
cross-site ajax detection not understanding domain equality fully
|
Core
|
Security
|
nobody
|
UNCO
|
---
|
2022-10-10
|
| 500312
|
|
ssl_error_bad_cert_domain when using SSL to check IMAP mail on Seamonkey 2.0b1 nightly
|
Core
|
Security
|
nobody
|
UNCO
|
---
|
2022-10-10
|
| 548925
|
|
should have about:config booleans to disable basic/digest/ntlm/... authentication
|
Core
|
Security
|
nobody
|
UNCO
|
---
|
2024-04-17
|
| 561941
|
|
No way to disable built-in root certificates.
|
Core
|
Security
|
nobody
|
UNCO
|
---
|
2022-10-10
|
| 582184
|
|
Enforce HTTPS for sites that use secure as a subdomain (keywords: IsLikelyHTTPS, secure subdomains, SSLock)
|
Core
|
Security
|
nobody
|
UNCO
|
---
|
2022-10-10
|
| 635652
|
|
User interface issues when importing a certificate bundle
|
Core
|
Security
|
nobody
|
UNCO
|
---
|
2022-10-10
|
| 687419
|
|
aboutCertError.xhtml should be part of the xulrunner package
|
Core
|
Security
|
nobody
|
UNCO
|
---
|
2022-10-10
|
| 695043
|
|
[FEATURE] need certDB.exportPKCS12File() with password parameter
|
Core
|
Security
|
nobody
|
UNCO
|
---
|
2023-09-21
|
| 731643
|
|
When navigating to a secured page FireFox receives an ajax response from previously loaded page.
|
Core
|
Security
|
nobody
|
UNCO
|
---
|
2022-10-10
|
| 741403
|
|
Error importing X509 certificates
|
Core
|
Security
|
nobody
|
UNCO
|
---
|
2022-10-10
|
| 773111
|
|
unable to import pkcs12 key pair that is not password protected
|
Core
|
Security
|
nobody
|
UNCO
|
---
|
2022-10-10
|
| 850699
|
|
Uncaught exception when "Load denied by X-Frame-Options" error is thrown
|
Core
|
Security
|
nobody
|
UNCO
|
---
|
2022-10-10
|
| 851422
|
|
Not able to 'Add Security Exception' as button is greyed out
|
Core
|
Security
|
nobody
|
UNCO
|
---
|
2022-10-10
|
| 884521
|
|
Possible Exploitable Crash
|
Core
|
Security
|
nobody
|
UNCO
|
---
|
2024-05-30
|
| 891629
|
|
Blocking storage of HSTS data for third-party domains (when requested)
|
Core
|
Security
|
nobody
|
UNCO
|
---
|
2022-10-10
|
| 895545
|
|
Cannot log add self-signed certificates when changed in same IP
|
Core
|
Security
|
nobody
|
UNCO
|
---
|
2022-10-10
|
| 898271
|
|
Save a minimum of a fingerprint and expiration information of SSL certificates
|
Core
|
Security
|
nobody
|
UNCO
|
---
|
2022-10-10
|
| 903424
|
|
Content Security Policy doesn't check existence of aChannel.referrer
|
Core
|
Security
|
nobody
|
UNCO
|
---
|
2022-10-10
|
| 908165
|
|
Bad (uninformative) error on failed certificate import
|
Core
|
Security
|
nobody
|
UNCO
|
---
|
2022-10-10
|
| 913787
|
|
OCSP servers DNS names should only be looked up as FQDN
|
Core
|
Security
|
nobody
|
UNCO
|
---
|
2022-10-10
|
| 914724
|
|
JSONP HTTPS requests accept and execute a redirected HTTP response
|
Core
|
Security
|
nobody
|
UNCO
|
---
|
2022-10-10
|
| 922397
|
|
"Confirm Security Exception" button greyed out
|
Core
|
Security
|
nobody
|
UNCO
|
---
|
2022-10-11
|
| 935639
|
|
PKCS#11: Firefox does not correctly support CKA_ALWAYS_AUTHENTICATE when CKF_PROTECTED_AUTHENTICATION_PATH is set
|
Core
|
Security
|
nobody
|
UNCO
|
---
|
2022-10-11
|
| 940238
|
|
I'm using Athena/Aladdin PKCS11 for identification on a webpage with certificate (key usage=anything, imported root CA). Security device module is loaded and certificate logged in. But choosing certificate window does not popup
|
Core
|
Security
|
nobody
|
UNCO
|
---
|
2022-10-11
|
| 948414
|
|
Firewall of private data
|
Core
|
Security
|
nobody
|
UNCO
|
---
|
2022-10-11
|
| 960973
|
|
confirmPostToInsecureFromSecure fires even when a GET <form> is submitted
|
Core
|
Security
|
nobody
|
UNCO
|
---
|
2022-10-11
|
| 967716
|
|
representation wrong of 'LoadingMixedContent' warning in the Web Console
|
Core
|
Security
|
nobody
|
UNCO
|
---
|
2022-10-10
|
| 1020081
|
|
Firefox does not allow users to add certificate exceptions for stapled ocsp responses
|
Core
|
Security
|
nobody
|
UNCO
|
---
|
2022-10-11
|
| 1023736
|
|
