| 755284
|
|
Fingerprintable information in update behavior
|
Toolkit
|
Application Update
|
nobody
|
UNCO
|
---
|
2024-06-10
|
| 973422
|
|
'clear recent history' forgets what page you're really on
|
Toolkit
|
Data Sanitization
|
nobody
|
UNCO
|
---
|
2022-01-24
|
| 1534581
|
|
Exposed chrome:// resources allow browser version, OS, and locale detection
|
Core
|
Security
|
nobody
|
UNCO
|
---
|
2022-10-11
|
| 1696632
|
|
User tracking (privacy violation) via cached HTTP 301 permanent redirects
|
Core
|
Networking: HTTP
|
nobody
|
UNCO
|
---
|
2022-09-08
|
| 1828374
|
|
miss matching cache in Firefox could be result in network traffic hijacking or information leaking
|
Core
|
Networking: Cache
|
nobody
|
UNCO
|
---
|
2023-04-30
|
| 960875
|
|
Optionally limit possible browser size to increments of some number
|
Core
|
DOM: Core & HTML
|
nobody
|
UNCO
|
---
|
2022-10-11
|
| 1605229
|
|
use Bing InPrivate search in Firefox's Private mode when Bing is set as default search engine
|
Firefox
|
Search
|
nobody
|
UNCO
|
---
|
2023-12-03
|
| 320925
|
|
"Clear private data" (sanitize) feature should have an option to clear the last used download target directory name and path
|
Firefox
|
Settings UI
|
nobody
|
UNCO
|
---
|
2022-10-10
|
| 402398
|
|
data insecurity - winXP with more users -> also session restore for other users!
|
Toolkit
|
Startup and Profile
|
nobody
|
UNCO
|
---
|
2022-10-10
|
| 650827
|
|
Implement the Right to Be Forgotten on Thunderbird's mail headers
|
Thunderbird
|
Message Compose Wind
|
nobody
|
UNCO
|
---
|
2022-10-10
|
| 662257
|
|
Save attachment folder defaults to Thunderbird installation folder if last folder used is disconnected network directory / share
|
Thunderbird
|
OS Integration
|
nobody
|
UNCO
|
---
|
2015-09-26
|
| 679921
|
|
sessionstore.json sessionstore.bak not encrypted (SeaMonkey and Firefox)
|
SeaMonkey
|
Session Restore
|
nobody
|
UNCO
|
---
|
2012-03-21
|
| 705544
|
|
Preferences/Privacy/History does not honour my setting
|
Firefox
|
Settings UI
|
nobody
|
UNCO
|
---
|
2022-10-10
|
| 705704
|
|
Hide email address in From: selection
|
Thunderbird
|
Message Compose Wind
|
nobody
|
UNCO
|
---
|
2022-10-10
|
| 891629
|
|
Blocking storage of HSTS data for third-party domains (when requested)
|
Core
|
Security
|
nobody
|
UNCO
|
---
|
2022-10-10
|
| 962552
|
|
Clear history completely
|
Firefox
|
General
|
nobody
|
UNCO
|
---
|
2022-10-11
|
| 1033374
|
|
impossible to copy-paste parts of a link without visiting it. text select opens link
|
Thunderbird
|
Message Reader UI
|
nobody
|
UNCO
|
---
|
2024-05-01
|
| 1279720
|
|
Require "Search Google for <message text selection>" feature from message reader context menu to be opt-in (to avoid accidental privacy violations)
|
Thunderbird
|
Message Reader UI
|
nobody
|
UNCO
|
---
|
2023-02-14
|
| 1287952
|
|
Feature rqst: Same behavior for third-party content as for cookies in Firefox
|
Core
|
General
|
nobody
|
UNCO
|
---
|
2022-10-11
|
| 1741519
|
|
RFE: confidentiality classification (msip_labels)
|
Thunderbird
|
Message Compose Wind
|
nobody
|
UNCO
|
---
|
2024-05-23
|
| 1743305
|
|
Pure CSS browser fingerprinting and cross-origin CSS 'supercookie'.
