| 267123
|
|
[SA12979-2] File ext != Content-Type left intact when downloading
|
Toolkit
|
Downloads API
|
nobody
|
NEW
|
---
|
2022-10-10
|
| 268535
|
|
crashes where rt->gcFreeList turns into a small int after last-ditch GCs
|
Core
|
JavaScript Engine
|
brendan
|
RESO
|
FIXE
|
2011-08-05
|
| 282520
|
|
nsIDNService::Normalize should call normalizeFullStops
|
Core
|
Networking
|
dbaron
|
RESO
|
FIXE
|
2005-02-17
|
| 22183
|
|
UI spoofing can cause user to mistake content for chrome
|
Core
|
XUL
|
dveditz
|
RESO
|
FIXE
|
2023-08-19
|
| 280928
|
|
crash when right-clicking a popup window with onmousedown=window.close
|
Core
|
Widget: Gtk
|
blizzard
|
RESO
|
FIXE
|
2005-02-22
|
| 281367
|
|
Segfault when using cups with no default printer set [@ GlobalPrinters::InitializeGlobalPrinters]
|
Core Graveyard
|
GFX: Gtk
|
blizzard
|
RESO
|
FIXE
|
2009-01-22
|
| 280086
|
|
Caught exception: “RangeError: reserved slot index out of range” evaluating a regexp in venkman
|
Core
|
JavaScript Engine
|
brendan
|
RESO
|
FIXE
|
2005-10-23
|
| 241440
|
|
memory overflow in UTF8ToNewUnicode
|
Core
|
XPCOM
|
caillon
|
RESO
|
FIXE
|
2020-12-09
|
| 283628
|
|
Firefox .exe file reports incorrect version info
|
Firefox
|
General
|
chase
|
RESO
|
FIXE
|
2011-12-20
|
| 270243
|
|
embed prompter mangles non-ascii input
|
Core Graveyard
|
Embedding: GTK Widge
|
chpe
|
RESO
|
FIXE
|
2012-04-05
|
| 276482
|
|
opening windows using javascript: links fails
|
Core Graveyard
|
Embedding: GTK Widge
|
crispin
|
RESO
|
FIXE
|
2012-04-05
|
| 277549
|
|
Out of memory in MutatePrep is not well handled [@nsTSubstring_CharT]
|
Core
|
XPCOM
|
darin.moz
|
RESO
|
FIXE
|
2020-12-09
|
| 280082
|
|
Overflow on malicious imap: URL
|
Core
|
XPCOM
|
darin.moz
|
RESO
|
FIXE
|
2006-04-03
|
| 180309
|
|
Xft Crash while loading page with MS .fon font or read-protected font - FF10RC2 [@ GetNormalLineHeight]
|
Core
|
Layout: Text and Fon
|
dbaron
|
RESO
|
FIXE
|
2011-08-05
|
| 156422
|
|
Win32's nsILocalFile.reveal() (used by Reveal Location) doesn't select file
|
Core Graveyard
|
File Handling
|
dean_tessman
|
RESO
|
FIXE
|
2016-06-22
|
| 211894
|
|
"Show File Location" starts (launches) an executable of the same name (in nsILocalFile::Reveal)
|
Core
|
XPCOM
|
doug.turner
|
RESO
|
FIXE
|
2005-04-14
|
| 267828
|
|
nsLocalFileWin::IsExecutable needs to trim trailing dots
|
Core
|
XPCOM
|
doug.turner
|
RESO
|
FIXE
|
2011-08-05
|
| 275441
|
|
File download extension spoofing with Content-Type and .ext<space>.<space> (SA12979 variant)
|
Toolkit
|
Downloads API
|
doug.turner
|
RESO
|
FIXE
|
2008-07-31
|
| 258601
|
|
downloading a long file name will not display the full file name
|
Toolkit
|
Downloads API
|
dveditz
|
RESO
|
FIXE
|
2008-07-31
|
| 280522
|
|
Possible Buffer overflow due to missing terminating null [windows/nsToolkit.cpp:ConvertWtoA()]
|
Core
|
Widget: Win32
|
dveditz
|
RESO
|
FIXE
|
2005-02-25
|
| 283680
|
|
Firefox in-place update fails
|
Firefox
|
Installer
|
dveditz
|
RESO
|
FIXE
|
2011-08-05
|
| 237712
|
|
Gecko (? Firefox & Camino) doesn't interpret "macintosh" encoding as "x-mac-roman"
