272336
|
|
array_sort uses GC-unsafe temporary memory to hold jsvals
|
Core
|
JavaScript Engine
|
brendan
|
RESO
|
FIXE
|
2005-10-13
|
300008
|
|
chrome XBL method.eval allows arbitrary code execution
|
Core
|
JavaScript Engine
|
brendan
|
RESO
|
FIXE
|
2007-09-18
|
292589
|
|
[FIX]XBL load missing content policy check (Thunderbird not blocking remote content)
|
Core
|
XBL
|
bzbarsky
|
RESO
|
FIXE
|
2007-04-01
|
295457
|
|
NISCC vulnerability #891011 (Parsing of Various Image Formats by Web Browsers)
|
Core
|
Graphics: ImageLib
|
cbiesinger
|
RESO
|
FIXE
|
2005-12-02
|
217967
|
|
FF104 crash [@ PL_DHashTableOperate ] changing caps access control prefs
|
Core
|
Security: CAPS
|
g.maone
|
RESO
|
FIXE
|
2010-10-05
|
290420
|
|
Firefox context menu code shouldn't rely on localname tests
|
Firefox
|
General
|
asaf
|
RESO
|
FIXE
|
2011-08-05
|
299449
|
|
File res/hiddenWindow.html missing in installer build
|
Firefox
|
Installer
|
benjamin
|
RESO
|
FIXE
|
2005-07-15
|
296397
|
|
obj.func.__proto__.__parent__ problem in chrome XBL
|
Core
|
JavaScript Engine
|
brendan
|
RESO
|
FIXE
|
2007-09-27
|
298730
|
|
ASSERTION: unexpected target property value: '!JSVAL_IS_PRIMITIVE(*vp)
|
Core
|
JavaScript Engine
|
brendan
|
RESO
|
FIXE
|
2005-07-28
|
289192
|
|
Synthetic ctrl-# events switch tabs
|
Firefox
|
Tabbed Browser
|
bugs
|
RESO
|
FIXE
|
2007-04-01
|
292591
|
|
content XBL scripts run even when Javascript turned off (Thunderbird exposed to any JS exploit)
|
Core
|
XBL
|
bzbarsky
|
RESO
|
FIXE
|
2011-08-05
|
297038
|
|
Insufficient validation in browser.js can lead to arbitrary code execution
|
Firefox
|
Security
|
doronr
|
RESO
|
FIXE
|
2007-04-01
|
293331
|
|
InstallTrigger may run callback on a different page than the page that triggered the install.
|
Core Graveyard
|
Installer: XPInstall
|
doug.turner
|
RESO
|
FIXE
|
2015-12-11
|
283777
|
|
Right arrow key after selecting autocomplete result no longer uses selected item
|
Firefox
|
Address Bar
|
dveditz
|
RESO
|
FIXE
|
2005-06-17
|
289236
|
|
Activate find as you type synthetically
|
Toolkit
|
Find Toolbar
|
dveditz
|
RESO
|
FIXE
|
2008-07-31
|
292774
|
|
"View Image" context menu allows chrome access
|
Firefox
|
Menus
|
dveditz
|
RESO
|
FIXE
|
2007-04-01
|
292937
|
|
Background Images can be in chrome protocol
|
Firefox
|
General
|
dveditz
|
RESO
|
FIXE
|
2007-04-01
|
294323
|
|
function onFullScreen() should check for untrusted events
|
Firefox
|
Security
|
dveditz
|
RESO
|
FIXE
|
2007-04-01
|
297603
|
|
Some XBL bindings no longer compile the implementation when they should
|
Core
|
XBL
|
dveditz
|
RESO
|
FIXE
|
2006-03-12
|
298054
|
|
eval(string) crashes in XPInstall [@ nsInstall::~nsInstall()]
|
Core Graveyard
|
Installer: XPInstall
|
dveditz
|
RESO
|
FIXE
|
2015-12-11
|
298255
|
|
Stand-alone applications can run arbitrary code through Firefox
|
Core
|
Security
|
dveditz
|
RESO
|
FIXE
|
2007-04-01
|
298934
|
|
Replace "[Javascript Application]" in content-originating sheets with something more useful (SA15489)
|
Core
|
Security
|
dveditz
|
RESO
|
FIXE
|
2007-07-02
