| 272336
|
|
array_sort uses GC-unsafe temporary memory to hold jsvals
|
Core
|
JavaScript Engine
|
brendan
|
RESO
|
FIXE
|
2005-10-13
|
| 300008
|
|
chrome XBL method.eval allows arbitrary code execution
|
Core
|
JavaScript Engine
|
brendan
|
RESO
|
FIXE
|
2007-09-18
|
| 292589
|
|
[FIX]XBL load missing content policy check (Thunderbird not blocking remote content)
|
Core
|
XBL
|
bzbarsky
|
RESO
|
FIXE
|
2007-04-01
|
| 295457
|
|
NISCC vulnerability #891011 (Parsing of Various Image Formats by Web Browsers)
|
Core
|
Graphics: ImageLib
|
cbiesinger
|
RESO
|
FIXE
|
2005-12-02
|
| 217967
|
|
FF104 crash [@ PL_DHashTableOperate ] changing caps access control prefs
|
Core
|
Security: CAPS
|
g.maone
|
RESO
|
FIXE
|
2010-10-05
|
| 290420
|
|
Firefox context menu code shouldn't rely on localname tests
|
Firefox
|
General
|
asaf
|
RESO
|
FIXE
|
2011-08-05
|
| 296397
|
|
obj.func.__proto__.__parent__ problem in chrome XBL
|
Core
|
JavaScript Engine
|
brendan
|
RESO
|
FIXE
|
2007-09-27
|
| 298730
|
|
ASSERTION: unexpected target property value: '!JSVAL_IS_PRIMITIVE(*vp)
|
Core
|
JavaScript Engine
|
brendan
|
RESO
|
FIXE
|
2005-07-28
|
| 292591
|
|
content XBL scripts run even when Javascript turned off (Thunderbird exposed to any JS exploit)
|
Core
|
XBL
|
bzbarsky
|
RESO
|
FIXE
|
2011-08-05
|
| 297374
|
|
missing this. in nsHelperAppDlg.js
|
Core Graveyard
|
File Handling
|
cbiesinger
|
RESO
|
FIXE
|
2016-06-22
|
| 293331
|
|
InstallTrigger may run callback on a different page than the page that triggered the install.
|
Core Graveyard
|
Installer: XPInstall
|
doug.turner
|
RESO
|
FIXE
|
2015-12-11
|
| 289236
|
|
Activate find as you type synthetically
|
Toolkit
|
Find Toolbar
|
dveditz
|
RESO
|
FIXE
|
2008-07-31
|
| 292774
|
|
"View Image" context menu allows chrome access
|
Firefox
|
Menus
|
dveditz
|
RESO
|
FIXE
|
2007-04-01
|
| 294323
|
|
function onFullScreen() should check for untrusted events
|
Firefox
|
Security
|
dveditz
|
RESO
|
FIXE
|
2007-04-01
|
| 297603
|
|
Some XBL bindings no longer compile the implementation when they should
|
Core
|
XBL
|
dveditz
|
RESO
|
FIXE
|
2006-03-12
|
| 298054
|
|
eval(string) crashes in XPInstall [@ nsInstall::~nsInstall()]
|
Core Graveyard
|
Installer: XPInstall
|
dveditz
|
RESO
|
FIXE
|
2015-12-11
|
| 298934
|
|
Replace "[Javascript Application]" in content-originating sheets with something more useful (SA15489)
|
Core
|
Security
|
dveditz
|
RESO
|
FIXE
|
2007-07-02
|
| 283730
|
|
"Save As" dialog tries to overwrite link/shortcut (.lnk) file instead of opening the directory/folder
|
Core Graveyard
|
File Handling
|
emaijala+moz
|
RESO
|
FIXE
|
2016-06-22
|
| 294307
|
|
seamonkey mailnews doing too-permissive content policy checks
|
SeaMonkey
|
Security
|
iannbugzilla
|
RESO
|
FIXE
|
2008-06-19
|
| 296764
|
|
arrow keys do not move cursor in input fields with javascript disabled
|
Core
|
DOM: UI Events & Foc
|
jonas
|
RESO
|
FIXE
|
2019-03-13
|
| 265536
|
|
PFS returns x86 plugin for AMD64 browser
|
Core
|
Networking: HTTP
|
jstenback+bmo
|
RESO
|
FIXE
|
2019-06-16
|
| 294795
|
|
QueryInterface.__proto__.__parent__ refers to the object generated by "nsExtensionManager.js"
|
Core
|
XPConnect
|
jstenback+bmo
|
RESO
|
FIXE
|
2007-04-01
|
| 294799
|
|
Any_XPCOM_Object.anyFunction.__proto__.__parent__ refers to the invisible blank ChromeWindow
|
Core
|
Security
|
jstenback+bmo
|
RESO
|
FIXE
|
2007-04-01
|
| 295011
|
|
QueryInterface() allows arbitrary code execution
|
Core
|
XPConnect
|
jstenback+bmo
|
RESO
|
FIXE
|
2007-04-01
|
| 295093
|
|
Showing a blocked popup allows window.open feature titlebar=no
|
Core Graveyard
|
Embedding: APIs
|
jstenback+bmo
|
RESO
|
FIXE
|
2019-03-26
|
| 296467
|
|
crash hitting ctrl+h
|
Core
|
XPConnect
|
jstenback+bmo
|
RESO
|
FIXE
|
2006-03-12
|
| 296704
|
|
trusted event reinitialization allows data-theft
|
Core
|
DOM: Events
|
jstenback+bmo
|
RESO
|
FIXE
|
2008-01-16
|