|
Core
|
Internationalization
|
jshin1987
|
RESO
|
FIXE
|
2005-03-01
|
| 282800
|
|
Potential NULL argument 3 to 'memset' in nsUnicodeToJamoTTF.cpp
|
Core
|
Internationalization
|
jshin1987
|
RESO
|
FIXE
|
2005-02-18
|
| 280603
|
|
"New Updates Avail" popup in bottom right-hand corner pops up endlessly (random occurrence)
|
Toolkit
|
Application Update
|
mconnor
|
RESO
|
FIXE
|
2011-08-05
|
| 265067
|
|
potential heap overflow found by mangler.cgi
|
Core
|
Layout
|
nobody
|
RESO
|
WORK
|
2006-03-12
|
| 261934
|
|
regression: network.standard-url.encode.utf8 and network.enableIDN prefs are ignored
|
Core
|
Networking
|
smontagu
|
RESO
|
FIXE
|
2011-08-18
|
| 271883
|
|
Multiple bookmark.html files being generated
|
Firefox
|
Bookmarks & History
|
vladimir+bm
|
RESO
|
FIXE
|
2006-08-27
|
| 162392
|
|
Crash eval-ing void arguments in debugger [@ JS_GetReservedSlot]
|
Core
|
JavaScript Engine
|
brendan
|
VERI
|
FIXE
|
2006-08-19
|
| 281984
|
|
FF10 crash viewing superbowl ads at ifilm.com [@ Detecting]
|
Core
|
JavaScript Engine
|
brendan
|
VERI
|
FIXE
|
2011-08-05
|
| 270414
|
|
[FIX]Cannot reference parent frameset from window created using window.open()
|
Core
|
DOM: Core & HTML
|
bzbarsky
|
VERI
|
FIXE
|
2008-01-27
|
| 278916
|
|
[FIX]link launches blank popup window and new page with the desired content
|
Core
|
DOM: Navigation
|
bzbarsky
|
VERI
|
FIXE
|
2008-01-27
|
| 280438
|
|
tab gives away password when no title is defined
|
Firefox
|
Tabbed Browser
|
gavin.sharp
|
VERI
|
FIXE
|
2006-03-12
|
| 271209
|
|
xsl:include and xsl:import allow at least checking for existance of documents on arbitrary servers
|
Core
|
XSLT
|
peterv
|
VERI
|
FIXE
|
2006-03-12
|
| 233625
|
|
Uninstalling deleted non-Firefox folders (after installing to C:\Program Files\)
|
Firefox
|
Installer
|
dveditz
|
VERI
|
FIXE
|
2011-08-05
|
| 229706
|
|
Unattended install asks for installation folder.
|
Firefox
|
Installer
|
bugs
|
VERI
|
FIXE
|
2017-05-17
|
| 103638
|
|
targets with same name in different windows open in wrong window with javascript
|
Core
|
Layout: Images, Vide
|
jstenback+bmo
|
VERI
|
FIXE
|
2018-08-29
|
| 277069
|
|
venkman/jsd exposed a rooting problem (last ditch gc?) [@ str_resolve]
|
Core
|
JavaScript Engine
|
brendan
|
VERI
|
FIXE
|
2005-10-13
|
| 262887
|
|
Secunia background tab security issues (SA12712 - less critical) -
|
SeaMonkey
|
Tabbed Browser
|
bryner
|
VERI
|
FIXE
|
2014-04-26
|
| 280084
|
|
FF101 nsAutoComplete crash on entering URL [@ nsAutoCompleteController::HandleEnter]
|
Toolkit
|
Form Manager
|
bryner
|
VERI
|
FIXE
|
2020-08-16
|
| 260560
|
|
security and download dialogs can be spoofed by covering them partially using popup windows
|
Firefox
|
General
|
bugs
|
VERI
|
FIXE
|
2009-02-17
|
| 282872
|
|
Download dialog OK button needs to be clicked TWICE to initiate download
|
Firefox
|
General
|
bugs
|
VERI
|
FIXE
|
2006-03-12
|
| 282499
|
|
[Mac] crash using Find toolbar with 1.0.1 build
|
Toolkit
|
Find Toolbar
|
bugzilla
|
VERI
|
WORK
|
2011-08-05
|
| 273498
