1479897
|
|
use-after-poison in [@ AutoWeakFrame::Init]
|
Core
|
Layout
|
nobody
|
NEW
|
---
|
2022-10-11
|
1535187
|
|
Investigate whether 1486521.html is still crashing Android verify build
|
Core
|
Layout
|
nobody
|
NEW
|
---
|
2022-10-11
|
526587
|
|
[meta] Crashes at the Poison Frame address
|
Core
|
Layout
|
nobody
|
NEW
|
---
|
2022-10-10
|
1703999
|
|
use-after-poison in [@ nsFloatManager::GetFlowArea]
|
Core
|
Layout: Floats
|
nobody
|
NEW
|
---
|
2023-06-08
|
1708079
|
|
use-after-poison in [@ nsCSSFrameConstructor::MaybeRecreateContainerForFrameRemoval]
|
Core
|
Layout
|
nobody
|
NEW
|
---
|
2021-08-17
|
1747992
|
|
use-after-poison in nsIFrame::StyleDisplay
|
Core
|
Layout: Columns
|
nobody
|
NEW
|
---
|
2022-02-03
|
1772592
|
|
AddressSanitizer: use-after-poison [@ nsBlockInFlowLineIterator::nsBlockInFlowLineIterator] with READ of size 8
|
Core
|
Disability Access AP
|
nobody
|
NEW
|
---
|
2022-09-13
|
1805326
|
|
use-after-poison in [@ nsOverflowContinuationTracker::EndFinish]
|
Core
|
Layout
|
nobody
|
NEW
|
---
|
2023-08-30
|
1640028
|
|
use-after-poison in [@ nsFlexContainerFrame::ReflowChildren]
|
Core
|
Layout: Flexbox
|
aethanyc
|
RESO
|
FIXE
|
2020-06-08
|
1879862
|
|
Crash in [@ nsPresContext::GetPresShell], 124.0a1 regression involving mouse movement
|
Core
|
DOM: Events
|
masayuki
|
RESO
|
FIXE
|
2024-02-16
|
1380749
|
|
Use-after-poison in GetPrevSibling [@/home/worker/workspace/build/src/layout/generic/nsIFrame.h:1624:45]
|
Core
|
Layout
|
MatsPalmgren_bugz
|
RESO
|
FIXE
|
2018-11-05
|
1418997
|
|
AddressSanitizer: use-after-poison [@ IsFrameModified] with READ of size 2
|
Core
|
Web Painting
|
matt.woodrow
|
RESO
|
FIXE
|
2020-02-28
|
1751965
|
|
use-after-poison in [@ mozilla::RDL::ClearPreviousItems]
|
Core
|
Web Painting
|
mikokm
|
RESO
|
FIXE
|
2022-01-29
|
1645718
|
|
use-after-poison in [@ nsContainerFrame::NormalizeChildLists]
|
Core
|
Layout
|
aethanyc
|
RESO
|
DUPL
|
2023-05-22
|
1361596
|
|
Coverity report: nsSVGPatternFrame::nsSVGPatternFrame(nsStyleContext *): A pointer field is not initialized in the constructor
|
Core
|
SVG
|
emilio
|
RESO
|
FIXE
|
2018-02-01
|
1404324
|
|
stylo: AddressSanitizer: use-after-poison [@ HasView] with READ of size 8
|
Core
|
CSS Parsing and Comp
|
emilio
|
RESO
|
FIXE
|
2020-02-28
|
1419762
|
|
AddressSanitizer: use-after-poison [@ Hdr] with READ of size 8
|
Core
|
Layout: Block and In
|
emilio
|
RESO
|
FIXE
|
2020-02-28
|
1489323
|
|
AddressSanitizer: use-after-poison /builds/worker/workspace/build/src/obj-firefox/dist/include/mozilla/RefPtr.h:296:27 in get
|
Core
|
Layout: Block and In
|
emilio
|
RESO
|
DUPL
|
2023-01-16
|
1382213
|
|
Use-after-poison in [@nsLayoutUtils::GetFloatContainingBlock(nsIFrame*)]