|
Core
|
CSS Parsing and Comp
|
nobody
|
UNCO
|
---
|
2022-09-26
|
| 1758660
|
|
Received mail reveals default identity/mail-address
|
Thunderbird
|
Message Compose Wind
|
nobody
|
UNCO
|
---
|
2022-08-26
|
| 1839046
|
|
Link preview in iOS cannot be disabled
|
Focus
|
Security: iOS
|
nobody
|
UNCO
|
---
|
2023-09-21
|
| 1884361
|
|
No clearing of cookies on the site mail.ru
|
Toolkit
|
Data Sanitization
|
nobody
|
UNCO
|
---
|
2024-06-09
|
| 1898608
|
|
sanitize/clean recipients: option to automatically remove display names from addresses before sending mail
|
Thunderbird
|
Message Compose Wind
|
nobody
|
UNCO
|
---
|
2024-06-18
|
| 1906841
|
|
Email drafts get sent on autosave
|
Thunderbird
|
Message Compose Wind
|
nobody
|
UNCO
|
---
|
Tue 04:18
|
| 1152448
|
|
"Forget About This Site" does not forget site's enumerateDevices Ids
|
Core
|
WebRTC: Audio/Video
|
nobody
|
NEW
|
---
|
Tue 09:35
|
| 1401362
|
|
Consider disabling BroadcastChannel in contexts where storage is disabled
|
Core
|
DOM: Core & HTML
|
nobody
|
NEW
|
---
|
2023-12-06
|
| 1484916
|
|
Firefox for iOS does not show an indicator for "passive" mixed-content
|
Firefox for iOS
|
General
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1623256
|
|
Page steals focus from doorhanger while editing details of a newly saved password
|
Core
|
DOM: UI Events & Foc
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1679518
|
|
Pasting an image from browser into composition silently defaults to linking and *not* attaching the inline image to the message
|
MailNews Core
|
Composition
|
nobody
|
NEW
|
---
|
2022-11-08
|
| 1711084
|
|
Scheme flooding technique for reliable cross-browser fingerprinting
|
Core
|
Privacy: Anti-Tracki
|
nobody
|
NEW
|
---
|
2023-04-26
|
| 1742946
|
|
Catch-all identity/email address leaks into guest list when accepting invitation - should honor catch-all and use the invited email address
|
Calendar
|
E-mail based Schedul
|
nobody
|
NEW
|
---
|
2022-08-17
|
| 1827837
|
|
Some entries may persist as tags when the original bookmark was removed
|
Toolkit
|
Places
|
nobody
|
NEW
|
---
|
2023-04-26
|
| 271917
|
|
Bcc: and Cc: fall back to To: in compose window when double clicking a contact/email address/recipient/mailing list in contacts sidebar
|
Thunderbird
|
Message Compose Wind
|
acelists
|
NEW
|
---
|
2024-05-17
|
| 1868814
|
|
Pressing ⌘Return in the address bar doesn't open a new tab in the current container
|
Firefox
|
Address Bar
|
jberman
|
NEW
|
---
|
2024-07-10
|
| 263290
|
|
view-source: protocol allows viewing "cache-control: no-store" pages that are no longer being displayed
|
Core
|
Networking: Cache
|
nobody
|
NEW
|
---
|
2022-10-10
|
| 463607
|
|
Interaction of Clear Recent History dialog and the private browsing mode
|
Firefox
|
Private Browsing
|
nobody
|
NEW
|
---
|
2024-01-21
|
| 464417
|
|
Forget About this Site doesn't close open tabs
|
Toolkit
|
Data Sanitization
|
nobody
|
NEW
|
---
|
2022-01-25
|
| 475881
|
|
Private browsing mode warning doesn't mention that newly-installed client certificates are not cleared when exiting private browsing mode
|
Firefox
|
Private Browsing
|
nobody
|
NEW
|
---
|
2022-10-10
|
| 513421
|
|
Never remember history option should notify the user that previous history won't be removed
|
Firefox
|
Settings UI
|
nobody
|
NEW
|
---
|
2022-10-10
|
| 530594
|
|
Session restore can result in excessive session cookie lifespan
|
Firefox
|
Session Restore
|
nobody
|
NEW
|
---
|
2024-05-15
|
| 606403
|
|
Forget About this Site doesn't purge entries in session history
|
Toolkit
|
Data Sanitization
|
nobody
|
NEW
|
---
|
12:32:32
|
| 652002
|
|
Clear Recent History must clear OCSP cache when "Site Specific Settings" is checked
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-10
|
| 652003
|
|
Clear Recent History must clear intermediate certs cached during the given time period
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-10
|
| 657237
|
|
Session tickets generated by libssl leak length of client certificate
|
NSS
|
Libraries
|
nobody
|
NEW
|
---
|
2023-11-06
|
| 724179
|
|
Gecko sends cookies and HTTP auth credentials in mixed-content requests
|
Core
|
DOM: Security
|
nobody
|
NEW
|
---
|
2022-10-10
|
| 736373
|
|
Limit or remove OS information in User-Agent
|
Core
|
Networking: HTTP
|
nobody
|
NEW
|
---
|
2024-06-10
|
| 803582
|
|
Usage of OCSP fetching makes Firefox slow
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2023-09-02
|
| 907707
|
|
Security issues related to users making directories available to a page via <input type=file directory> or drag-and-drop
|
Core
|
DOM: Forms
|
nobody
|
NEW
|
---
|
2022-10-10
|
| 912202
|
|
Unify site-specific and third party permission across all forms of local storage
|
Core
|
Storage: IndexedDB
|
nobody
|
NEW
|
---
|
2022-10-10
|
| 1102808
|
|
[meta] Clear Recent History / Forget button blind spots
|
Toolkit
|
Data Sanitization
|
nobody
|
NEW
|
---
|
2024-05-14
|
| 1233846
|
|
WebSpeech Synthesis API mustn't allow fingerprinting
|
Core
|
Web Speech
|
nobody
|
NEW
|
---
|
2023-10-02
|
| 1245578
|
|
nsCookieService is not shutdown-safe
|
Core
|
Networking: Cookies
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1265356
|
|
Downloads with blocked data should be deleted after some time
|
Toolkit
|
Downloads API
|
nobody
|
NEW
|
---
|
2024-04-11
|
| 1293420
|
|
Should we disable mix-blend-mode because it can lead to a history leakage attack?
