Thu Jul 18 2024 00:06:59 PDT
  • Keywords: csectype-framepoisoning
122 bugs found.
ID Type Summary Product Comp Assignee Status Resolution Updated
1479897 use-after-poison in [@ AutoWeakFrame::Init] Core Layout nobody NEW --- 2022-10-11
1535187 Investigate whether 1486521.html is still crashing Android verify build Core Layout nobody NEW --- 2022-10-11
526587 [meta] Crashes at the Poison Frame address Core Layout nobody NEW --- 2022-10-10
1703999 use-after-poison in [@ nsFloatManager::GetFlowArea] Core Layout: Floats nobody NEW --- 2023-06-08
1708079 use-after-poison in [@ nsCSSFrameConstructor::MaybeRecreateContainerForFrameRemoval] Core Layout nobody NEW --- 2021-08-17
1747992 use-after-poison in nsIFrame::StyleDisplay Core Layout: Columns nobody NEW --- 2022-02-03
1772592 AddressSanitizer: use-after-poison [@ nsBlockInFlowLineIterator::nsBlockInFlowLineIterator] with READ of size 8 Core Disability Access AP nobody NEW --- 2022-09-13
1805326 use-after-poison in [@ nsOverflowContinuationTracker::EndFinish] Core Layout nobody NEW --- 2023-08-30
1640028 use-after-poison in [@ nsFlexContainerFrame::ReflowChildren] Core Layout: Flexbox aethanyc RESO FIXE 2020-06-08
1879862 Crash in [@ nsPresContext::GetPresShell], 124.0a1 regression involving mouse movement Core DOM: Events masayuki RESO FIXE 2024-02-16
1380749 Use-after-poison in GetPrevSibling [@/home/worker/workspace/build/src/layout/generic/nsIFrame.h:1624:45] Core Layout MatsPalmgren_bugz RESO FIXE 2018-11-05
1418997 AddressSanitizer: use-after-poison [@ IsFrameModified] with READ of size 2 Core Web Painting matt.woodrow RESO FIXE 2020-02-28
1751965 use-after-poison in [@ mozilla::RDL::ClearPreviousItems] Core Web Painting mikokm RESO FIXE 2022-01-29
1645718 use-after-poison in [@ nsContainerFrame::NormalizeChildLists] Core Layout aethanyc RESO DUPL 2023-05-22
1361596 Coverity report: nsSVGPatternFrame::​nsSVGPatternFrame(nsStyleContext *): A pointer field is not initialized in the constructor Core SVG emilio RESO FIXE 2018-02-01
1404324 stylo: AddressSanitizer: use-after-poison [@ HasView] with READ of size 8 Core CSS Parsing and Comp emilio RESO FIXE 2020-02-28
1419762 AddressSanitizer: use-after-poison [@ Hdr] with READ of size 8 Core Layout: Block and In emilio RESO FIXE 2020-02-28
1489323 AddressSanitizer: use-after-poison /builds/worker/workspace/build/src/obj-firefox/dist/include/mozilla/RefPtr.h:296:27 in get Core Layout: Block and In emilio RESO DUPL 2023-01-16
1382213 Use-after-poison in [@nsLayoutUtils::GetFloatContainingBlock(nsIFrame*)] Core Layout MatsPalmgren_bugz RESO FIXE 2018-11-05
1663222 use-after-poison in [@ nsBlockFrame::ReflowBlockFrame] Core Layout: Columns MatsPalmgren_bugz RESO FIXE 2021-11-22
1439938 AddressSanitizer: use-after-poison [@ get] with READ of size 8 Core Web Painting nobody RESO WORK 2020-01-09
1506157 AddressSanitizer: use-after-poison [@ Type] with READ of size 1 Core Layout nobody RESO WORK 2020-01-09
1506717 AddressSanitizer: use-after-poison /builds/worker/workspace/build/src/layout/generic/nsQueryFrame.h:114:45 in operator nsIScrollableFrame *<nsIScrollableFrame> Core Layout: Columns nobody RESO WORK 2020-01-09