|
Core
|
Layout
|
MatsPalmgren_bugz
|
RESO
|
FIXE
|
2018-11-05
|
1663222
|
|
use-after-poison in [@ nsBlockFrame::ReflowBlockFrame]
|
Core
|
Layout: Columns
|
MatsPalmgren_bugz
|
RESO
|
FIXE
|
2021-11-22
|
1439938
|
|
AddressSanitizer: use-after-poison [@ get] with READ of size 8
|
Core
|
Web Painting
|
nobody
|
RESO
|
WORK
|
2020-01-09
|
1506157
|
|
AddressSanitizer: use-after-poison [@ Type] with READ of size 1
|
Core
|
Layout
|
nobody
|
RESO
|
WORK
|
2020-01-09
|
1506717
|
|
AddressSanitizer: use-after-poison /builds/worker/workspace/build/src/layout/generic/nsQueryFrame.h:114:45 in operator nsIScrollableFrame *<nsIScrollableFrame>
|
Core
|
Layout: Columns
|
nobody
|
RESO
|
WORK
|
2020-01-09
|
1506720
|
|
AddressSanitizer: use-after-poison /builds/worker/workspace/build/src/layout/base/nsCSSFrameConstructor.cpp:7912:33 in nsCSSFrameConstructor::ContentRemoved(nsIContent*, nsIContent*, nsCSSFrameConstructor::RemoveFlags)
|
Core
|
Layout: Columns
|
nobody
|
RESO
|
WORK
|
2020-01-09
|
1507269
|
|
AddressSanitizer: use-after-poison /builds/worker/workspace/build/src/obj-firefox/dist/include/mozilla/RefPtr.h:307:27 in get
|
Core
|
Layout: Columns
|
nobody
|
RESO
|
WORK
|
2020-01-09
|
1516737
|
|
use-after-poison in [@ nsLayoutUtils::IsProperAncestorFrame]
|
Core
|
Layout: Columns
|
nobody
|
RESO
|
DUPL
|
2019-01-17
|
1809492
|
|
Crash in [@ nsCOMPtr<T>::nsCOMPtr | nsTreeBodyFrame::GetExistingView]
|
Core
|
Layout
|
tnikkel
|
RESO
|
FIXE
|
2023-10-02
|
1401420
|
|
AddressSanitizer: use-after-poison [@ GetNextSibling] with READ of size 8 in layout/generic/nsIFrame.h:1431:45
|
Core
|
Layout
|
xidorn+moz
|
RESO
|
FIXE
|
2020-02-28
|
1566672
|
|
use-after-poison in [@ nsCSSFrameConstructor::MaybeRecreateContainerForFrameRemoval]
|
Core
|
Layout: Columns
|
aethanyc
|
RESO
|
FIXE
|
2019-07-24
|
1404753
|
|
stylo: AddressSanitizer: use-after-poison /builds/worker/workspace/build/src/layout/generic/nsIFrame.h:1997:46 in GetStateBits
|
Core
|
CSS Parsing and Comp
|
emilio
|
RESO
|
DUPL
|
2020-08-08
|
1538758
|
|
Potential Use After Free in layout code need help verifying
|
Core
|
Layout
|
emilio
|
RESO
|
FIXE
|
2024-05-30
|
1209952
|
|
Use-after-poison in nsFloatManager::GetFlowArea (with floats, multicol, and huge width)
|
Core
|
Layout
|
MatsPalmgren_bugz
|
RESO
|
FIXE
|
2022-06-28
|
1491718
|
|
use-after-poison in [@ SetListItemOrdinal]
|
Core
|
Layout
|
MatsPalmgren_bugz
|
RESO
|
FIXE
|
2019-07-16
|
1539017
|
|
use-after-poison in [@ nsIFrame::GetDepthInFrameTree]
|
Core
|
Layout: Columns
|
MatsPalmgren_bugz
|
RESO
|
FIXE
|
2019-04-01
|
1600207
|
|
use-after-poison in [@ mozilla::ReflowInput::ReflowInput]
|
Core
|
Layout: Form Control
|