|
283730
|
|
"Save As" dialog tries to overwrite link/shortcut (.lnk) file instead of opening the directory/folder
|
Core Graveyard
|
File Handling
|
emaijala+moz
|
RESO
|
FIXE
|
2016-06-22
|
296764
|
|
arrow keys do not move cursor in input fields with javascript disabled
|
Core
|
DOM: UI Events & Foc
|
jonas
|
RESO
|
FIXE
|
2019-03-13
|
265536
|
|
PFS returns x86 plugin for AMD64 browser
|
Core
|
Networking: HTTP
|
jstenback+bmo
|
RESO
|
FIXE
|
2019-06-16
|
294795
|
|
QueryInterface.__proto__.__parent__ refers to the object generated by "nsExtensionManager.js"
|
Core
|
XPConnect
|
jstenback+bmo
|
RESO
|
FIXE
|
2007-04-01
|
294799
|
|
Any_XPCOM_Object.anyFunction.__proto__.__parent__ refers to the invisible blank ChromeWindow
|
Core
|
Security
|
jstenback+bmo
|
RESO
|
FIXE
|
2007-04-01
|
295011
|
|
QueryInterface() allows arbitrary code execution
|
Core
|
XPConnect
|
jstenback+bmo
|
RESO
|
FIXE
|
2007-04-01
|
295093
|
|
Showing a blocked popup allows window.open feature titlebar=no
|
Core Graveyard
|
Embedding: APIs
|
jstenback+bmo
|
RESO
|
FIXE
|
2019-03-26
|
296467
|
|
crash hitting ctrl+h
|
Core
|
XPConnect
|
jstenback+bmo
|
RESO
|
FIXE
|
2006-03-12
|
296704
|
|
trusted event reinitialization allows data-theft
|
Core
|
DOM: Events
|
jstenback+bmo
|
RESO
|
FIXE
|
2008-01-16
|
296830
|
|
same origin violation: child frames calling rewritten top.focus() [sa15549]
|
Core
|
DOM: Core & HTML
|
jstenback+bmo
|
RESO
|
FIXE
|
2008-11-10
|
296850
|
|
Frame injection spoofing with targets (bug 246448 returns - SA15601)
|
Core
|
DOM: Navigation
|
jstenback+bmo
|
RESO
|
FIXE
|
2007-04-01
|
297543
|
|
Adblock is exploitable
|
Core
|
Security
|
jstenback+bmo
|
RESO
|
FIXE
|
2007-04-01
|
298892
|
|
Node spoofing (using e.g. XHTML) to bypass security checks
|
Core
|
Security
|
jstenback+bmo
|
RESO
|
FIXE
|
2007-04-01
|
292737
|
|
"Set As Wallpaper" context menu dialog allows to execute arbitrary code
|
Firefox
|
Menus
|
mconnor
|
RESO
|
FIXE
|
2007-04-01
|
293424
|
|
Malicious website can access chrome
|
Core
|
Security: CAPS
|
mconnor
|
RESO
|
FIXE
|
2007-04-01
|
280813
|
|
MOZJS.DLL crashes with SYS3183
|
SeaMonkey
|
General
|
mozilla
|
RESO
|
FIXE
|
2005-08-10
|
289864
|
|
Page crashes system (blue screen) with oversized image
|
Core Graveyard
|
Image: Painting
|
nobody
|
RESO
|
WORK
|
2011-08-05
|
284716
|
|
Create DDBs in nsImageWin::Optimize
|
Core Graveyard
|
GFX: Win32
|
paper
|
RESO
|
FIXE
|
2009-01-22
|
297807
|
|
Java 1.4.2 SR2 plug-in and later cause Mozilla to crash
|
Core Graveyard
|
Plug-ins
|
pkwarren
|
RESO
|
FIXE
|
2022-05-16
|
292464
|
|
event listeners added using addEventListener() listen only trusted events
|
Core
|
DOM: Events
|
smaug
|
RESO
|
FIXE
|
2006-03-12
|
295854
|
|
(new InstallVersion()).compareTo(/x/) crashes [@ConvertJSValToObj]
|
Core Graveyard
|
Installer: XPInstall
|
timeless
|
RESO
|
FIXE
|
2015-12-11
|
295052
|
|
Crash when apply method is called on String.prototype.match
|
Core
|
JavaScript Engine
|
brendan
|
VERI
|
FIXE
|
2006-03-12
|
293778
|
|
