Wed Jul 17 2024 21:07:32 PDT
  • Keywords: fixed1.8.0.15
71 bugs found.
ID Type Summary Product Comp Assignee Status Resolution Updated
412363 Buffer overflow in external MIME bodies MailNews Core MIME bugmil.ebirol RESO FIXE 2008-07-31
267833 [FIX]Fire XBL constructors from EndUpdate(), not before Core XBL bzbarsky RESO FIXE 2008-03-08
362901 [FIX]nsCSSFrameConstructor::HaveFirstLetterStyle broken in the presence of asynchronous restyles or batching Core Layout bzbarsky RESO FIXE 2018-08-29
369814 jar: protocol is an XSS hazard due to ignoring mime type and being considered same-origin with hosting site Core Networking: JAR dave.camp RESO FIXE 2011-05-03
403331 Sort out jar: behavior on HTTP redirects Core Networking: JAR dave.camp RESO FIXE 2008-03-20
413250 chrome directory traversal (local disk access via "flat" addons) Core General dveditz RESO FIXE 2009-06-16
408076 out of bounds read in BMP decoder can lead to information disclosure Core Graphics: ImageLib gavin.sharp RESO FIXE 2008-03-12
384925 plug-in finder service does not use https for all XPI installation URIs Toolkit Graveyard Plugin Finder Servic benjamin RESO FIXE 2014-09-24
336303 [FIX]nsPrincipal::GetOrigin should dig into nested URIs Core Security bzbarsky RESO FIXE 2008-03-25
402649 [FIX]window.location race condition can be used to spoof referer header Core DOM: Core & HTML bzbarsky RESO FIXE 2019-03-13
295922 Client Auth "select cert automatically" is considered a privacy issue Core Graveyard Security: UI dveditz RESO FIXE 2016-09-27
417086 Use of colon (:) in hash/anchor part of chrome URL when using window.open results in an error. Firefox General dveditz RESO FIXE 2008-03-22
376473 [mz2] file action dialog controls vulnerable to refocus race Firefox Security gavin.sharp RESO FIXE 2008-03-18
405818 [FIX]Opening about:config results in warning about unresponsive script Core CSS Parsing and Comp bzbarsky RESO FIXE 2008-03-20
392149 -osint protection can be subverted via remote options Toolkit Startup and Profile ajschult784 RESO FIXE 2008-07-31
178993 MSIE-extension: HttpOnly cookie attribute for cross-site scripting vulnerability prevention Core Networking: Cookies avva RESO FIXE 2008-03-19
371572 Release SpiderMonkey 1.6.1 Core JavaScript Engine bob RESO FIXE 2008-10-12
353962 Firefox 2.0 often hangs in Intel Mac OS X 10.4.7 Core JavaScript Engine brendan RESO FIXE 2008-08-31
345305 Arbitrary code execution with Venkman JavaScript Debugger Other Applications G Venkman JS Debugger bugzilla-mozilla-20000923 RESO FIXE 2018-10-16
387258 plain text txt file viewing capability lost after having downloaded a txt file with content-disposition: attachment and content-type: plain/text Core Graveyard File Handling bzbarsky RESO FIXE 2016-08-26
396613 Crash [@gklayout!nsTableFrame::GetFrameAtOrBefore] Core Layout bzbarsky RESO FIXE 2008-05-23
397427 [FIX]Stylesheet href property shows redirected URL unlike other browsers Core CSS Parsing and Comp bzbarsky RESO FIXE 2010-02-23
346664 Arbitrary code execution with FireBug by using document.open or document.write Core Security dveditz RESO FIXE 2013-03-31
387543 web content can set httponly cookie by overwriting a non-httponly one Core Networking: Cookies dveditz RESO FIXE 2008-03-20
383181 Prevent creating/overwriting HttpOnly cookies from web content Core Networking: Cookies dwitte RESO FIXE 2008-03-20
325761 memory corruption in mozilla <object data='x-jsd:help'> Other Applications G Venkman JS Debugger gijskruitbosch+bugs RESO FIXE 2018-10-16
360701 Crash in js1_7/extensions/regress-355410.js browser with WAY_TOO_MUCH_GC Core JavaScript Engine igor RESO FIXE 2008-09-29
393537 Heap corruption on Out-of-Memory in jsopcode.c Core JavaScript Engine igor RESO FIXE 2008-03-20
402087 Setting GC-Zeal before JS_CompileScript() causes null-deref (obj->map == 0x0) in JSOP_DEFFUN Core JavaScript Engine igor RESO FIXE 2008-03-22
381300 Frame spoofing is possible within a short time frame while the window is loading. Core DOM: Core & HTML jstenback+bmo RESO FIXE 2019-03-13
240261 [1.8 branch] peer-trusted certs can use alt names to spoof Core Security: PSM kaie RESO FIXE 2008-07-04
279505 Crash in pop-up window on parent.close() due to double free. [@ nsCSSFrameConstructor::RestyleEvent::HandleEvent] Core DOM: Events MatsPalmgren_bugz RESO FIXE 2008-03-21
372075 javascript: URI evaluation should use sandboxed context for toString, etc Core DOM: Core & HTML mrbkap RESO FIXE 2019-03-13
386695 PAC privilege escalation using exception objects came from outside of sandbox Core Security mrbkap RESO FIXE 2008-03-22
387881 Arbitrary code execution by polluting implicit XPCNativeWrapper (using Script object) Core Security mrbkap RESO FIXE 2008-03-20
346663 Arbitrary code execution with DOM Inspector by using document.open or document.write Other Applications DOM Inspector nobody RESO FIXE 2009-01-25