MatsPalmgren_bugz
|
RESO
|
FIXE
|
2022-01-10
|
1366654
|
|
AddressSanitizer: use-after-poison in [@CalcDifference] with READ of size 1
|
Core
|
Layout
|
nobody
|
RESO
|
FIXE
|
2020-02-28
|
1404751
|
|
AddressSanitizer: use-after-poison in [@get]
|
Core
|
Layout: Block and In
|
nobody
|
RESO
|
WORK
|
2020-01-09
|
1499413
|
|
AddressSanitizer: use-after-poison /builds/worker/workspace/build/src/layout/generic/nsIFrame.h:1641:45 in GetNextSibling
|
Core
|
Layout
|
nobody
|
RESO
|
WORK
|
2023-06-25
|
1516606
|
|
AddressSanitizer: use-after-poison /builds/worker/workspace/build/src/layout/generic/nsIFrame.h:1961:46 in GetStateBits
|
Core
|
Layout: Columns
|
nobody
|
RESO
|
DUPL
|
2019-02-13
|
1571239
|
|
use-after-poison in [@ mozilla::SVGObserverUtils::InvalidateRenderingObservers]
|
Core
|
Layout: Columns
|
nobody
|
RESO
|
DUPL
|
2019-08-26
|
1571598
|
|
use-after-poison in [@ nsLineLayout::VerticalAlignFrames]
|
Core
|
Layout: Columns
|
nobody
|
RESO
|
DUPL
|
2019-08-26
|
1539303
|
|
AddressSanitizer: use-after-poison /builds/worker/workspace/build/src/layout/generic/nsQueryFrame.h:119:45 in operator nsIScrollableFrame *<nsIScrollableFrame>
|
Core
|
Layout
|
nobody
|
RESO
|
DUPL
|
2023-10-23
|
1556289
|
|
use-after-poison in [@ RemoveFirstLine]
|
Core
|
Layout: Columns
|
nobody
|
RESO
|
WORK
|
2019-08-27
|
1277908
|
|
Use-after-poison in NS_NewStyleContext (with animation)
|
Core
|
CSS Parsing and Comp
|
brian
|
RESO
|
FIXE
|
2016-11-21
|
1421420
|
|
GetGridFrameWithComputedInfo probably needs to be more careful about data being destroyed across its shell->FlushPendingNotifications call
|
Core
|
Layout
|
bwerth
|
RESO
|
FIXE
|
2018-11-05
|
1072130
|
|
Use-after-poison [@ mozilla::FontFamilyList::FontFamilyList] with unicode-bidi: bidi-override
|
Core
|
CSS Parsing and Comp
|
cam
|
RESO
|
FIXE
|
2016-06-04
|
1182496
|
|
AddressSanitizer: use-after-poison GetParent, layout/generic/nsFrame.cpp:5573
|
Core
|
SVG
|
cam
|
RESO
|
FIXE
|
2024-05-30
|
1340593
|
|
use-after-poison in nsStylePadding::GetPadding
|
Core
|
CSS Parsing and Comp
|
dbaron
|
RESO
|
FIXE
|
2017-02-28
|
1361749
|
|
Initialize a bunch of variables that are left uninitialized on construction after bug 1316556
|
Core
|
Layout
|
emilio
|
RESO
|
FIXE
|
2018-07-06
|
1677194
|
|
ASAN error, use-after-poison, nsTreeBodyFrame::RowCountChanged(int, int)
|
Core
|
Layout
|
ishikawa
|
RESO
|
FIXE
|
2021-11-22
|
856262
|
|
Crash [@ mozilla::FrameLayerBuilder::GetDedicatedLayer] with <applet>, mutation event
|
Core Graveyard
|
Plug-ins
|
john
|
RESO
|
WORK
|
2022-05-16
|
1361509
|
|
coverity report: Non-static class member "mSource" is not initialized in this constructor nor in any functions that it calls.