[FIXr]bookmarks toolbar missing in 2nd opened window, links in second window possibly cause crash
|
Core
|
XBL
|
bzbarsky
|
VERI
|
FIXE
|
2005-06-17
|
295210
|
|
[FIXr]Tab title different from window title on initial load at gmail
|
Core
|
DOM: Core & HTML
|
bzbarsky
|
VERI
|
FIXE
|
2019-03-13
|
291064
|
|
Helper app dialog incomplete for non-nsStandardURL types
|
Toolkit
|
Downloads API
|
gavin.sharp
|
VERI
|
FIXE
|
2008-07-31
|
298478
|
|
Downloads fail with "..could not be saved, because the source file could not be read" (error in JS Console: "Error: uncaught exception:Permission denied to get property RegExp.constructor")
|
Core
|
XUL
|
jstenback+bmo
|
VERI
|
FIXE
|
2006-01-15
|
299209
|
|
anonymous function expression statement => JS stack overflow [crash in js3250.dll + (0002c7d4)]
|
Core
|
JavaScript Engine
|
brendan
|
VERI
|
FIXE
|
2009-02-09
|
141818
|
|
Table with large rowspans and colspans hangs the browser
|
Core
|
Layout: Tables
|
bernd_mozilla
|
VERI
|
FIXE
|
2014-04-26
|
297931
|
|
Firefox version on the Aviary 1.0.1 branch needs to be set to 1.0.5
|
Firefox
|
General
|
chase
|
VERI
|
FIXE
|
2005-07-14
|
297932
|
|
Thunderbird version on the Aviary 1.0.1 branch needs to be set to 1.0.5
|
Thunderbird
|
General
|
chase
|
VERI
|
FIXE
|
2005-07-14
|
299252
|
|
Problems with redraw of screen with Gecko/20050630
|
Core Graveyard
|
GFX: Win32
|
dveditz
|
VERI
|
FIXE
|
2009-01-22
|
299901
|
|
Middle click fail on links with nested tags
|
Core
|
DOM: UI Events & Foc
|
gavin.sharp
|
VERI
|
FIXE
|
2019-03-13
|
299473
|
|
Not possible to enter data in account setting fields
|
Thunderbird
|
Mail Window Front En
|
jonas
|
VERI
|
FIXE
|
2005-07-06
|
288006
|
|
Drag image across browser windows --> crash [@ msvcrt.dll + 0x378c0 (0x77c378c0) 517abc0f]
|
Core
|
DOM: Copy & Paste an
|
jstenback+bmo
|
VERI
|
FIXE
|
2006-03-12
|
289940
|
|
Chrome code needs to be protected from untrusted events.
|
Core
|
DOM: Events
|
jstenback+bmo
|
VERI
|
FIXE
|
2006-08-28
|
291232
|
|
update installer packages should offer unchecked check box for setting start page
|
Toolkit
|
Application Update
|
mconnor
|
VERI
|
FIXE
|
2008-07-31
|
273778
|
|
If target folder for filter is deleted/moved received mail is not visible in INBOX
|
MailNews Core
|
Filters
|
mozilla
|
VERI
|
FIXE
|
2008-07-31
|
299478
|
|
Version information is missing in 'About Thunderbird' box
|
Thunderbird
|
Mail Window Front En
|
mscott
|
VERI
|
FIXE
|
2005-07-14
|
299816
|
|
Crashes when executing javascript with for cycle to 20000 calling function(){}; in another function
|
Core
|
JavaScript Engine
|
nobody
|
VERI
|
FIXE
|
2006-08-19
|
296270
|
|
Default user agent on AIX contains machine information
|
Core
|
Networking: HTTP
|
pkwarren
|
VERI
|
FIXE
|
2005-06-03
|
292326
|
|
Arrowscrollbox doesn't scroll on hover
|
Core
|
XUL
|
roc
|
VERI
|
FIXE
|
2008-12-26
|
245631
|
|
Crash loading .ico file [@ nsICODecoder::ProcessData ]
|
Core
|
Graphics: ImageLib
|
son.le0
|
VERI
|
FIXE
|
2006-03-12
|
294074
|
|
arbitrary code execution via sidebar (part 3)
|
Firefox
|
Security
|
u115577
|
VERI
|
FIXE
|
2011-08-05
|