SSL Client Authentication dialog (certificate selection) - not all eligible client certificates are displayed when the certificates have identical nicknames and different subjects
|
Core
|
Security
|
nobody
|
UNCO
|
---
|
2022-10-11
|
| 1025708
|
|
Unable to add security exception when using a self-signed CA
|
Core
|
Security
|
nobody
|
UNCO
|
---
|
2022-10-11
|
| 1080601
|
|
"Add security exception" dialog connects to wrong IP while retrieving certificate
|
Core
|
Security
|
nobody
|
UNCO
|
---
|
2022-10-11
|
| 1109722
|
|
SSL Cert of script tag host being used to verify main site. (Connection is Untrusted)
|
Core
|
Security
|
nobody
|
UNCO
|
---
|
2022-10-11
|
| 1160523
|
|
please, make protection against Clickjacking -- by default
|
Core
|
Security
|
nobody
|
UNCO
|
---
|
2022-10-11
|
| 1176752
|
|
Allow 3rd Party Security provider to integrate with Firefox for protection
|
Core
|
Security
|
nobody
|
UNCO
|
---
|
2022-10-11
|
| 1199436
|
|
Frame contents not shown, no useful message why
|
Core
|
Security
|
nobody
|
UNCO
|
---
|
2022-10-11
|
| 1200566
|
|
Content Security Policy in Web Worker
|
Core
|
Security
|
nobody
|
UNCO
|
---
|
2022-10-11
|
| 1217566
|
|
Enhance untrusted connection pages with basic troubleshooting tips
|
Core
|
Security
|
nobody
|
UNCO
|
---
|
2022-10-11
|
| 1235291
|
|
DLLs in download folder security hole
|
Core
|
Security
|
nobody
|
UNCO
|
---
|
2022-10-11
|
| 1245348
|
|
Firefox doesn't try to connect with HTTPS if the hostname is entered without a protocol
|
Core
|
Security
|
nobody
|
UNCO
|
---
|
2022-10-11
|
| 1400648
|
|
history overflow causes a total full crash and freeze the instance by crappy script redirection loop
|
Core
|
Security
|
nobody
|
UNCO
|
---
|
2022-10-11
|
| 1450774
|
|
Blank tabs are left when DuckDuckGo !bangs result in a new container tab
|
Core
|
Security
|
nobody
|
UNCO
|
---
|
2022-10-11
|
| 1489412
|
|
Excluding moz-extension:// pages in browser history for private window
|
Core
|
Security
|
nobody
|
UNCO
|
---
|
2022-10-11
|
| 1489502
|
|
Custom Container Tab Categories get lost after Downgrading Firefox
|
Core
|
Security
|
nobody
|
UNCO
|
---
|
2022-10-11
|
| 1516054
|
|
iframe sandbox:allow-scripts warn security issue
|
Core
|
Security
|
nobody
|
UNCO
|
---
|
2022-10-11
|
| 1621276
|
|
Multi-Account containers should have a mode that works like the Facebook Container extension
|
Core
|
Security
|
nobody
|
UNCO
|
---
|
2024-06-07
|
| 1839402
|
|
Clickjacking protection for the filepicker window
|
Core
|
Security
|
nobody
|
UNCO
|
---
|
2024-06-02
|
| 1890701
|
|
(Security hardening) WebSockets or XMLHttpRequests to any local network addresses or localhost addresses from a non-local website should require a permission
|
Core
|
Security
|
nobody
|
UNCO
|
---
|
2024-04-10
|
| 493857
|
|
Implement Content Security Policy
|
Core
|
Security
|
nobody
|
NEW
|
---
|
Wed 00:46
|
| 1853722
|
|
Date.now() is 3.3x slower in Firefox than Chrome (related to ReduceTimerPrecision)
|
Core
|
Security
|
tschuster
|
NEW
|
---
|
2023-11-13
|
| 1273058
|
|
mContentViewer should be null when setting origin attributes on docshell
|
Core
|
Security
|
amarchesini
|
NEW
|
---
|
2022-10-11
|
| 1579703
|
|
Unable to Download Attachments from ProtonMail
|
Core
|
Security
|
dlee
|
NEW
|
---
|
2022-10-11
|
| 38933
|
|
Warn before using foreign authentication/cookies/POST data
|
Core
|
Security
|
dveditz
|
NEW
|
---
|
2022-10-17
|
| 40132
|
|
Cached authentication credentials can be used by third-party content using redirects
|
Core
|
Security
|
dveditz
|
NEW
|
---
|
2022-10-10
|
| 36484
|
|
Don't hit any server other than the main one
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2022-10-10
|
| 49864
|
|
'submitting insecure info' popup inconsistent
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2022-10-10
|
| 424485
|
|
Write tests for bug 418356
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2022-10-10
|
| 815321
|
|
[meta] Master Bug for Mixed Content Blocker
