282105
|
|
[FIX]BoxObject's InvalidatePresentationStuff needs ability to tell document to remove it from its boxobject table
|
Core
|
XUL
|
bzbarsky
|
RESO
|
FIXE
|
2008-09-26
|
325947
|
|
[FIX]Site can cause user's file to be uploaded by changing input type
|
Core
|
Layout: Form Control
|
bzbarsky
|
RESO
|
FIXE
|
2006-06-03
|
313236
|
|
Access checks in XBL compilation scope can be circumvented
|
Core
|
Security
|
mrbkap
|
RESO
|
FIXE
|
2011-08-05
|
313375
|
|
DOM object can be used to circumvent security checks
|
Core
|
DOM: Core & HTML
|
mrbkap
|
RESO
|
FIXE
|
2019-03-13
|
316589
|
|
1.0.x split-window alternative
|
Core
|
DOM: Core & HTML
|
mrbkap
|
RESO
|
FIXE
|
2019-03-13
|
997021
|
|
Parking Report link
|
Invalid Bugs
|
General
|
nobody
|
RESO
|
INVA
|
2014-08-03
|
313724
|
|
Scripts can nullify explicit local roots by setting caller.arguments[n]
|
Core
|
JavaScript Engine
|
brendan
|
RESO
|
FIXE
|
2006-06-16
|
324223
|
|
[FIXr]Docshell should push null JSContext before calling window.open()
|
Core
|
DOM: Navigation
|
bzbarsky
|
RESO
|
FIXE
|
2006-07-14
|
284386
|
|
Build error using gcc4 (oiddata.h, incomplete type)
|
NSS
|
Build
|
caillon
|
RESO
|
FIXE
|
2006-02-02
|
224454
|
|
Prompts should not be application modal but just window modal
|
Core Graveyard
|
Embedding: GTK Widge
|
chpe
|
RESO
|
FIXE
|
2012-04-05
|
265599
|
|
crash in [@ GtkPromptService::Prompt]
|
Core Graveyard
|
Embedding: GTK Widge
|
chpe
|
RESO
|
FIXE
|
2012-04-05
|
300226
|
|
crash on exit when using gtk 2.7
|
Core
|
Widget: Gtk
|
chpe
|
RESO
|
FIXE
|
2006-02-10
|
302489
|
|
XMLHTTP TRACE method can reveal proxy passwords to web sites
|
Core
|
XML
|
darin.moz
|
RESO
|
FIXE
|
2007-04-01
|
323853
|
|
JB_BP not exported by newer glibc (2.4)
|
Core
|
XPCOM
|
dbaron
|
RESO
|
FIXE
|
2006-04-17
|
304330
|
|
CVE-2005-2353 run-mozilla.sh temporary file issue
|
Core Graveyard
|
Cmd-line Features
|
dveditz
|
RESO
|
FIXE
|
2009-09-17
|
318618
|
|
Unchecked malloc in CertReader
|
Core Graveyard
|
Installer: XPInstall
|
dveditz
|
RESO
|
FIXE
|
2015-12-11
|
327194
|
|
XSS by using .valueOf.call() or .valueOf.apply()
|
Core
|
Security
|
dveditz
|
RESO
|
FIXE
|
2007-04-01
|
333428
|
|
Fix for Bug 293527 can be circumvented
|
Core
|
Security
|
dveditz
|
RESO
|
FIXE
|
2006-06-03
|
298823
|
|
JAR URIs (and other types missing the host part) are not properly handled by nsScriptSecurityManager::LookupPolicy()
|
Core
|
Security: CAPS
|
g.maone
|
RESO
|
FIXE
|
2006-03-12
|
333035
|
|
[1.0.8] Context menu broken on form elements (FF, TB, Suite)
|
Core
|
XUL
|
gavin.sharp
|
RESO
|
FIXE
|
2008-07-31
|
296514
|
|
event handler and modal dialog allows XSS attacks
|
Core
|
DOM: Events
|
jstenback+bmo
|
RESO
|
FIXE
|
2007-04-01
|
313366
|
|
closed window holds its last security context
|
Core
|
DOM: Core & HTML
|
jstenback+bmo
|
RESO
|
FIXE
|
2019-03-13
|
303523
|
|
"Do not load remote images ..." blocks enigmail
|
SeaMonkey
|
MailNews: Message Di
|
mail
|
RESO
|
FIXE
|
2006-03-10
|
326154
|
|
add Yahoo search plugins for zh-TW and zh-CN
|
Firefox
|
Search
|
mike.shaver
|
RESO
|
FIXE
|
2006-02-13
|
303752
|
|
Forward inline attaches externally referenced local files and intranet files
|
MailNews Core
|
Composition
|
mozilla
|
RESO
|
FIXE
|
2008-07-31
|
311619
|
|
Fix for Bug 311024 does not block (new Script(code)).exec(window)
|
Core
|
Security
|
mrbkap
|
RESO
|
FIXE
|
2007-04-01
|
301329
|
|
Image-related items in context menu do not appear when images are disabled or for broken images.