|
Core
|
CSS Parsing and Comp
|
nobody
|
NEW
|
---
|
2023-10-08
|
| 1315203
|
|
XSHM: Cross Site History Manipulation (information leakage)
|
Core
|
DOM: Navigation
|
nobody
|
NEW
|
---
|
2024-01-01
|
| 1333186
|
|
Cannot deny camera/microphone sharing permissions individually
|
Core
|
WebRTC
|
nobody
|
NEW
|
---
|
2023-02-24
|
| 1372288
|
|
[meta] WebExtensions can be used as user fingerprint
|
WebExtensions
|
General
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1382708
|
|
Unable to manually clear recently closed tabs
|
Firefox for iOS
|
Firefox Accounts
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1391236
|
|
Unable to restrict saving entered keystrokes in the places.sqlite file's moz_inputhistory table (privacy issue)
|
Toolkit
|
Places
|
nobody
|
NEW
|
---
|
2022-12-19
|
| 1398414
|
|
Key :visited per origin (first-party-isolation / partitioning for :visited).
|
Core
|
CSS Parsing and Comp
|
nobody
|
NEW
|
---
|
2024-05-09
|
| 1405971
|
|
Webextension UUID leak via Fetch requests
|
WebExtensions
|
General
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1420653
|
|
DeviceId is persisted even if cookies are disabled, allowing persistent fingerprint
|
Core
|
WebRTC: Audio/Video
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1422482
|
|
OS username disclosure using downloads manager
|
Firefox
|
Downloads Panel
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1427244
|
|
Enforce privacy settings on next startup, when previous application close was due to a crash
|
Firefox
|
Session Restore
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1489853
|
|
keyword.enabled not honored with trailing colon for about:
|
Firefox
|
Address Bar
|
nobody
|
NEW
|
---
|
2023-01-03
|
| 1517520
|
|
Links clicked in Browser Toolbox in private mode are opened in normal mode, leading to the urls and data being stored with them forever in chrome_debugger_profile.
|
DevTools
|
General
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1536382
|
|
Implement requestPermission() for DeviceOrientationEvent and DeviceMotionEvent
|
Core
|
DOM: Device Interfac
|
nobody
|
NEW
|
---
|
2023-11-16
|
| 1543897
|
|
Session Restore just restored a private window
|
Firefox
|
Session Restore
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1546295
|
|
Forget about this site does not delete notification data
|
Toolkit
|
Data Sanitization
|
nobody
|
NEW
|
---
|
2023-12-27
|
| 1546969
|
|
Privacy leak in private browsing mode via downloading data
|
Toolkit
|
Downloads API
|
nobody
|
NEW
|
---
|
2024-04-14
|
| 1568911
|
|
2kb of cache returns after deleting from about:preferences#privacy -> Cookies -> Clear data...
|
Firefox
|
Settings UI
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1639597
|
|
Persistent Private mode is not kept after Restart to update intervention is selected.
|
Firefox
|
Address Bar
|
nobody
|
NEW
|
---
|
2022-12-19
|
| 1642623
|
|
User's search term is accidentally sent to ISP without user's consent.
|
Firefox
|
Address Bar
|
nobody
|
NEW
|
---
|
2022-08-31
|
| 1700465
|
|
saving har logs for tech support may expose your credentials and user is not warned about it
|
DevTools
|
Netmonitor
|
nobody
|
NEW
|
---
|
2021-03-26
|
| 1730797
|
|
Using capped, unpartitioned thread-pools for cross-site and / or cross-profile communication
|
Core
|
Privacy: Anti-Tracki
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1742707
|
|
Default button on dialog widget triggers even when modifier keys are used, but should react to plain `Enter` keypress only
|
Toolkit
|
UI Widgets
|
nobody
|
NEW
|
---
|
2023-11-20
|
| 1826842
|
|
Visiting discord.gg invite link bypasses private browsing due to its local server
|
Firefox
|
Private Browsing
|
nobody
|
NEW
|
---
|
2023-06-13
|
| 1839230
|
|
Firefox 114 "Clear History" does not clear download history
|
Firefox
|
Downloads Panel
|
nobody
|
NEW
|
---
|
2023-11-01
|
| 1839479
|
|
Permissions preserved between Private Browsing sessions (e.g. HTTPS-only mode exceptions)
|
Core
|
Permission Manager
|
nobody
|
NEW
|
---
|
2023-06-26
|
| 1841429
|
|
Firefox 115 Bookmark Toolbar - Firefox connects(preload) with a right click to web page
|
Firefox
|
Bookmarks & History
|
nobody
|
NEW
|
---
|
2023-07-21
|
| 1853005
|
|