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2024-07-10
|
| 939642
|
|
Intermittent test_iframe_sandbox_popups_inheritance.html | Test timed out (and more)
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2023-08-07
|
| 1197283
|
|
[META] Audit the Desktop-only callsites for situations where we need to consider userContextId
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1213290
|
|
Enable "usercontext" on bookmarks
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2023-09-06
|
| 1257456
|
|
tests for restore into existing tab with correct userContextId
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1359928
|
|
Created hardened gcc and clang builds
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1369429
|
|
"Learn more" on SEC_ERROR_OCSP_FUTURE_RESPONSE page doesn't work
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1372103
|
|
viewing caches from differnt container in about:cache
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2023-01-17
|
| 1392090
|
|
<noscript> html tags are not rendered if the Content-Security-Policy "script-src" is set to 'none'
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1396925
|
|
Support for must-staple missing in certificate details dialogue
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1420809
|
|
Permissions that are perpetually denied should not return Reject immediately
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1450398
|
|
[meta] Resist Fingerprinting Mode should allow finer control of applicability
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2024-06-29
|
| 1470264
|
|
Resolve CFI icall errors
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2023-04-03
|
| 1482140
|
|
CFI icall: undefined symbol: __ubsan_handle_cfi_check_fail
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2023-04-03
|
| 1521443
|
|
*any* new tab created while in a container tab should be in that container
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1521986
|
|
Odd behavior when using two container add-ons to automatically open domains in specific containers
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1630087
|
|
Replace HttpChannelSecurityWarningReporter with nsIConsoleReportCollector
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2020-08-18
|
| 1638554
|
|
ContextualIdentityService.closeContainerTabs fails if there is an unloaded tab
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2024-05-28
|
| 1639657
|
|
cargo audit reports RUSTSEC-2020-0004 issue with lucet-runtime-internals
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2020-06-03
|
| 117222
|
|
Limit Scope of Session Cookies (new tabs and windows)
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2022-10-27
|
| 1244710
|
|
Intermittent e10s test_unsecurePicture.html | application timed out after 330 seconds with no output
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1253006
|
|
compartmentalize the HSTS cache via containers
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1254915
|
|
Implement COWL
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2022-04-20
|
| 1263213
|
|
Intermittent docshell/test/navigation/test_reserved.html | Should not be able to navigate off-domain parent by {calling window.open|submitting form|targeted hyperlink|setting location}
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2024-02-27
|
| 1368686
|
|
User Identification Request dialog is cropped on nondefault DPI display
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1371877
|
|
Automated test to look for memory pages that violate W^X
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1399374
|
|
Intermittent browser/components/resistfingerprinting/test/browser/browser_roundedWindow_windowSetting_mid.js | Test timed out -
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1400131
|
|
Intermittent browser/components/resistfingerprinting/test/mochitest/test_bug863246_resource_uri.html | Test timed out.