1506720 AddressSanitizer: use-after-poison /builds/worker/workspace/build/src/layout/base/nsCSSFrameConstructor.cpp:7912:33 in nsCSSFrameConstructor::ContentRemoved(nsIContent*, nsIContent*, nsCSSFrameConstructor::RemoveFlags) Core Layout: Columns nobody RESO WORK 2020-01-09
1507269 AddressSanitizer: use-after-poison /builds/worker/workspace/build/src/obj-firefox/dist/include/mozilla/RefPtr.h:307:27 in get Core Layout: Columns nobody RESO WORK 2020-01-09
1516737 use-after-poison in [@ nsLayoutUtils::IsProperAncestorFrame] Core Layout: Columns nobody RESO DUPL 2019-01-17
1809492 Crash in [@ nsCOMPtr<T>::nsCOMPtr | nsTreeBodyFrame::GetExistingView] Core Layout tnikkel RESO FIXE 2023-10-02
1401420 AddressSanitizer: use-after-poison [@ GetNextSibling] with READ of size 8 in layout/generic/nsIFrame.h:1431:45 Core Layout xidorn+moz RESO FIXE 2020-02-28
1566672 use-after-poison in [@ nsCSSFrameConstructor::MaybeRecreateContainerForFrameRemoval] Core Layout: Columns aethanyc RESO FIXE 2019-07-24
1404753 stylo: AddressSanitizer: use-after-poison /builds/worker/workspace/build/src/layout/generic/nsIFrame.h:1997:46 in GetStateBits Core CSS Parsing and Comp emilio RESO DUPL 2020-08-08
1538758 Potential Use After Free in layout code need help verifying Core Layout emilio RESO FIXE 2024-05-30
1209952 Use-after-poison in nsFloatManager::GetFlowArea (with floats, multicol, and huge width) Core Layout MatsPalmgren_bugz RESO FIXE 2022-06-28
1491718 use-after-poison in [@ SetListItemOrdinal] Core Layout MatsPalmgren_bugz RESO FIXE 2019-07-16
1539017 use-after-poison in [@ nsIFrame::GetDepthInFrameTree] Core Layout: Columns MatsPalmgren_bugz RESO FIXE 2019-04-01
1600207 use-after-poison in [@ mozilla::ReflowInput::ReflowInput] Core Layout: Form Control MatsPalmgren_bugz RESO FIXE 2022-01-10
1366654 AddressSanitizer: use-after-poison in [@CalcDifference] with READ of size 1 Core Layout nobody RESO FIXE 2020-02-28
1404751 AddressSanitizer: use-after-poison in [@get] Core Layout: Block and In nobody RESO WORK 2020-01-09
1499413 AddressSanitizer: use-after-poison /builds/worker/workspace/build/src/layout/generic/nsIFrame.h:1641:45 in GetNextSibling Core Layout nobody RESO WORK 2023-06-25
1516606 AddressSanitizer: use-after-poison /builds/worker/workspace/build/src/layout/generic/nsIFrame.h:1961:46 in GetStateBits Core Layout: Columns nobody RESO DUPL 2019-02-13
1571239 use-after-poison in [@ mozilla::SVGObserverUtils::InvalidateRenderingObservers] Core Layout: Columns nobody RESO DUPL 2019-08-26
1571598 use-after-poison in [@ nsLineLayout::VerticalAlignFrames] Core Layout: Columns nobody RESO DUPL 2019-08-26
1539303 AddressSanitizer: use-after-poison /builds/worker/workspace/build/src/layout/generic/nsQueryFrame.h:119:45 in operator nsIScrollableFrame *<nsIScrollableFrame> Core Layout nobody RESO DUPL 2023-10-23
1556289 use-after-poison in [@ RemoveFirstLine] Core Layout: Columns nobody RESO WORK 2019-08-27
1277908 Use-after-poison in NS_NewStyleContext (with animation) Core CSS Parsing and Comp brian RESO FIXE 2016-11-21
1421420 GetGridFrameWithComputedInfo probably needs to be more careful about data being destroyed across its shell->FlushPendingNotifications call Core Layout bwerth RESO FIXE 2018-11-05
1072130 Use-after-poison [@ mozilla::FontFamilyList::FontFamilyList] with unicode-bidi: bidi-override Core CSS Parsing and Comp cam RESO FIXE 2016-06-04