|
Core
|
SVG
|
longsonr
|
RESO
|
FIXE
|
2018-02-01
|
1716644
|
|
use-after-poison in [@ InvalidateRenderingObservers]
|
Core
|
Layout
|
longsonr
|
RESO
|
FIXE
|
2023-09-02
|
1742734
|
|
use-after-poison [@ nsCaret::GetGeometryForFrame]
|
Core
|
DOM: Selection
|
masayuki
|
RESO
|
WORK
|
2023-06-26
|
824643
|
|
heap-use-after-free in nsTreeBodyFrame::UpdateScrollbars
|
Core
|
XUL
|
MatsPalmgren_bugz
|
RESO
|
FIXE
|
2017-05-09
|
842166
|
|
crash [@ mozilla::ScrollbarActivity::CancelActivityFinishedTimer() ] in destroyed frame
|
Core
|
Layout
|
MatsPalmgren_bugz
|
RESO
|
FIXE
|
2024-05-30
|
849603
|
|
Crash [@ nsOverflowContinuationTracker::Insert] with CSS columns
|
Core
|
Layout: Block and In
|
MatsPalmgren_bugz
|
RESO
|
FIXE
|
2013-03-16
|
862185
|
|
Use-after-poison with -moz-column, fieldset
|
Core
|
Layout
|
MatsPalmgren_bugz
|
RESO
|
FIXE
|
2014-10-24
|
863935
|
|
Use-after-poison in nsFrameList::UnhookFrameFromSiblings with moz-column
|
Core
|
Layout: Block and In
|
MatsPalmgren_bugz
|
RESO
|
FIXE
|
2014-10-24
|
881090
|
|
use-after-poison in nsFrameList::FirstChild()
|
Core
|
Layout
|
MatsPalmgren_bugz
|
RESO
|
DUPL
|
2024-05-30
|
947158
|
|
Use-after-poison in nsLineLayout::RelativePositionFrames
|
Core
|
Layout
|
MatsPalmgren_bugz
|
RESO
|
FIXE
|
2024-05-30
|
1095788
|
|
Crash [@ nsIFrame::IsBoxFrame] in print / print preview of dailydot.com articles
|
Core
|
Layout
|
MatsPalmgren_bugz
|
RESO
|
WORK
|
2015-03-08
|
1278080
|
|
AddressSanitizer: use-after-poison [@ TopLeft] with READ of size 4
|
Core
|
Layout
|
MatsPalmgren_bugz
|
RESO
|
FIXE
|
2020-02-28
|
1281102
|
|
use-after-poison in nsCellMapColumnIterator::GetNextFrame
|
Core
|
Layout: Tables
|
MatsPalmgren_bugz
|
RESO
|
FIXE
|
2024-05-30
|
1403117
|
|
use-after-poison in nsLayoutUtils::GetFloatContainingBlock
|
Core
|
Layout
|
MatsPalmgren_bugz
|
RESO
|
DUPL
|
2020-08-08
|
1427748
|
|
AddressSanitizer: use-after-poison [@ SetFrameIsModified] with READ of size 2
|
Core
|
Web Painting
|
MatsPalmgren_bugz
|
RESO
|
FIXE
|
2020-02-28
|
1429227
|
|
AddressSanitizer: use-after-poison SetFrameIsModified nsIFrame.h:4129:69
|
Core
|
Layout
|
MatsPalmgren_bugz
|
RESO
|
FIXE
|
2020-02-28
|
1600637
|
|
Assertion failure: mFrames.FirstChild() && mFrames.FirstChild()->GetContentInsertionFrame()->IsLegendFrame() | Crash [@ mozilla::ReflowInput::ReflowInput ]
|
Core
|
Layout: Form Control
|
MatsPalmgren_bugz
|
RESO
|
DUPL
|
2020-01-13
|
850672
|
|
use-after-poison with tables, -moz-perspective and transform [@ OverflowChangedTracker::Flush]
|