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1426232
|
|
Consider a Timezone Permission for Resist Fingerprinting
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2024-05-28
|
| 1518179
|
|
Intermittent browser/components/resistfingerprinting/test/browser/browser_spoofing_keyboard_event.js | Test timed out -
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2023-05-19
|
| 1865404
|
|
Add ability to filter the container list
|
Core
|
Security
|
contact
|
NEW
|
---
|
2023-11-17
|
| 93787
|
|
allow security.checkloadURI exceptions via paired URL-filesystem expressions
|
Core
|
Security
|
dveditz
|
NEW
|
---
|
2022-10-10
|
| 123152
|
|
Downloaded executable may be automatically run by Stuffit
|
Core
|
Security
|
dveditz
|
NEW
|
---
|
2022-10-10
|
| 125704
|
|
[RFE] Allow more general entries in policy site lists
|
Core
|
Security
|
dveditz
|
NEW
|
---
|
2022-10-10
|
| 132279
|
|
JS alert dialogs have no title in OS X
|
Core
|
Security
|
dveditz
|
NEW
|
---
|
2022-10-10
|
| 136106
|
|
mozilla should warn users before transmitting username and password unencrypted
|
Core
|
Security
|
dveditz
|
NEW
|
---
|
2022-10-10
|
| 142155
|
|
CSS from a file: url, linked by HTML from a chrome: url is blocked
|
Core
|
Security
|
dveditz
|
NEW
|
---
|
2022-10-10
|
| 145421
|
|
following file: links and including file: resources should be allowed in local documents with non-file: base href URL
|
Core
|
Security
|
dveditz
|
NEW
|
---
|
2022-10-17
|
| 147866
|
|
[META] More flexible policy for embedded content
|
Core
|
Security
|
dveditz
|
NEW
|
---
|
2022-10-10
|
| 163221
|
|
javaScriptValidateLogin();
|
Core
|
Security
|
dveditz
|
NEW
|
---
|
2022-10-10
|
| 201903
|
|
Security denies document.load("data: protocol")
|
Core
|
Security
|
dveditz
|
NEW
|
---
|
2022-10-10
|
| 230134
|
|
css background url allows execution of javascript and allows opening of other non-graphic URIs
|
Core
|
Security
|
dveditz
|
NEW
|
---
|
2022-10-10
|
| 244805
|
|
Windows Application Verifier warnings and errors
|
Core
|
Security
|
dveditz
|
NEW
|
---
|
2022-10-10
|
| 370113
|
|
Use nsIPrincipal APIs instead of CheckSameOriginPrincipal
|
Core
|
Security
|
dveditz
|
NEW
|
---
|
2022-10-10
|
| 395625
|
|
Too many error messages for local file XHR reading directory listing
|
Core
|
Security
|
dveditz
|
NEW
|
---
|
2022-10-10
|
| 399301
|
|
Old annoying-content prefs (set using Firefox<1.0) still halt script execution
|
Core
|
Security
|
dveditz
|
NEW
|
---
|
2022-10-10
|
| 737451
|
|
enhance updateFromStream in crypto hashing to support 64-bit sized input
|
Core
|
Security
|
m_kato
|
NEW
|
---
|
2022-10-10
|
| 119207
|
|
Need an ability to restrict user to change preferences
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2024-02-11
|
| 153950
|
|
chroot and spawn execution
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2022-10-10
|
| 166753
|
|
Keyboard-only users have no entropy
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2022-10-10
|
| 183987
|
|
Assertions when modifying document in iframe
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2022-10-10
|
| 224055
|
|
irc.fptchat.com:23 is a Vietnamese irc server and it has no alternate ports
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2022-10-10
|
| 233262
|
|
Mozilla is vulnerable to gzip bombs
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2023-12-12
|
| 249759
|
|
langley.mozilla.org - comprehensive pre-lease security check system
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2022-10-10
|
| 268974
|
|
PKCS11 handling -- token slot name strings empty
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2022-10-10
|
| 286651
|
|
Strip privilege from chrome loaded in a browser/content window
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2022-10-10
|
| 299116
|
|
treat mailto: links as popups (don't open except by explicit user action)
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2022-10-10
|
| 344890
|
|
<img src="javascript:alert(...);"> gives "Permission denied to get property Window.alert"
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2022-10-10
|
| 363142
|
|
Replace delay in security dialogs with something else
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2022-10-10
|
| 371923
|
|
Show a warning when a user tries to bookmark a javascript: url
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2022-10-10
|
| 421224
|
|
Give content policies an official way to change the URI
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2022-10-10
|
| 431782
|
|
HTTP redirects can bypass content policies
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2022-10-10
|
| 432532
|
|
Permission manager should check URI scheme for extension install
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2022-10-10
|
| 443689
|
|
In <browser.xml>, "this.docShell is null" (catched) exception in |securityUI| getter
