| 293671
|
|
nsScriptSecurityManager::GetBaseURIScheme doesn't handle jar:view-source:
|
Core
|
Security
|
dbaron
|
RESO
|
FIXE
|
2006-03-12
|
| 290476
|
|
js_AllocStack doesn't clear space it returns
|
Core
|
JavaScript Engine
|
general
|
RESO
|
FIXE
|
2005-07-28
|
| 290908
|
|
new Script() can access chrome window and run arbitrary code with chrome privilege
|
Core
|
Security
|
brendan
|
RESO
|
FIXE
|
2007-04-01
|
| 272369
|
|
[s390] firefox -register results in SIGSEGV
|
Core
|
XPCOM
|
bugzilla
|
RESO
|
FIXE
|
2005-05-11
|
| 290982
|
|
The view-source: pseudo protocol can be used to do cross-domain scripting
|
Core
|
Security
|
darin.moz
|
RESO
|
FIXE
|
2007-04-01
|
| 290949
|
|
Link tag still allows to execute arbitrary code without user interaction (with view-source:javascript: URL)
|
Core
|
Security
|
dbaron
|
RESO
|
FIXE
|
2007-04-01
|
| 291150
|
|
fun with jar and rel="icon"
|
SeaMonkey
|
Tabbed Browser
|
dveditz
|
RESO
|
FIXE
|
2008-07-31
|
| 291745
|
|
cross site scripting if the user opens a link and then presses "back"
|
Firefox
|
Security
|
dveditz
|
RESO
|
FIXE
|
2006-05-12
|
| 292691
|
|
Full Remote Compromise using some of my previous vulns
|
Firefox
|
Security
|
dveditz
|
RESO
|
FIXE
|
2007-04-01
|
| 264324
|
|
incorrect defines in s390/s390x
|
NSPR
|
NSPR
|
wtc
|
RESO
|
FIXE
|
2005-05-04
|
| 295052
|
|
Crash when apply method is called on String.prototype.match
|
Core
|
JavaScript Engine
|
brendan
|
VERI
|
FIXE
|
2006-03-12
|
| 290777
|
|
Regression in defining getters on prototypes in content script
|
Core
|
XPConnect
|
brendan
|
VERI
|
FIXE
|
2006-03-12
|