Core
|
Layout
|
matt.woodrow
|
RESO
|
FIXE
|
2024-05-30
|
1459670
|
|
use-after-poison in [@ AnyContentAncestorModified]
|
Core
|
Web Painting
|
matt.woodrow
|
RESO
|
FIXE
|
2018-06-05
|
1344288
|
|
use-after-poison in [@ nsCellMapColumnIterator::GetNextFrame]
|
Core
|
Layout: Tables
|
neerjapancholi
|
RESO
|
DUPL
|
2020-08-08
|
1344429
|
|
use-after-poison in [@ GetRowSpanForNewCell]
|
Core
|
Layout: Tables
|
neerjapancholi
|
RESO
|
DUPL
|
2020-08-08
|
1344808
|
|
use-after-poison in [@ nsTableFrame::GetEffectiveColSpan]
|
Core
|
Layout: Tables
|
neerjapancholi
|
RESO
|
DUPL
|
2020-08-08
|
833604
|
|
UAF with transform and fixed position
|
Core
|
Layout: Block and In
|
nils
|
RESO
|
DUPL
|
2024-05-30
|
785710
|
|
rendering SVG cause EXCEPTION_ACCESS_VIOLATION_READ with addon NoScript
|
Core
|
SVG
|
nobody
|
RESO
|
FIXE
|
2024-05-30
|
1155060
|
|
use-after-poison at StyleDisplay
|
Core
|
Layout: Floats
|
nobody
|
RESO
|
DUPL
|
2023-05-22
|
1232881
|
|
Crash [@ nsTableFrame::FixupPositionedTableParts] with vertical-rl, padding, transition-delay
|
Core
|
Layout: Tables
|
nobody
|
RESO
|
WORK
|
2022-10-31
|
1281164
|
|
use-after-poison in NS_NewStyleContext
|
Core
|
Layout
|
nobody
|
RESO
|
DUPL
|
2024-05-30
|
1316884
|
|
[css-grid] AddressSanitizer: use-after-poison [@ StylePosition] with READ of size 8
|
Core
|
Layout
|
nobody
|
RESO
|
WORK
|
2022-10-31
|
1329214
|
|
AddressSanitizer: use-after-poison [@ StyleContext] with READ of size 8
|
Core
|
Layout
|
nobody
|
RESO
|
WORK
|
2017-10-16
|
1332071
|
|
AddressSanitizer: use-after-poison in nsRuleNode::Transition with READ of size 8
|
Core
|
DOM: Animation
|
nobody
|
RESO
|
DUPL
|
2017-01-27
|
1420799
|
|
nsIFrame Object use after free in xul!nsFrameList::RemoveFrame+0x2c
|
Core
|
Layout
|
nobody
|
RESO
|
DUPL
|
2020-08-08
|
1425423
|
|
DOM - Memory corruption in nsTArray_Impl<mozilla::FrameProperties::PropertyValue,nsTArrayInfallibleAllocator>::IndexOf
|
Core
|
Web Painting
|
nobody
|
RESO
|
DUPL
|
2020-08-08
|
1425779
|
|
AddressSanitizer: use-after-poison /builds/worker/workspace/build/src/obj-firefox/dist/include/nsTArray.h:495:32 in Hdr near [@ nsIFrame::RemoveDisplayItem]
|
Core
|
Layout
|
nobody
|
RESO
|
DUPL
|
2018-01-18
|
1427742
|
|
AddressSanitizer: use-after-poison [@ HasOverrideDirtyRegion] with READ of size 2
|
Core
|
Web Painting
|
nobody
|
RESO
|
DUPL
|
2020-12-18
|
1440624
|
|
Intermittent SUMMARY: AddressSanitizer: use-after-poison /builds/worker/workspace/build/src/layout/generic/nsIFrame.h:4139:35 in IsFrameModified
|
Core
|