Malicious File Downloads via detecting header differences between the <embed> Tag and "save video" context menu item
|
Firefox
|
Menus
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1872607
|
|
keyword.enabled suggests to execute a search if the typed string ends with *
|
Firefox
|
Address Bar
|
nobody
|
NEW
|
---
|
2024-01-22
|
| 1880634
|
|
MozTogglePictureInPicture event is visible to web content
|
Toolkit
|
Picture-in-Picture
|
nobody
|
NEW
|
---
|
2024-06-02
|
| 1892524
|
|
Mv3 add-on's request to always access a site is persisted even if requested wrt a site in Private Browsing
|
WebExtensions
|
General
|
nobody
|
NEW
|
---
|
2024-05-06
|
| 1892638
|
|
Vulnerability - a website could detect opening the browser devtools with 100% accuracy due to a bug in previewers.js
|
DevTools
|
Console
|
nobody
|
NEW
|
---
|
2024-06-04
|
| 1276177
|
|
Security Disclosure: Malicious use of the phone's Gyroscope
|
Core
|
DOM: Device Interfac
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 253331
|
|
Search bar's text should be cleared after a search is performed
|
Firefox
|
Search
|
nobody
|
NEW
|
---
|
2023-08-30
|
| 279562
|
|
Copy and paste of an ftp link can reveal account/password
|
Core
|
DOM: Serializers
|
nobody
|
NEW
|
---
|
2020-12-14
|
| 317260
|
|
Clear Private Data should use safe deletion (data scrubbing)
|
Toolkit
|
Data Sanitization
|
nobody
|
NEW
|
---
|
2022-01-24
|
| 446261
|
|
Clear Private Data should also reset last directory saved to
|
Toolkit
|
Data Sanitization
|
nobody
|
NEW
|
---
|
2022-01-24
|
| 565740
|
|
Clear the chrome search field input when navigated away from the results page, and make it tab-specific
|
Firefox
|
General
|
nobody
|
NEW
|
---
|
2022-10-17
|
| 572650
|
|
[meta] Reduce the amount of data and entropy sent out in HTTP requests
|
Core
|
Networking: HTTP
|
nobody
|
NEW
|
---
|
2024-06-10
|
| 605658
|
|
Home page settings are revealed in about:support but should be hidden unless needed for support
|
Toolkit
|
General
|
nobody
|
NEW
|
---
|
2023-04-19
|
| 644020
|
|
Client cert dialog should indicate whether cert will be sent in the clear or encrypted
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2022-10-10
|
| 1156107
|
|
<meta name=referrer> doesn't work when a popup created via target=_blank on a javascript: URI is navigated by that javascript: URI
|
Core
|
DOM: Navigation
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1211669
|
|
The Clock is Still Ticking: Timing Attacks in the Modern Web
|
Core
|
DOM: Core & HTML
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1233289
|
|
Focusing the searchbar shouldn't refetch suggestions
|
Firefox
|
Search
|
nobody
|
NEW
|
---
|
2021-01-29
|
| 1310626
|
|
Don't make thumbnails of pages where the camera is in use
|
Firefox
|
New Tab Page
|
nobody
|
NEW
|
---
|
2022-11-14
|
| 1393387
|
|
Some registry folders, values and data are not deleted after uninstalling Firefox
|
Firefox
|
Installer
|
nobody
|
NEW
|
---
|
2022-10-10
|
| 1749129
|
|
Side-channel attack can deanonymize users (potential risk to journalists and activists)
|
Core
|
DOM: Core & HTML
|
nobody
|
NEW
|
---
|
2023-06-06
|
| 1768639
|
|
Bookmarks sidebar folder opening state is shared/stored from private windows (persisted after Firefox restart)
|
Firefox
|
Bookmarks & History
|
nobody
|
NEW
|
---
|
2023-01-27
|
| 1810358
|
|
Android Mozilla Screenshot Prevention Bug
|
Fenix
|
General
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1890914
|
|
pwa cookies, account history leak from private mode
|
Fenix
|
PWA
|
nobody
|
NEW
|
---
|
2024-06-12
|
| 941139
|
|
Changing sender of reopened draft message (with 1 other field manually prefilled) does not prompt to save msg when closing: verify / finetune behaviour of gContentChanged with senders/identities (which might involve auto-cc/bcc recipients)
|
Thunderbird
|
Message Compose Wind
|
acelists
|
NEW
|
---
|
2013-11-26
|
| 136782
|
|
"Send Page" should not put a link for file:/// URLs into the compose frame
|
SeaMonkey
|
MailNews: Message Di
|
mail
|
NEW
|
---
|
2008-07-20
|
| 186834
|
|
Removing POP account does not forget password
|
SeaMonkey
|
MailNews: Account Co
|
mail
|
NEW
|
---
|
2021-03-10
|
| 442526
|
|
Remote content in e-mails is blocked even if explicitly allowed for a message when "Accept all images" is not selected
|
SeaMonkey
