| 250906
|
|
null (%00) in filename fakes extension (ftp, file)
|
Core
|
Networking: File
|
rjesup
|
NEW
|
---
|
2024-01-13
|
| 236618
|
|
Netscape SOAPParameter Constructor Integer Overflow Vulnerability
|
Core
|
Security
|
brendan
|
RESO
|
FIXE
|
2004-08-03
|
| 226278
|
|
Password cache for http auth should remember if the site was secure
|
Core
|
Networking: HTTP
|
darin.moz
|
RESO
|
FIXE
|
2011-08-05
|
| 240053
|
|
SSL Certificate Spoof -- Allows malicious page to present SSL certificate from another site
|
Core
|
Security
|
darin.moz
|
RESO
|
FIXE
|
2020-12-15
|
| 86028
|
|
can redefine focus() and other allAccess functions at another domain
|
Core
|
Security: CAPS
|
dveditz
|
RESO
|
FIXE
|
2013-06-09
|
| 249004
|
|
Importing false CA certificate leading to error -8182 (perm DoS), especially exploitable by email
|
Core Graveyard
|
Security: UI
|
kaie
|
RESO
|
FIXE
|
2016-09-27
|
| 178692
|
|
Accepting a self-signed cert adds it to Authorities tab.
|
Core Graveyard
|
Security: UI
|
jgmyers
|
RESO
|
FIXE
|
2016-09-27
|
| 244965
|
|
Untrusted web content can display content using "chrome" flag in window.open
|
Core
|
DOM: Core & HTML
|
benjamin
|
RESO
|
FIXE
|
2011-08-05
|
| 234700
|
|
deleting history entry doesn't remove it from history.dat
|
Firefox
|
Bookmarks & History
|
bugs
|
RESO
|
FIXE
|
2008-07-31
|
| 250235
|
|
1.4 branch should compile against gcc 3.4
|
SeaMonkey
|
General
|
caillon
|
RESO
|
FIXE
|
2004-11-22
|
| 253310
|
|
Backport of auth manager fixes for 1.4 branch
|
Core
|
Networking
|
caillon
|
RESO
|
FIXE
|
2004-08-03
|
| 239160
|
|
Under windows there are file extensions to be regarded as dangerous windows executables.
|
Core
|
XPCOM
|
doug.turner
|
RESO
|
FIXE
|
2006-03-12
|
| 162020
|
|
pop up XPInstall/security dialog when user is about to click
|
Core
|
Security
|
dveditz
|
RESO
|
FIXE
|
2024-06-02
|
| 229374
|
|
more to do for bug #157644...
|
MailNews Core
|
Networking: POP
|
mozilla
|
RESO
|
FIXE
|
2009-01-22
|
| 239580
|
|
default button in script-permission dialog should be "No"
|
Core
|
Security
|
mozilla
|
RESO
|
FIXE
|
2004-08-13
|
| 234058
|
|
Certificate name matching for non-FQDNs is insecure
|
NSS
|
Libraries
|
nelson
|
VERI
|
FIXE
|
2004-08-03
|
| 230608
|
|
large window.opened window can cover and spoof taskbar if parent is maximized
|
Core
|
DOM: Core & HTML
|
danm.moz
|
VERI
|
FIXE
|
2013-06-18
|
| 239121
|
|
Unblock port 1080
|
Core
|
Security
|
doug.turner
|
VERI
|
FIXE
|
2004-09-03
|
| 149478
|
|
XPI install confirmation should default to cancel, not Install
|
Core Graveyard
|
Installer: XPInstall
|
dveditz
|
VERI
|
FIXE
|
2015-12-11
|
| 245062
|
|
InstallTriggers should CheckLoadURI
|
Core Graveyard
|
Installer: XPInstall
|
dveditz
|
VERI
|
FIXE
|
2015-12-11
|
| 242915
|
|
PNG out-of-bounds read during error message processing
|
Core
|
Graphics: ImageLib
|
glennrp+bmo
|
VERI
|
FIXE
|
2004-07-08
|
| 251381
|
|
new libpng buffer overflow vulnerabilities
|
Core
|
Graphics: ImageLib
|
glennrp+bmo
|
VERI
|
FIXE
|
2006-03-12
|
| 244766
|
|
windows opened as chrome can open popups
|
SeaMonkey
|
UI Design
|
jag+mozilla
|
VERI
|
FIXE
|
2005-03-25
|
| 206859
|
|
can drag text into file upload control
|
Core
|
Security
|
john
|
VERI
|
FIXE
|
2023-06-20
|
| 246448
|
|
can spoof framed sites by changing frame contents
|
Core
|
Security
|
jstenback+bmo
|
VERI
|
FIXE
|
2013-06-09
|
| 253121
|
|
lock icon and certificates spoofable with onunload document.write
|
Core
|
Security
|
jstenback+bmo
|
VERI
|
FIXE
|
2006-03-23
|
| 240361
|
|
Crash in CERT_CheckValidTimes
|
NSS
|
Libraries
|
julien.pierre
|
VERI
|
FIXE
|
2007-03-22
|
| 250180
|
|
Shell: protocol allows access to local files and can lead to a DOS
|
Core Graveyard
|
File Handling
|
timeless
|
VERI
|
FIXE
|
2016-06-22
|
| 253782
|
|
Extremely large transparent PNG images crash [@ gfxImageFrame::SetAlphaData ] nearly all versions of Firefox and Mozilla
|
Core Graveyard
|
Image: Painting
|
tor
|
VERI
|
FIXE
|
2014-04-26
|