Web Painting
|
nobody
|
RESO
|
FIXE
|
2020-02-28
|
1497991
|
|
AddressSanitizer: use-after-poison [@ RefreshDriver] with READ of size 8
|
Core
|
Layout
|
nobody
|
RESO
|
DUPL
|
2019-08-07
|
1749578
|
|
use-after-poison in [@ nsTableCellFrame::GetRowSpan]
|
Core
|
Layout: Tables
|
nobody
|
RESO
|
WORK
|
2024-04-09
|
1754543
|
|
use-after-poison in [@ mozilla::layout::FindScrollAnchoringBoundingRect]
|
Core
|
Layout: Scrolling an
|
nobody
|
RESO
|
DUPL
|
2022-05-23
|
1791811
|
|
use-after-poison /layout/generic/nsIFrame.cpp:617 in nsIFrame::IsRenderedLegend
|
Core
|
Layout
|
nobody
|
RESO
|
FIXE
|
2024-05-30
|
1831034
|
|
SUMMARY: AddressSanitizer: use-after-poison in RefPtr<mozilla::ComputedStyle>::operator!() const
|
Core
|
Layout
|
nobody
|
RESO
|
DUPL
|
2024-05-30
|
1850858
|
|
use-after-poison in [@ nsCanvasFrame::AppendAnonymousContentTo]
|
Core
|
Layout
|
nobody
|
RESO
|
DUPL
|
2023-09-10
|
1904419
|
|
use-after-poison in [@ nsFloatManager::GetRegionFor]
|
Core
|
Layout
|
nobody
|
RESO
|
DUPL
|
2024-06-25
|
1904428
|
|
use-after-poison in [@ nsContainerFrame::PositionChildViews]
|
Core
|
Layout
|
nobody
|
RESO
|
DUPL
|
2024-06-25
|
874486
|
|
ASAN: Crashtest layout/xul/tree/crashtests/409807-1.xul triggers error
|
Core
|
XUL
|
spohl.mozilla.bugs
|
RESO
|
FIXE
|
2014-05-05
|
1666592
|
|
use-after-poison in nsFlexContainerFrame::Reflow
|
Core
|
Layout: Flexbox
|
aethanyc
|
VERI
|
FIXE
|
2024-05-30
|
1489287
|
|
AddressSanitizer: use-after-poison /builds/worker/workspace/build/src/layout/generic/nsFrameState.h:43:11 in operator|=
|
Core
|
Layout
|
emilio
|
VERI
|
FIXE
|
2020-02-28
|
1630385
|
|
use-after-poison [@ mozilla::layout::FindScrollAnchoringBoundingRect]
|
Core
|
Layout
|
emilio
|
VERI
|
FIXE
|
2020-04-23
|
1468738
|
|
use-after-poison in [@ nsIFrame::RemoveDisplayItemDataForDeletion]
|
Core
|
Web Painting
|
jnicol
|
VERI
|
FIXE
|
2020-02-16
|
1489153
|
|
AddressSanitizer: use-after-poison /builds/worker/workspace/build/src/layout/generic/nsIFrame.h:2795:38 in Type
|
Core
|
Layout
|
MatsPalmgren_bugz
|
VERI
|
FIXE
|
2020-02-28
|
1486521
|
|
use-after-poison in [@ mozilla::PresShell::ScrollFrameRectIntoView]
|
Core
|
Layout
|
aethanyc
|
VERI
|
FIXE
|
2020-04-06
|
1015844
|
|
use-after-poison (read) at nsIFrame::GetPrevInFlow()
|
Core
|
Layout
|
MatsPalmgren_bugz
|
VERI
|
FIXE
|
2024-05-30
|
1694459
|
|
use-after-poison in [@ nsCSSFrameConstructor::ContentRemoved]
|
Core
|
Layout
|
MatsPalmgren_bugz
|
VERI
|
FIXE
|
2021-07-08
|
1845223
|
|