378787 IE 7 and Firefox Browsers Digest Authentication Request Splitting Core Networking: HTTP sayrer RESO FIXE 2008-03-20
373911 xbl destructor bound to body causes trouble [@ nsXBLBinding::AllowScripts] Core XBL smaug RESO FIXE 2008-03-08
384105 Crash [@ PresShell::AttributeChanged] with menuitem sizetopopup="always", position: absolute and tree stuff Core Layout smaug RESO FIXE 2011-06-13
387033 Script may run when initializing nsTextBoxFrame Core Layout smaug RESO FIXE 2009-04-24
388784 Firefox file input focus stealing vulnerability Core Layout: Form Control smaug RESO FIXE 2008-03-20
361745 svg viewbox=twisted and image {width,height,x,y}=twisted [@ memset - fbRasterizeTrapezoid] Core Graphics tor RESO FIXE 2011-06-13
391028 drawImage with broken PNG draws random memory Core Graphics: Canvas2D vladimir RESO FIXE 2008-03-20
393326 [FIX]Crash [@ nsCSSFrameConstructor::RemoveFirstLetterFrames] with quotes, binding, position: fixed, display: -moz-box and first-letter Core Layout bzbarsky VERI FIXE 2011-06-13
400556 [FIX]Vulnerability allows script to see where user is headed, sniff history, and crash [@ nsDocShell::Destroy()] the browser too Core DOM: Core & HTML bzbarsky VERI FIXE 2019-03-13
402150 Buffer overrun [@ nsDocument::RetrieveRelevantHeaders] at provided URL Core DOM: Core & HTML dveditz VERI FIXE 2019-03-13
408256 Use a constant-size buffer in BMP decoder to reduce fragmentation Core Graphics: ImageLib gavin.sharp VERI FIXE 2008-03-12
399298 Bypassing XPCNativeWrapper by redefining XPCNativeWrapper Core Security mrbkap VERI FIXE 2008-03-22
406572 JSOP_CLOSURE unconditionally replaces properties of the variable object Core JavaScript Engine igor VERI FIXE 2012-10-16
404252 Potential XSS vulnerability because of U+0008 being treated as whitespace Core DOM: HTML Parser mrbkap VERI FIXE 2008-05-08
197052 crash if modification innerHTML of element in this element [@ js_EmitTree ] Core DOM: Core & HTML smaug VERI FIXE 2011-06-09
373344 Mousedown event listener changing body style and alert()ing crashes [@ PresShell::HandleEventInternal] browser Core DOM: UI Events & Foc smaug VERI FIXE 2019-03-13
407161 Garbled Japanese after bug 381412, XSS variant still possible Core DOM: HTML Parser VYV03354 VERI FIXE 2008-03-25
364801 ASSERTION: Some frame destructors were not called with this testcase that makes scrollbars disappear Core Layout roc VERI FIXE 2008-03-20
393141 Crash [@ nsAccessibilityService::GetAccessible] with display:none option inside optgroup Core Disability Access AP aaronlev VERI FIXE 2011-06-13
309322 Evil testcase using multiple display:table-caption causes crash if you are really determined [@ nsIFrame::HasView] Core Layout: Tables bernd_mozilla VERI FIXE 2013-10-13
388121 [FIX]about:blank loaded by chrome in particular ways has chrome privileges Core DOM: Core & HTML bzbarsky VERI FIXE 2019-03-13
404627 [FIX]XPinstall whitelist bypass using refresh after fix for bug 402649 Core DOM: Core & HTML bzbarsky VERI FIXE 2019-03-13
358594 "Assertion failure: vlength > n" calling uneval(this) (involves __proto__ and serialization using sharps?) Core JavaScript Engine crowderbt VERI FIXE 2008-03-08
372309 Crash in [@SetArrayElement] using canvas Core JavaScript Engine crowderbt VERI FIXE 2008-03-08
395942 QuickTime flaw allows launching default browser with arbitrary parameters on Windows ("quicktime pwns firefox") Core General dveditz VERI FIXE 2008-03-20
390078 GC hazard with JSstackFrame.argv[-1] Core JavaScript Engine igor VERI FIXE 2008-03-20
398085 Crash with large switch statement [@ js_Interpret] Core JavaScript Engine igor VERI FIXE 2012-01-23
407720 js_FindClassObject causes crashes with getter/setter Core JavaScript Engine igor VERI FIXE 2008-03-25
390597 watch point + eval-as-setter allows access to dead JSStackFrame Core JavaScript Engine mrbkap VERI FIXE 2008-03-29
346405 [columns] crash [@ nsColumnSetFrame::GetContentInsertionFrame] and [@ nsLineLayout::TrimTrailingWhiteSpaceIn] Core Layout roc VERI FIXE 2011-06-13
386914 Crash [@ nsXULDocument::ExecuteOnBroadcastHandlerFor] with DOMAttrModified event handler and observes Core XUL smaug VERI FIXE 2011-06-13
393762 Arbitrary code execution using an event handler attached to an element whose owner document has no script global object Core Security smaug VERI FIXE 2009-03-19
398088 Crash [@ nsXBLPrototypeBinding::AttributeChanged] with DOMAttrModified, <xul:progressmeter mode> Core XBL smaug VERI FIXE 2011-06-13
405299 Firefox file input focus stealing through label element dispatch mouse click event Core Layout: Form Control smaug VERI FIXE 2008-03-22
411072 "focus" Event can be used to set focus on file input and selectively capture keystrokes, which can be used to upload arbitrary files Core Security smaug VERI FIXE 2008-09-29
71 bugs found.
REST | CSV | Feed | iCalendar
Change Columns 		Edit Search