|
|
[SA13258 no rating] "Save Link As" Download Dialog Spoofing Vulnerability
|
Core Graveyard
|
File Handling
|
bzbarsky
|
VERI
|
FIXE
|
2016-06-22
|
| 279495
|
|
A link with an URL and additional javascript open shows a popup and an unwanted new window [link with TARGET and onClick=window.open]
|
Core
|
DOM: Navigation
|
bzbarsky
|
VERI
|
FIXE
|
2008-01-27
|
| 242845
|
|
Firefox disk image should use .dmg internal zlib-compression, not .dmg.gz
|
Firefox Build System
|
General
|
chase
|
VERI
|
FIXE
|
2018-03-02
|
| 259431
|
|
Firefox installer should be signed to suppress Internet Explorer Security Warning (XP SP2)
|
Firefox Build System
|
General
|
chase
|
VERI
|
FIXE
|
2018-11-26
|
| 283181
|
|
installer version text needs to be upgraded from 1.0 to 1.0.1
|
Firefox
|
Installer
|
chase
|
VERI
|
FIXE
|
2006-04-04
|
| 283224
|
|
mail installer version text needs to be bumped from 1.0 to 1.0.1
|
Thunderbird
|
Installer
|
chase
|
VERI
|
FIXE
|
2011-08-05
|
| 238566
|
|
Checking SSL certificate verifies wrong site when new page is slow to load
|
Core Graveyard
|
Security: UI
|
darin.moz
|
VERI
|
WORK
|
2016-09-27
|
| 258048
|
|
Security indicators updated when page finishes load, not when it starts rendering
|
Core
|
Security
|
darin.moz
|
VERI
|
FIXE
|
2006-03-12
|
| 268483
|
|
Lock icon appears even though http connection failed.
|
Core
|
Networking: HTTP
|
darin.moz
|
VERI
|
FIXE
|
2006-03-12
|
| 276720
|
|
wrong behavior with "http/1.1 204 no content"
|
Core
|
Security
|
darin.moz
|
VERI
|
FIXE
|
2007-04-01
|
| 277322
|
|
XMLHttpRequest from chrome fails to prompt when auth needed
|
Core
|
Networking: HTTP
|
darin.moz
|
VERI
|
FIXE
|
2005-02-25
|
| 277564
|
|
lock icon and certificates spoofable with "wyciwyg:"
|
Core
|
Security
|
darin.moz
|
VERI
|
FIXE
|
2011-08-05
|
| 282270
|
|
Display IDN urls as punycode by default (pref controlled)
|
Core
|
Networking
|
darin.moz
|
VERI
|
FIXE
|
2010-01-31
|
| 283201
|
|
Entering/leaving security warnings when staying on https
|
Core Graveyard
|
Security: UI
|
darin.moz
|
VERI
|
FIXE
|
2016-09-27
|
| 283226
|
|
gmail via https shows mixed content in 1.0.1 where it used to show full secure content in 1.0 (and still does on the trunk)
|
Firefox
|
General
|
darin.moz
|
VERI
|
DUPL
|
2005-02-22
|
| 282796
|
|
update rv and Firefox version numbers (as seen from About > Help)
|
Firefox
|
General
|
dbaron
|
VERI
|
FIXE
|
2011-08-05
|
| 271732
|
|
COMMAND.COM is overwritten by downloading the pif file
|
Core Graveyard
|
GFX: Win32
|
doug.turner
|
VERI
|
FIXE
|
2009-01-22
|
| 268059
|
|
InstallTrigger.install doesn't check for username:password URL spoofing
|
Core Graveyard
|
Installer: XPInstall
|
dveditz
|
VERI
|
FIXE
|
2015-12-11
|
| 270697
|
|
Autocomplete data leak
|
Firefox
|
Address Bar
|
dveditz
|
VERI
|
FIXE
|
2007-05-23
|
| 273406
|
|
signed xpi plugin installer gets "Signing could not be verified" error
|
Firefox
|
General
|
dveditz
|
VERI
|
FIXE
|
2005-03-04
|
| 273699
|
|
2 Frame Injection Vulnerabilities (popup blocking race condition & onunload event mis-firing) [Secunia Advisory SA13129 moderately critical]