use-after-poison in [@ GetParentContentForScope], with 'counter-reset' and style containment
|
Core
|
Layout: Generated Co
|
mrobinson
|
VERI
|
FIXE
|
2023-09-19
|
1628804
|
|
use-after-poison in [@ RemoveFirstLine]
|
Core
|
Layout
|
aethanyc
|
VERI
|
FIXE
|
2020-08-08
|
1903652
|
|
use-after-poison in [@ nsBlockFrame::MarkIntrinsicISizesDirty]
|
Core
|
Layout: Block and In
|
aethanyc
|
VERI
|
FIXE
|
2024-07-09
|
1904409
|
|
use-after-poison in [@ nsFrameList::InsertFrames]
|
Core
|
Layout
|
aethanyc
|
VERI
|
FIXE
|
2024-07-09
|
1906768
|
|
use-after-poison in [@ nsBlockFrame::ReflowPushedFloats]
|
Core
|
Layout: Block and In
|
aethanyc
|
VERI
|
FIXE
|
Fri 10:23
|
1829256
|
|
use-after-poison in [@ Contains]
|
Core
|
Layout: Block and In
|
boris.chiou
|
VERI
|
FIXE
|
2023-12-06
|
1070759
|
|
Use-after-poison in nsStyleText::WhiteSpaceOrNewlineIsSignificant
|
Core
|
CSS Parsing and Comp
|
cam
|
VERI
|
FIXE
|
2015-05-18
|
1549812
|
|
crash in [@ mozilla::PresShell::ScrollFrameRectIntoView]
|
Core
|
Layout
|
emilio
|
VERI
|
FIXE
|
2020-06-05
|
1818036
|
|
use-after-poison in [@ nsLineIterator::GetLineAt]
|
Core
|
Layout: Block and In
|
emilio
|
VERI
|
FIXE
|
2023-12-16
|
1848851
|
|
use-after-poison in [@ nsContainerFrame::DeleteNextInFlowChild]
|
Core
|
Layout: Block and In
|
longsonr
|
VERI
|
FIXE
|
2023-10-24
|
1009036
|
|
Use-after-poison of nsStyleContext with bidi, convertPointFromNode
|
Core
|
Layout
|
MatsPalmgren_bugz
|
VERI
|
FIXE
|
2016-06-21
|
1137723
|
|
crash in nsIFrame::SetParent(nsContainerFrame*)
|
Core
|
Layout
|
MatsPalmgren_bugz
|
VERI
|
FIXE
|
2015-06-19
|
1431232
|
|
[stylo] heap-buffer-overflow in [@ nsInlineFrame::UpdateStyleOfOwnedAnonBoxesForIBSplit] with multicol, perspective, <dialog>, <label>, <li>
|
Core
|
Layout
|
MatsPalmgren_bugz
|
VERI
|
FIXE
|
2018-08-28
|
1484559
|
|
use-after-poison in [@ RefreshDriver]
|
Core
|
Layout
|
MatsPalmgren_bugz
|
VERI
|
FIXE
|
2020-02-16
|
840480
|
|
use-after-poison in nsIFrame::Properties()
|
Core
|
Layout
|
matt.woodrow
|
VERI
|
FIXE
|
2024-05-30
|
1670352
|
|
use-after-poison in [@ RemoveFirstLine]
|
Core
|
Layout: Block and In
|
nobody
|
VERI
|
WORK
|
2022-01-05
|
957562
|
|
Browser crashes on trying to modify the Graph values - WebGL Animations
|
Core
|
DOM: Core & HTML
|
roc
|
VERI
|
FIXE
|
2014-01-28
|
1243623
|
|
Use-after-free (poisoned) in nsTableFrame::FixupPositionedTableParts
|
Core
|
Layout
|
roc
|
VERI
|
FIXE
|
2017-05-09
|
1764212
|
|
use-after-poison in [@ mozilla::PresShell::HandlePostedReflowCallbacks]
|
Core
|
Layout
|
smaug
|
VERI
|
FIXE
|
2022-04-12
|