1182496 AddressSanitizer: use-after-poison GetParent, layout/generic/nsFrame.cpp:5573 Core SVG cam RESO FIXE 2024-05-30
1340593 use-after-poison in nsStylePadding::GetPadding Core CSS Parsing and Comp dbaron RESO FIXE 2017-02-28
1361749 Initialize a bunch of variables that are left uninitialized on construction after bug 1316556 Core Layout emilio RESO FIXE 2018-07-06
1677194 ASAN error, use-after-poison, nsTreeBodyFrame::RowCountChanged(int, int) Core Layout ishikawa RESO FIXE 2021-11-22
856262 Crash [@ mozilla::FrameLayerBuilder::GetDedicatedLayer] with <applet>, mutation event Core Graveyard Plug-ins john RESO WORK 2022-05-16
1361509 coverity report: Non-static class member "mSource" is not initialized in this constructor nor in any functions that it calls. Core SVG longsonr RESO FIXE 2018-02-01
1716644 use-after-poison in [@ InvalidateRenderingObservers] Core Layout longsonr RESO FIXE 2023-09-02
1742734 use-after-poison [@ nsCaret::GetGeometryForFrame] Core DOM: Selection masayuki RESO WORK 2023-06-26
824643 heap-use-after-free in nsTreeBodyFrame::UpdateScrollbars Core XUL MatsPalmgren_bugz RESO FIXE 2017-05-09
842166 crash [@ mozilla::ScrollbarActivity::CancelActivityFinishedTimer() ] in destroyed frame Core Layout MatsPalmgren_bugz RESO FIXE 2024-05-30
849603 Crash [@ nsOverflowContinuationTracker::Insert] with CSS columns Core Layout: Block and In MatsPalmgren_bugz RESO FIXE 2013-03-16
862185 Use-after-poison with -moz-column, fieldset Core Layout MatsPalmgren_bugz RESO FIXE 2014-10-24
863935 Use-after-poison in nsFrameList::UnhookFrameFromSiblings with moz-column Core Layout: Block and In MatsPalmgren_bugz RESO FIXE 2014-10-24
881090 use-after-poison in nsFrameList::FirstChild() Core Layout MatsPalmgren_bugz RESO DUPL 2024-05-30
947158 Use-after-poison in nsLineLayout::RelativePositionFrames Core Layout MatsPalmgren_bugz RESO FIXE 2024-05-30
1095788 Crash [@ nsIFrame::IsBoxFrame] in print / print preview of dailydot.com articles Core Layout MatsPalmgren_bugz RESO WORK 2015-03-08
1278080 AddressSanitizer: use-after-poison [@ TopLeft] with READ of size 4 Core Layout MatsPalmgren_bugz RESO FIXE 2020-02-28
1281102 use-after-poison in nsCellMapColumnIterator::GetNextFrame Core Layout: Tables MatsPalmgren_bugz RESO FIXE 2024-05-30
1403117 use-after-poison in nsLayoutUtils::GetFloatContainingBlock Core Layout MatsPalmgren_bugz RESO DUPL 2020-08-08
1427748 AddressSanitizer: use-after-poison [@ SetFrameIsModified] with READ of size 2 Core Web Painting MatsPalmgren_bugz RESO FIXE 2020-02-28
1429227 AddressSanitizer: use-after-poison SetFrameIsModified nsIFrame.h:4129:69 Core Layout MatsPalmgren_bugz RESO FIXE 2020-02-28
1600637 Assertion failure: mFrames.FirstChild() && mFrames.FirstChild()->GetContentInsertionFrame()->IsLegendFrame() | Crash [@ mozilla::ReflowInput::ReflowInput ] Core Layout: Form Control MatsPalmgren_bugz RESO DUPL 2020-01-13
850672 use-after-poison with tables, -moz-perspective and transform [@ OverflowChangedTracker::Flush] Core Layout matt.woodrow RESO FIXE 2024-05-30
1459670 use-after-poison in [@ AnyContentAncestorModified] Core Web Painting matt.woodrow RESO FIXE 2018-06-05