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2022-10-10
|
| 581625
|
|
When Internet Connection is Disabled, Ignore OCSP
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2022-10-10
|
| 585161
|
|
Get rid of hashtables in nsPrincipal
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2022-10-10
|
| 627105
|
|
Make the ability to add bugs to the security group easier to get
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2022-10-10
|
| 644376
|
|
Implement back-end validating DNSSEC signatures
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2023-11-16
|
| 663566
|
|
[meta] Implement Content Security Policy 1.0 per the W3C standard
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2022-10-10
|
| 664638
|
|
Build and maintain a comprehensive list of every detectable hostname on the internet
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2022-10-10
|
| 680018
|
|
rapt explorer with console and throw antiflooding bypass
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2022-10-10
|
| 701774
|
|
Need the ability to define that a subdirectory constitutes a website
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2022-10-10
|
| 716242
|
|
setCanEnablePrivilege throws uncatchable exception
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2022-10-10
|
| 746616
|
|
Plain Old Favorites add-on dll does not have ASLR enabled
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2022-10-10
|
| 752551
|
|
iframe sandbox's sandbox automatic features flag should block autoplay of video and autofocus and possibly meta refresh
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2022-10-10
|
| 752563
|
|
iframe sandbox worker tests need a test for cross-domain blob objects
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2022-10-10
|
| 754450
|
|
Firefox not accepting override for self-signed certificate on odd port
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2022-10-10
|
| 760854
|
|
wrong security indicator appears after a session restore
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2022-10-10
|
| 768664
|
|
log attempts to do things (e.g. run scripts) disallowed by HTML5 sandbox that would otherwise be ignored
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2022-10-10
|
| 776071
|
|
Signatures of already-installed addons are not checked during loading in a secure way
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2022-10-10
|
| 787296
|
|
Kill all web access to screen/chrome metrics and theme information
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2022-10-10
|
| 806034
|
|
[meta] Bugs that reveal address space layout (ASLR bypasses)
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2022-10-10
|
| 839235
|
|
shouldLoad called twice for Content Policies
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2022-10-10
|
| 898217
|
|
nsSSLStatus::GetIsExtendedValidation is giving an error from the plugin-container process
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2022-10-10
|
| 899099
|
|
Create a method that can be shared across different components to validate if a URI is secure
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2022-10-10
|
| 904807
|
|
Permission denied to create wrapper for object of class UnnamedClass
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2022-10-10
|
| 908046
|
|
Turn off SSLKEYLOGFILE logging as default
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2024-06-15
|
| 931107
|
|
ShouldLoad inconsistency of aRequestingLocation between images and fonts requested from css files
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 967210
|
|
Implement finer-grained (per-domain) control over enabled ciphers
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 983415
|
|
Use procmon to see if we need to allow any filesystem or registry access
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 993519
|
|
nsIContentSecurityPolicy shows up in the cycle collector graphs
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1006868
|
|
[meta] Revamp Gecko Security Hooks
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1006881
|
|
[meta] Call Content Policies after a channel is created
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1052575
|
|
[meta] store content-controlled buffers in a separate heap
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2023-09-19
|
| 1061925
|
|
looping mailto link can cause an out of memory condition
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1066857
|
|
Security Review: EME plugins
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1085807
|
|
nsDataDocumentContentPolicy should use a whitelist instead of a blacklist
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1096777
|
|
Properly handle JWK keys that have "oth" populated
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1107594
|
|
Remove change to Chromium code to define _xgetbv for pre VS2010 SP1.