|
MailNews: Message Di
|
mail
|
NEW
|
---
|
2008-06-28
|
| 24418
|
|
[meta] Allow user to turn on and off rendering of video/audio (disable sound)
|
Core
|
Audio/Video: Playbac
|
nobody
|
NEW
|
---
|
2022-10-10
|
| 58979
|
|
store all compose temp files in directory under /tmp, and remove that directory on quit
|
MailNews Core
|
Composition
|
nobody
|
NEW
|
---
|
2023-08-14
|
| 64800
|
|
Deletion of news accounts don't delete newsrc files
|
MailNews Core
|
Networking: NNTP
|
nobody
|
NEW
|
---
|
2021-11-20
|
| 67702
|
|
Forwarding mail should remove JavaScript from the message
|
MailNews Core
|
Security
|
nobody
|
NEW
|
---
|
2022-10-10
|
| 102015
|
|
Recent Pages list cannot be cleared from prefs dialog
|
SeaMonkey
|
Composer
|
nobody
|
NEW
|
---
|
2009-06-01
|
| 220370
|
|
Allow user to select which address book(s) to use for autocompletion (expose existing per-AB pref to include/exclude AB from auto-completing); prevent privacy issues when inactive/undesired addresses are autocompleted
|
Thunderbird
|
Address Book
|
nobody
|
NEW
|
---
|
2022-10-10
|
| 241572
|
|
Drop file into HTML message body should not generate "file://" URL text
|
MailNews Core
|
Composition
|
nobody
|
NEW
|
---
|
2022-10-10
|
| 257309
|
|
Return receipts should not reveal forwarded email addresses in headers
|
MailNews Core
|
Backend
|
nobody
|
NEW
|
---
|
2022-10-10
|
| 263220
|
|
Block remote images: Investigate ways of not whitelisting if From: address same as To: (forgery)
|
Thunderbird
|
Message Reader UI
|
nobody
|
NEW
|
---
|
2022-10-10
|
| 278176
|
|
Remote server hits reading mail possible using news: (gopher no longer a problem)
|
Thunderbird
|
Security
|
nobody
|
NEW
|
---
|
2022-10-10
|
| 286888
|
|
Always make compacting folders automatic, with no UI
|
MailNews Core
|
Backend
|
nobody
|
NEW
|
---
|
2022-10-10
|
| 307828
|
|
Information leak of file names being viewed from web pages
|
Firefox
|
File Handling
|
nobody
|
NEW
|
---
|
2022-10-10
|
| 314755
|
|
sanitization at shutdown sometimes fails (resulting in a confirmation dialog for clearing private data when firefox starts)
|
Firefox
|
General
|
nobody
|
NEW
|
---
|
2024-02-03
|
| 342612
|
|
training.dat leaks words in encrypted email
|
Thunderbird
|
Security
|
nobody
|
NEW
|
---
|
2022-10-10
|
| 343999
|
|
window.home() incorrectly handles multiple home pages specified with |
|
Core
|
DOM: Core & HTML
|
nobody
|
NEW
|
---
|
2022-10-10
|
| 353800
|
|
support "Sensitivity" header field (values: personal, private, company confidential) as per RFC 987
|
Thunderbird
|
Mail Window Front En
|
nobody
|
NEW
|
---
|
2024-05-23
|
| 356919
|
|
After sending an e-mail with an attachment received by Thunderbird using SimpleMAPI, the temporary moz_mapi attachment file doesn't get automatically deleted, if the file has read-only attribute or is locked at the time of sending
|
Thunderbird
|
Message Compose Wind
|
nobody
|
NEW
|
---
|
2022-09-13
|
| 378046
|
|
Mail composition: opening/editing attached file sometimes unexpectedly opens/edits original file (only if attachment was added via TB OR drag-and-drop (non-MAPI) AND draft has never been closed yet): MAPI and non-MAPI behaviour should be consistent
|
Thunderbird
|
Message Compose Wind
|
nobody
|
NEW
|
---
|
2023-05-17
|
| 402144
|
|
web-based content handlers could leak secure URIs
|
Firefox
|
File Handling
|
nobody
|
NEW
|
---
|
2022-10-10
|
| 402730
|
|
Purge IMAP cache on exit for privacy
|
Thunderbird
|
Preferences
|
nobody
|
NEW
|
---
|
2024-02-15
|
| 406279
|
|
Changing Master Password Leaves Browser in Logged-In State
|
SeaMonkey
|
Passwords & Permissi
|
nobody
|
NEW
|
---
|
2021-03-10
|
| 407582
|
|
Thunderbird doesn't respect primary email address of OS X address book when sending messages to a list
|
MailNews Core
|
Address Book
|
nobody
|
NEW
|
---
|
2022-10-10
|
| 429846
|
|
Copy and Paste breaks mail-internal links <a href="#anchor"> (private profile links get sent, broken)
|
Thunderbird
|
Message Compose Wind
|
nobody
|
NEW
|
---
|
2015-12-09
|
| 431782
|
|
HTTP redirects can bypass content policies
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2022-10-10
|
| 434457
|
|
Logout-Button doesn't work. (passwords)
|
SeaMonkey
|
Passwords & Permissi
|
nobody
|
NEW
|
---
|
2021-03-10
|
| 493124
|
|