1344288 use-after-poison in [@ nsCellMapColumnIterator::GetNextFrame] Core Layout: Tables neerjapancholi RESO DUPL 2020-08-08
1344429 use-after-poison in [@ GetRowSpanForNewCell] Core Layout: Tables neerjapancholi RESO DUPL 2020-08-08
1344808 use-after-poison in [@ nsTableFrame::GetEffectiveColSpan] Core Layout: Tables neerjapancholi RESO DUPL 2020-08-08
833604 UAF with transform and fixed position Core Layout: Block and In nils RESO DUPL 2024-05-30
785710 rendering SVG cause EXCEPTION_ACCESS_VIOLATION_READ with addon NoScript Core SVG nobody RESO FIXE 2024-05-30
1155060 use-after-poison at StyleDisplay Core Layout: Floats nobody RESO DUPL 2023-05-22
1232881 Crash [@ nsTableFrame::FixupPositionedTableParts] with vertical-rl, padding, transition-delay Core Layout: Tables nobody RESO WORK 2022-10-31
1281164 use-after-poison in NS_NewStyleContext Core Layout nobody RESO DUPL 2024-05-30
1316884 [css-grid] AddressSanitizer: use-after-poison [@ StylePosition] with READ of size 8 Core Layout nobody RESO WORK 2022-10-31
1329214 AddressSanitizer: use-after-poison [@ StyleContext] with READ of size 8 Core Layout nobody RESO WORK 2017-10-16
1332071 AddressSanitizer: use-after-poison in nsRuleNode::Transition with READ of size 8 Core DOM: Animation nobody RESO DUPL 2017-01-27
1420799 nsIFrame Object use after free in xul!nsFrameList::RemoveFrame+0x2c Core Layout nobody RESO DUPL 2020-08-08
1425423 DOM - Memory corruption in nsTArray_Impl<mozilla::FrameProperties::PropertyValue,nsTArrayInfallibleAllocator>::IndexOf Core Web Painting nobody RESO DUPL 2020-08-08
1425779 AddressSanitizer: use-after-poison /builds/worker/workspace/build/src/obj-firefox/dist/include/nsTArray.h:495:32 in Hdr near [@ nsIFrame::RemoveDisplayItem] Core Layout nobody RESO DUPL 2018-01-18
1427742 AddressSanitizer: use-after-poison [@ HasOverrideDirtyRegion] with READ of size 2 Core Web Painting nobody RESO DUPL 2020-12-18
1440624 Intermittent SUMMARY: AddressSanitizer: use-after-poison /builds/worker/workspace/build/src/layout/generic/nsIFrame.h:4139:35 in IsFrameModified Core Web Painting nobody RESO FIXE 2020-02-28
1497991 AddressSanitizer: use-after-poison [@ RefreshDriver] with READ of size 8 Core Layout nobody RESO DUPL 2019-08-07
1749578 use-after-poison in [@ nsTableCellFrame::GetRowSpan] Core Layout: Tables nobody RESO WORK 2024-04-09
1754543 use-after-poison in [@ mozilla::layout::FindScrollAnchoringBoundingRect] Core Layout: Scrolling an nobody RESO DUPL 2022-05-23
1791811 use-after-poison /layout/generic/nsIFrame.cpp:617 in nsIFrame::IsRenderedLegend Core Layout nobody RESO FIXE 2024-05-30
1831034 SUMMARY: AddressSanitizer: use-after-poison in RefPtr<mozilla::ComputedStyle>::operator!() const Core Layout nobody RESO DUPL 2024-05-30
1850858 use-after-poison in [@ nsCanvasFrame::AppendAnonymousContentTo] Core Layout nobody RESO DUPL 2023-09-10
1904419 use-after-poison in [@ nsFloatManager::GetRegionFor] Core Layout nobody RESO DUPL 2024-06-25
1904428 use-after-poison in [@ nsContainerFrame::PositionChildViews] Core Layout nobody RESO DUPL 2024-06-25
874486 ASAN: Crashtest layout/xul/tree/crashtests/409807-1.xul triggers error Core XUL spohl.mozilla.bugs RESO FIXE 2014-05-05
1666592 use-after-poison in nsFlexContainerFrame::Reflow Core Layout: Flexbox aethanyc VERI FIXE 2024-05-30