|
Firefox Build System
|
General
|
neil
|
RESO
|
FIXE
|
2018-03-02
|
303713
|
|
textbox.dispatchEvent(keyEvent) no longer adds character to textbox in Firefox 1.0.6
|
Core
|
DOM: Events
|
neil
|
RESO
|
FIXE
|
2011-11-01
|
323634
|
|
Unprivileged access to window.controllers is possible
|
Core
|
XUL
|
neil
|
RESO
|
FIXE
|
2008-07-31
|
297750
|
|
wrong sequence of declaration in union fd_twoints on x86
|
Core
|
JavaScript Engine
|
nian.liu
|
RESO
|
FIXE
|
2006-02-17
|
271716
|
|
crash on infinite loop creating new arrays [@ JS_TypeOfValue]
|
Core
|
JavaScript Engine
|
brendan
|
VERI
|
FIXE
|
2006-07-07
|
312784
|
|
crash setting display:none on grid rows [@ nsGrid::GetPrefRowHeight]
|
Core
|
XUL
|
bzbarsky
|
VERI
|
FIXE
|
2011-06-13
|
313173
|
|
Crash with evil xul testcase, using table-caption/-moz-grid [@ nsGridRow::IsCollapsed][@ nsGrid::GetScrollBox]
|
Core
|
Layout
|
bzbarsky
|
VERI
|
FIXE
|
2011-06-13
|
312871
|
|
Content can access XBL compilation scope by using xbl.method.valueOf.call() or xbl.method.valueOf.apply()
|
Core
|
Security
|
mrbkap
|
VERI
|
FIXE
|
2011-08-05
|
319847
|
|
CVE-2006-0296 XULDocument.persist() allows an attacker to inject bogus RDF data into localstore.rdf
|
Core
|
Security
|
mrbkap
|
VERI
|
FIXE
|
2007-04-01
|
320459
|
|
Crash in Firefox 1.5 involving <legend>, <kbd>, and <object> [@ nsBlockFrame::IsFloatContainingBlock] [@ IsContinuationPlaceholder]
|
Core
|
Layout: Block and In
|
bzbarsky
|
VERI
|
FIXE
|
2011-06-13
|
328937
|
|
Table Rebuilding Code Execution Vulnerability (ZDI-06-011, CVE-2006-0748 )
|
Core
|
Layout: Tables
|
dveditz
|
VERI
|
FIXE
|
2007-01-08
|
310539
|
|
Checkin for Bug 280769 broke AIX tinderbox
|
Core
|
JavaScript Engine
|
igor
|
VERI
|
FIXE
|
2006-03-21
|
298315
|
|
cross window function callback allows XSS & arbitrary code execution
|
Core
|
Security
|
jstenback+bmo
|
VERI
|
FIXE
|
2007-04-01
|
271194
|
|
When going from a secure to a non-secure page without clicking a button in the security dialog, the non-secure page appears as secure
|
Core
|
Security: PSM
|
kaie
|
VERI
|
FIXE
|
2013-02-23
|
321886
|
|
Crash when importing bookmarks from Firefox
|
Camino Graveyard
|
Bookmarks
|
mikepinkerton
|
VERI
|
FIXE
|
2006-02-27
|
319610
|
|
Installer fails reporting that Talkback is missing
|
SeaMonkey
|
Installer
|
mozpreed
|
VERI
|
FIXE
|
2006-02-27
|
319732
|
|
[@ nsTextEditorKeyListener::KeyPress] crash typing string to search for in page (find as you type) right after page is loaded; or in MailNews/emailCompose
|
Core
|
DOM: Editor
|
neil
|
VERI
|
FIXE
|
2006-03-12
|