Deleting a closed page in history does not delete its instance as a recently closed tab
|
Firefox
|
Session Restore
|
nobody
|
NEW
|
---
|
2022-10-17
|
| 504330
|
|
Contacts Sidebar hijacks Ctrl+A keybinding in Compose window on MacOS (instead of moving cursor, unexpectedly adds selected contacts as recipients)
|
Thunderbird
|
Message Compose Wind
|
nobody
|
NEW
|
---
|
2022-10-10
|
| 504795
|
|
Page Shows up in Print History
|
Firefox
|
Private Browsing
|
nobody
|
NEW
|
---
|
2022-10-10
|
| 517316
|
|
Opening non-hyperlinked URLs (using context menu) should not send referrer
|
Firefox
|
Menus
|
nobody
|
NEW
|
---
|
2022-10-10
|
| 524874
|
|
Attaching Windows shortcuts (.lnk files) *via drag and drop* lies about file size and type and creates useless attachments (original file with .lnk extension)
|
Thunderbird
|
Message Compose Wind
|
nobody
|
NEW
|
---
|
2022-02-20
|
| 553406
|
|
Crash reporter can leak info from Private Browsing mode
|
Toolkit
|
Crash Reporting
|
nobody
|
NEW
|
---
|
2024-06-26
|
| 563595
|
|
No button to delete local synchronized mail only
|
Thunderbird
|
Account Manager
|
nobody
|
NEW
|
---
|
2022-10-10
|
| 581515
|
|
dragging attachment from received message to compose window can attach the wrong file
|
Thunderbird
|
Message Compose Wind
|
nobody
|
NEW
|
---
|
2022-09-13
|
| 599294
|
|
Let me confirm/pref HTML5 storage for sites
|
Firefox
|
Settings UI
|
nobody
|
NEW
|
---
|
2022-10-10
|
| 616619
|
|
Autocomplete allows sites to see what other sites a user has visited and possible data as well
|
Toolkit
|
Form Manager
|
nobody
|
NEW
|
---
|
2024-04-01
|
| 620853
|
|
Holding Ctrl+Enter a little too long causes unintentional confirmation of "Send Message?" prompt, and sends multiple copies of the message - only plain Enter (without modifier key) should confirm the prompt
|
Thunderbird
|
Message Compose Wind
|
nobody
|
NEW
|
---
|
2024-06-21
|
| 654502
|
|
[meta] Improve Thunderbird's scam / phishing detection and user interaction
|
Thunderbird
|
General
|
nobody
|
NEW
|
---
|
2023-02-17
|
| 659306
|
|
unexptected favicon connection to Web when open Preferences/Applications
|
Firefox
|
Settings UI
|
nobody
|
NEW
|
---
|
2024-02-27
|
| 664634
|
|
Improve Thunderbird's behavior if an invalid certificate is seen for a host with a previous good certificate
|
Thunderbird
|
Security
|
nobody
|
NEW
|
---
|
2022-10-10
|
| 664636
|
|
Thunderbird should (semi-)automatically improve the security-related server configuration settings when it knows an improvement could be made
|
Thunderbird
|
Security
|
nobody
|
NEW
|
---
|
2022-10-10
|
| 666782
|
|
Firefox updates bookmarks favicons while In Private Browsing.
|
Firefox
|
Private Browsing
|
nobody
|
NEW
|
---
|
2022-10-10
|
| 669160
|
|
Search will remember address after deleting all emails and address book entries for that address
|
Thunderbird
|
Search
|
nobody
|
NEW
|
---
|
2022-10-10
|
| 684033
|
|
Protect user privacy by implementing "click to play" for social network buttons
|
Firefox
|
General
|
nobody
|
NEW
|
---
|
2022-10-10
|
| 684035
|
|
Saving attachment from X-Mozilla-External-Attachment-URL presents no dialog before downloading URL
|
Thunderbird
|
Security
|
nobody
|
NEW
|
---
|
2022-10-10
|
| 749541
|
|
Encrypt email addresses in old emails and address book
|
Thunderbird
|
Security
|
nobody
|
NEW
|
---
|
2022-10-10
|
| 818337
|
|
Provide Usable and Effective Third-Party Web Tracking Countermeasures (Meta)
|
Firefox
|
General
|
nobody
|
NEW
|
---
|
2022-10-17
|
| 864047
|
|
Combine -- and Delete -- Special Caches with General Cache
|
SeaMonkey
|
Preferences
|
nobody
|
NEW
|
---
|
2016-03-23
|
| 877159
|
|
[Meta] Tracker bug for attachment paradigm failures - "attach/embed immediate snapshot" VS. "attach/embed later when sending"
|
Thunderbird
|
Message Compose Wind
|
nobody
|
NEW
|
---
|
2024-06-12
|
| 904341
|
|
Content-blocking Add-Ons and Tracking Protection not working with background thumbnails
|
Firefox
|
General
|
nobody
|
NEW
|
---
|
2022-10-10
|
| 921462
|
|
"Reset Firefox" UI does not mention the desktop backup of the old profile
|
Firefox
|
Migration
|
nobody
|
NEW
|
---
|
2023-06-15
|
| 942613
|
|
formhistory.sqlite: Will not be cleared when removing history, when form history is not enabled
|
Toolkit
|
Form Manager
|
nobody
|
NEW
|
---
|