1489287 AddressSanitizer: use-after-poison /builds/worker/workspace/build/src/layout/generic/nsFrameState.h:43:11 in operator|= Core Layout emilio VERI FIXE 2020-02-28
1630385 use-after-poison [@ mozilla::layout::FindScrollAnchoringBoundingRect] Core Layout emilio VERI FIXE 2020-04-23
1468738 use-after-poison in [@ nsIFrame::RemoveDisplayItemDataForDeletion] Core Web Painting jnicol VERI FIXE 2020-02-16
1489153 AddressSanitizer: use-after-poison /builds/worker/workspace/build/src/layout/generic/nsIFrame.h:2795:38 in Type Core Layout MatsPalmgren_bugz VERI FIXE 2020-02-28
1486521 use-after-poison in [@ mozilla::PresShell::ScrollFrameRectIntoView] Core Layout aethanyc VERI FIXE 2020-04-06
1015844 use-after-poison (read) at nsIFrame::GetPrevInFlow() Core Layout MatsPalmgren_bugz VERI FIXE 2024-05-30
1694459 use-after-poison in [@ nsCSSFrameConstructor::ContentRemoved] Core Layout MatsPalmgren_bugz VERI FIXE 2021-07-08
1845223 use-after-poison in [@ GetParentContentForScope], with 'counter-reset' and style containment Core Layout: Generated Co mrobinson VERI FIXE 2023-09-19
1628804 use-after-poison in [@ RemoveFirstLine] Core Layout aethanyc VERI FIXE 2020-08-08
1903652 use-after-poison in [@ nsBlockFrame::MarkIntrinsicISizesDirty] Core Layout: Block and In aethanyc VERI FIXE 2024-07-09
1904409 use-after-poison in [@ nsFrameList::InsertFrames] Core Layout aethanyc VERI FIXE 2024-07-09
1906768 use-after-poison in [@ nsBlockFrame::ReflowPushedFloats] Core Layout: Block and In aethanyc VERI FIXE Fri 10:23
1829256 use-after-poison in [@ Contains] Core Layout: Block and In boris.chiou VERI FIXE 2023-12-06
1070759 Use-after-poison in nsStyleText::WhiteSpaceOrNewlineIsSignificant Core CSS Parsing and Comp cam VERI FIXE 2015-05-18
1549812 crash in [@ mozilla::PresShell::ScrollFrameRectIntoView] Core Layout emilio VERI FIXE 2020-06-05
1818036 use-after-poison in [@ nsLineIterator::GetLineAt] Core Layout: Block and In emilio VERI FIXE 2023-12-16
1848851 use-after-poison in [@ nsContainerFrame::DeleteNextInFlowChild] Core Layout: Block and In longsonr VERI FIXE 2023-10-24
1009036 Use-after-poison of nsStyleContext with bidi, convertPointFromNode Core Layout MatsPalmgren_bugz VERI FIXE 2016-06-21
1137723 crash in nsIFrame::SetParent(nsContainerFrame*) Core Layout MatsPalmgren_bugz VERI FIXE 2015-06-19
1431232 [stylo] heap-buffer-overflow in [@ nsInlineFrame::UpdateStyleOfOwnedAnonBoxesForIBSplit] with multicol, perspective, <dialog>, <label>, <li> Core Layout MatsPalmgren_bugz VERI FIXE 2018-08-28
1484559 use-after-poison in [@ RefreshDriver] Core Layout MatsPalmgren_bugz VERI FIXE 2020-02-16
840480 use-after-poison in nsIFrame::Properties() Core Layout matt.woodrow VERI FIXE 2024-05-30
1670352 use-after-poison in [@ RemoveFirstLine] Core Layout: Block and In nobody VERI WORK 2022-01-05
957562 Browser crashes on trying to modify the Graph values - WebGL Animations Core DOM: Core & HTML roc VERI FIXE 2014-01-28
1243623 Use-after-free (poisoned) in nsTableFrame::FixupPositionedTableParts Core Layout roc VERI FIXE 2017-05-09
1764212 use-after-poison in [@ mozilla::PresShell::HandlePostedReflowCallbacks] Core Layout smaug VERI FIXE 2022-04-12
122 bugs found.
REST | CSV | Feed | iCalendar
Change Columns 		Edit Search