| 296830
|
|
same origin violation: child frames calling rewritten top.focus() [sa15549]
|
Core
|
DOM: Core & HTML
|
jstenback+bmo
|
RESO
|
FIXE
|
2008-11-10
|
| 296850
|
|
Frame injection spoofing with targets (bug 246448 returns - SA15601)
|
Core
|
DOM: Navigation
|
jstenback+bmo
|
RESO
|
FIXE
|
2007-04-01
|
| 297543
|
|
Adblock is exploitable
|
Core
|
Security
|
jstenback+bmo
|
RESO
|
FIXE
|
2007-04-01
|
| 298892
|
|
Node spoofing (using e.g. XHTML) to bypass security checks
|
Core
|
Security
|
jstenback+bmo
|
RESO
|
FIXE
|
2007-04-01
|
| 293424
|
|
Malicious website can access chrome
|
Core
|
Security: CAPS
|
mconnor
|
RESO
|
FIXE
|
2007-04-01
|
| 290829
|
|
place holders in helper app dialog are not replaced
|
Core Graveyard
|
File Handling
|
neil
|
RESO
|
FIXE
|
2016-06-22
|
| 289864
|
|
Page crashes system (blue screen) with oversized image
|
Core Graveyard
|
Image: Painting
|
nobody
|
RESO
|
WORK
|
2011-08-05
|
| 284716
|
|
Create DDBs in nsImageWin::Optimize
|
Core Graveyard
|
GFX: Win32
|
paper
|
RESO
|
FIXE
|
2009-01-22
|
| 297807
|
|
Java 1.4.2 SR2 plug-in and later cause Mozilla to crash
|
Core Graveyard
|
Plug-ins
|
pkwarren
|
RESO
|
FIXE
|
2022-05-16
|
| 292464
|
|
event listeners added using addEventListener() listen only trusted events
|
Core
|
DOM: Events
|
smaug
|
RESO
|
FIXE
|
2006-03-12
|
| 295854
|
|
(new InstallVersion()).compareTo(/x/) crashes [@ConvertJSValToObj]
|
Core Graveyard
|
Installer: XPInstall
|
timeless
|
RESO
|
FIXE
|
2015-12-11
|
| 293778
|
|
[FIXr]bookmarks toolbar missing in 2nd opened window, links in second window possibly cause crash
|
Core
|
XBL
|
bzbarsky
|
VERI
|
FIXE
|
2005-06-17
|
| 295210
|
|
[FIXr]Tab title different from window title on initial load at gmail
|
Core
|
DOM: Core & HTML
|
bzbarsky
|
VERI
|
FIXE
|
2019-03-13
|
| 298478
|
|
Downloads fail with "..could not be saved, because the source file could not be read" (error in JS Console: "Error: uncaught exception:Permission denied to get property RegExp.constructor")
|
Core
|
XUL
|
jstenback+bmo
|
VERI
|
FIXE
|
2006-01-15
|
| 299209
|
|
anonymous function expression statement => JS stack overflow [crash in js3250.dll + (0002c7d4)]
|
Core
|
JavaScript Engine
|
brendan
|
VERI
|
FIXE
|
2009-02-09
|
| 141818
|
|
Table with large rowspans and colspans hangs the browser
|
Core
|
Layout: Tables
|
bernd_mozilla
|
VERI
|
FIXE
|
2014-04-26
|
| 297930
|
|
Suite version needs to be bumped to 1.7.9
|
SeaMonkey
|
General
|
chase
|
VERI
|
FIXE
|
2005-07-14
|
| 299252
|
|
Problems with redraw of screen with Gecko/20050630
|
Core Graveyard
|
GFX: Win32
|
dveditz
|
VERI
|
FIXE
|
2009-01-22
|
| 299901
|
|
Middle click fail on links with nested tags
|
Core
|
DOM: UI Events & Foc
|
gavin.sharp
|
VERI
|
FIXE
|
2019-03-13
|
| 288006
|
|
Drag image across browser windows --> crash [@ msvcrt.dll + 0x378c0 (0x77c378c0) 517abc0f]
|
Core
|
DOM: Copy & Paste an
|
jstenback+bmo
|
VERI
|
FIXE
|
2006-03-12
|
| 289940
|
|
Chrome code needs to be protected from untrusted events.
|
Core
|
DOM: Events
|
jstenback+bmo
|
VERI
|
FIXE
|
2006-08-28
|
| 299463
|
|
File res/hiddenWindow.html missing in installer build
|
SeaMonkey
|
Installer
|
jstenback+bmo
|
VERI
|
FIXE
|
2006-02-02
|
| 273778
|
|
If target folder for filter is deleted/moved received mail is not visible in INBOX
|
MailNews Core
|
Filters
|
mozilla
|
VERI
|
FIXE
|
2008-07-31
|
| 299816
|
|
Crashes when executing javascript with for cycle to 20000 calling function(){}; in another function
|
Core
|
JavaScript Engine
|
nobody
|
VERI
|
FIXE
|
2006-08-19
|
| 296270
|
|
Default user agent on AIX contains machine information
|
Core
|
Networking: HTTP
|
pkwarren
|
VERI
|
FIXE
|
2005-06-03
|
| 292326
|
|
Arrowscrollbox doesn't scroll on hover
|
Core
|
XUL
|
roc
|
VERI
|
FIXE
|
2008-12-26
|
| 245631
|
|
Crash loading .ico file [@ nsICODecoder::ProcessData ]
|
Core
|
Graphics: ImageLib
|
son.le0
|
VERI
|
FIXE
|
2006-03-12
|