2023-06-24
|
| 959893
|
|
[meta] WebRTC Internal IP Address Leakage
|
Core
|
WebRTC: Signaling
|
nobody
|
NEW
|
---
|
2023-05-16
|
| 989606
|
|
Use Web of Trust data to improve spam/scam detection (wot)
|
Thunderbird
|
Filters
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1028733
|
|
Folder to which a file was saved in Private session, and used for opening in normal session
|
Firefox
|
File Handling
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1038296
|
|
Use of Places and related browsing-history mechanisms in Thunderbird [meta]
|
Thunderbird
|
General
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1074134
|
|
Remote content not blocked in attached messages (forward as attachment) if sender white-listed him/herself in the remote content exceptions (comment #21)
|
Thunderbird
|
Security
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1095967
|
|
Icon of web notification API bypasses CSP and it's request shares cookie between non-private mode and private mode
|
Core
|
DOM: Security
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1167856
|
|
Client configuration leakage via JS/protocol checking
|
Core
|
General
|
nobody
|
NEW
|
---
|
2024-05-30
|
| 1176874
|
|
Restore ability to disable Session Restore completely
|
Firefox
|
Session Restore
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1178104
|
|
Propagate referrer policy throughout the UI: command-click and context menu open link in new tab/window (Port relevant bits from Bug 1113431)
|
SeaMonkey
|
General
|
nobody
|
NEW
|
---
|
2016-12-29
|
| 1180633
|
|
Reply to all with me on Bcc of original message should warn that my identity will be exposed to the recipients
|
Thunderbird
|
Message Compose Wind
|
nobody
|
NEW
|
---
|
2024-05-21
|
| 1336017
|
|
Provide option to block remote content for individual message (after manual un-block) and/or automatically block again after a certain (configurable) amount of time or at the end of the session
|
Thunderbird
|
Security
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1385727
|
|
In SeaMonkey selected text from unrelated message is quoted when right-click replying to another message, cunningly with correct attribution line
|
SeaMonkey
|
MailNews: Compositio
|
nobody
|
NEW
|
---
|
2017-07-30
|
| 1422860
|
|
Privacy Issue: Replying to or forwarding an HTML e-mail with external content (e.g. images), and clicking on it, may load this content without user notification - take 2
|
MailNews Core
|
Composition
|
nobody
|
NEW
|
---
|
2019-08-16
|
| 1425187
|
|
Don't allow shield studies/experiments without any explanation in description what they do and without related Mozilla bug URL with more detailed information
|
Shield
|
Shield Study
|
nobody
|
NEW
|
---
|
2022-07-26
|
| 1579123
|
|
No warning when removing account files fails
|
Thunderbird
|
Account Manager
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1594372
|
|
account setup should not send email address as parameter when over plain http
|
Thunderbird
|
Account Manager
|
nobody
|
NEW
|
---
|
2024-05-31
|
| 1663987
|
|
Site Isolation enables timing attacks against partitioning across simultaneously open tabs
|
Core
|
Security
|
nobody
|
NEW
|
---
|
2024-03-14
|
| 1670078
|
|
Add Support for BIMI (Brand Indicators for Message Identification)
|
Thunderbird
|
Mail Window Front En
|
nobody
|
NEW
|
---
|
2024-06-12
|
| 1700037
|
|
DNS.jsm/account setup should respect network.proxy.socks_remote_dns
|
Thunderbird
|
Account Manager
|
nobody
|
NEW
|
---
|
2021-03-22
|
| 1709560
|
|
Explore not showing *inline* autocomplete suggestions when a full new email address *@* is entered (prevent error-prone, unwanted autocompletion)
|
Thunderbird
|
Address Book
|
nobody
|
NEW
|
---
|
2021-05-14
|
| 1733912
|
|
"Do not send a response" does send response on invitations after selecting Gmail online calendar from `Select Calendar` prompt (vs. local calendar with same email)
|
Calendar
|
E-mail based Schedul
|
nobody
|
NEW
|
---
|
2023-05-03
|
| 1791659
|
|
Implement `Enforce Bcc` checkbox with strict behavior for mailing lists
|
MailNews Core
|
Address Book
|
nobody
|
NEW
|
---
|
2022-09-28
|
| 1793615
|
|
`Copy` context menu of a link in PDF viewer is enabled without text selected and does nothing, like `Paste`. `Copy link` is missing.