|
Core
|
Security
|
dveditz
|
VERI
|
FIXE
|
2014-04-26
|
| 275417
|
|
Download dialog source spoofing (Secunia Advisory SA13599 less critical)
|
Toolkit
|
Downloads API
|
dveditz
|
VERI
|
FIXE
|
2014-04-26
|
| 280056
|
|
When dropping a javascript link to a tab, the script runs in the security context of the site currently displayed in the tab
|
Core
|
DOM: Copy & Paste an
|
dveditz
|
VERI
|
FIXE
|
2020-12-01
|
| 282894
|
|
crashes anytime it needs the master password dialog [@ nsPrompt::DispatchCustomEvent]
|
Firefox
|
General
|
dveditz
|
VERI
|
FIXE
|
2011-06-09
|
| 282955
|
|
Run-on title in urlbar-less windows on Mac
|
Core
|
DOM: Navigation
|
dveditz
|
VERI
|
FIXE
|
2005-10-14
|
| 236596
|
|
form element cannot get focus when loaded by XML/XSLT page
|
Core
|
XSLT
|
jonas
|
VERI
|
FIXE
|
2006-03-12
|
| 277574
|
|
Http auth prompt from other tabs displays over current tab
|
Firefox
|
Tabbed Browser
|
jstenback+bmo
|
VERI
|
FIXE
|
2007-08-13
|
| 278143
|
|
"Force links that open new windows to open in tab" does not work for links inside mail body in GMail
|
SeaMonkey
|
Tabbed Browser
|
jstenback+bmo
|
VERI
|
FIXE
|
2008-07-31
|
| 279945
|
|
Image drag and drop allows to create executable files
|
Core
|
Layout
|
jstenback+bmo
|
VERI
|
FIXE
|
2008-03-31
|
| 280664
|
|
Using Flash and the -moz-opacity filter you can get access to about:config and make the user silently change values [secunia http://secunia.com/advisories/14160/ moderately critcial ]
|
Core Graveyard
|
Plug-ins
|
jstenback+bmo
|
VERI
|
FIXE
|
2022-05-16
|
| 280947
|
|
Fix for bug 279945 breaks dragging of dynamic images
|
Core
|
DOM: Copy & Paste an
|
jstenback+bmo
|
VERI
|
FIXE
|
2005-02-22
|
| 281284
|
|
malicious local users can remove mozilla users files (insecure use of /tmp/plugtmp)
|
Core Graveyard
|
Plug-ins
|
jstenback+bmo
|
VERI
|
FIXE
|
2022-05-16
|
| 282453
|
|
XFT crash when displaying page with bad font if character not found
|
Core Graveyard
|
GFX: Gtk
|
lorenzo
|
VERI
|
FIXE
|
2009-01-22
|
| 278019
|
|
FF10 crash [@ nsPasswordManager::Notify]
|
Toolkit
|
Password Manager
|
mike.shaver
|
VERI
|
FIXE
|
2008-07-31
|
| 273356
|
|
Return receipts not working on POP3 - both sending & receiving using Global Inbox
|
Thunderbird
|
General
|
mozilla
|
VERI
|
FIXE
|
2005-06-14
|
| 273849
|
|
Sending file from MS Office (Excel/Powerpoint/Access) changes original filename [attaches file with random name and extension .tmp]
|
Thunderbird
|
Message Compose Wind
|
mozilla
|
VERI
|
FIXE
|
2005-03-14
|
| 277620
|
|
error copying the message to the sent folder before IMAP login
|
Thunderbird
|
General
|
mozilla
|
VERI
|
FIXE
|
2005-03-25
|
| 266225
|
|
Crash [@ nsFieldSetFrame::Reflow ]
|
Core
|
Layout: Form Control
|
nobody
|
VERI
|
FIXE
|
2014-04-26
|
| 262822
|
|
FIPS can't be enabled
|
SeaMonkey
|
Build Config
|
wtc
|
VERI
|
FIXE
|
2005-02-24
|
| 271280
|
|
Crash in online lc2 suite - [@ FindConstructor] OBJ_IS_NATIVE
|
Core Graveyard
|
Java: Live Connect
|
yuanyi21
|
VERI
|
FIXE
|
2010-10-16
|