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1119555
|
|
Throw away leftover HTTP data for HSTS sites
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1126831
|
|
Comodo free email certificate, intermediate certificate "Could not verify this certificate for unknown reasons"
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1150353
|
|
SHA-1 warnings in web console should mention server name that has SHA-1 leaf/intermediate
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1191418
|
|
[META] Contextual Identity / Containers Bugs
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2024-06-25
|
| 1196703
|
|
Cisco H.264 plugin should be protected by stronger signature
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1203887
|
|
would be nice to have an ocsp-fail.example.com for use in mochitests in our test suite
|
Core
|
Security
|
nobody
|
NEW
|
---
|
Fri 07:23
|
| 1204538
|
|
Add an EV root for TLS tests in mochitest
|
Core
|
Security
|
nobody
|
NEW
|
---
|
Fri 07:23
|
| 1218778
|
|
Sniffly: a timing attack on HSTS to steal user's history
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2023-03-02
|
| 1223624
|
|
IsURIPotentiallyTrustworthy should check nesting and wss
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1247975
|
|
Provide a pref for switching off non-encrypted HTTP support
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1269050
|
|
Make the "is Secure Context" code more robust by using HTTPS state
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1409165
|
|
github project board doesn't load
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1430257
|
|
[meta] Stop treating nested URIs as same-origin with their innermost URI
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1434660
|
|
Automated test for updater cert pinning
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1465863
|
|
Protect dynamically resolved cross-DSO calls
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2024-01-22
|
| 1468382
|
|
Remove -fsanitize-cfi-icall-generalize-pointers
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2024-01-22
|
| 1567628
|
|
Consider if/how general.config.filename can be locked down
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1663987
|
|
Site Isolation enables timing attacks against partitioning across simultaneously open tabs
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2024-03-14
|
| 1671152
|
|
Investigate enabling pointer authentication on ARMv8.3
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2024-06-25
|
| 1694705
|
|
the new "HTTPS-only" affect IP address when it has no response
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2021-03-08
|
| 1707649
|
|
Update "Security Bug Approval Process" documentation to mention the importance of closing security bugs
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2024-02-27
|
| 1711619
|
|
Consider renaming privacy.resistFingerprinting.exemptedDomains
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2024-02-17
|
| 1712580
|
|
Intelligently handle file: origins w.r.t. Spectre
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2023-03-07
|
| 1725042
|
|
Update RFP tests to set the prefs inside the test task
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2021-08-10
|
| 1728122
|
|
Remove about:sync exemptions to JS Load Restrictions and CSP Assertions
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2021-08-30
|
| 1732864
|
|
Numerical boundary causes problems with AWS firewall
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2021-10-01
|
| 1756759
|
|
Integrating selfrando into FIrefox
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2022-02-23
|
| 1774128
|
|
Provide a way to fetch container names from the outside
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2023-10-30
|
| 1806732
|
|
contextualidentity tab indicator is hidden when screensharing
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2023-01-03
|
| 1818248
|
|
Update JS callers that call directly checking "privacy.resistFingerprinting" pref
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2024-06-10
|
| 1823065
|
|
ContextualIdentity API: Add ability to assign sites to a container
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2023-12-03
|
| 1824390
|
|
Cut over all RFP callers to per-target RFP
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2024-06-10
|
| 1846772
|
|
Address SandboxPrivate ShouldRFP
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2023-08-11
|
| 1848287
|
|
Address ShadowRealmGlobalScope ShouldRFP
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2023-08-26
|
| 1905013
|
|
Test _FORTIFY_SOURCE=3
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2024-07-02
|
| 1762919
|
|
Make dropped frame statistics more realistic
|
Core
|
Security
|
jmuizelaar
|
ASSI
|
---
|
2023-12-21
|
| 303885
|
|
after changing the character-encoding, access to JavaScript functions is blocked
|
Core
|
Security
|
dveditz
|
ASSI
|
---
|
2022-10-10
|
| 1371906
|
|
Intermittent browser/components/resistfingerprinting/test/mochitest/test_reduce_time_precision.html | application timed out after 330/370 seconds with no output
|
Core
|
Security
|
tom
|
REOP
|
---
|
2022-10-11
|
| 1570812
|
|
Intermittent browser/components/resistfingerprinting/test/browser/browser_dynamical_window_rounding.js | Test timed out -
|
Core
|
Security
|
tihuang
|
REOP
|
---
|
2023-11-06
|