|
Thunderbird
|
General
|
nobody
|
NEW
|
---
|
2023-10-26
|
| 1795118
|
|
mail.compose.warn_public_recipients fails for nested mailing lists
|
Thunderbird
|
Message Compose Wind
|
nobody
|
NEW
|
---
|
2023-02-09
|
| 1797061
|
|
Implement `Write > To | Cc | Bcc` submenu for selected mailing list or multiple selection in address book
|
Thunderbird
|
Address Book
|
nobody
|
NEW
|
---
|
2022-11-30
|
| 1799356
|
|
Adding a contact's secondary email address to a Mailing List adds the primary/default email address instead
|
Thunderbird
|
Address Book
|
nobody
|
NEW
|
---
|
2022-11-07
|
| 1807753
|
|
URLs entered in the address bar are leaked to search providers
|
Fenix
|
Search
|
nobody
|
NEW
|
---
|
2024-04-20
|
| 1831879
|
|
The "Save image" and "Download link" context menu items do not have a download confirmation prompt like other browsers, making it possible to leak private tabs by accident
|
Fenix
|
Downloads
|
nobody
|
NEW
|
---
|
2023-06-19
|
| 1852277
|
|
Audit Web APIs for Hardware Acceleration
|
Core
|
Privacy: Anti-Tracki
|
nobody
|
NEW
|
---
|
2023-09-12
|
| 1872360
|
|
Deleted email metadata remains in msf files
|
MailNews Core
|
Database
|
nobody
|
NEW
|
---
|
2024-02-15
|
| 1883633
|
|
Store the exposable (non-uripass) URI in the database for history and favicons
|
Fenix
|
History
|
nobody
|
NEW
|
---
|
2024-05-02
|
| 1890906
|
|
pwa permission leak in private mode
|
Fenix
|
PWA
|
nobody
|
NEW
|
---
|
2024-06-12
|
| 1895517
|
|
[meta] Create in-app notification system
|
Thunderbird
|
General
|
nobody
|
NEW
|
---
|
2024-06-25
|
| 1904308
|
|
Implement fetching notifications from server
|
Thunderbird
|
General
|
nobody
|
NEW
|
---
|
2024-06-25
|
| 1906831
|
|
Saved Passwords not protected by fingerprint if left open when you close phone or switch to another app
|
Fenix
|
Logins
|
nobody
|
NEW
|
---
|
Tue 08:03
|
| 1908470
|
|
Privacy-Preserving Attribution API enabled/disabled detectable
|
Core
|
DOM: Core & HTML
|
nobody
|
NEW
|
---
|
14:39:19
|
| 1092445
|
|
Default reply comment header shows emails to those not logged for accounts without a "real name"
|
Bugzilla
|
User Interface
|
ui
|
NEW
|
---
|
2014-11-03
|
| 1896244
|
|
When "Open new tab" or "Open new window" is executed from taskbutton of browser window, tabs of last closed normal window are unexpectedly restored.
|
Firefox
|
Session Restore
|
sclements
|
ASSI
|
---
|
2024-07-06
|
| 1650511
|
|
URL remains in places.sqlite after deleting from bookmark (corrupt moz_origins)
|
Firefox
|
Bookmarks & History
|
daisuke
|
ASSI
|
---
|
2024-07-10
|
| 1646875
|
|
Cleanup cmd_toggleReturnReceipt (Bug 1644345 followup) and stop discarding identity changes without asking (incl. Return Receipt)
|
Thunderbird
|
Message Compose Wind
|
bugzilla2007
|
ASSI
|
---
|
2020-07-20
|
| 381681
|
|
Form autocomplete information can be seen by evil sites convincing users to press arrow keys
|
Toolkit
|
Form Manager
|
nobody
|
REOP
|
---
|
2024-03-25
|
| 784505
|
|
Fennec shouldn't use the GPS when the tab or app is in the background
|
Core
|
DOM: Geolocation
|
nobody
|
REOP
|
---
|
2022-10-10
|
| 1034842
|
|
Firefox should preload favicons for default protocol services it ships
|
Firefox
|
Settings UI
|
nobody
|
REOP
|
---
|
2022-07-03
|
| 1493596
|
|
Screenshots of logged in pages show up on the New Tab page
|
Firefox
|
New Tab Page
|
nobody
|
REOP
|
---
|
2023-09-07
|
| 1745593
|
|
Twitch audio briefly plays on browser start when the site is pinned in about:home
|
Firefox
|
New Tab Page
|
nobody
|
REOP
|
---
|
2023-01-10
|
| 325506
|
|
Ctrl-Z (undo) reveals visited URLs AFTER clearing history
|
SeaMonkey
|
Bookmarks & History
|
nobody
|
REOP
|
---
|
2017-03-14
|
| 429402
|
|
Oddness with remembered zooming with frames
|
Firefox
|
General
|
nobody
|
REOP
|
---
|
2022-10-10
|
| 524281
|
|
Displaying a feed message (web page mode) that uses script to redirect a different url results in passing the url to the default browser.
|
Thunderbird
|
Message Reader UI
|
nobody
|
REOP
|
---
|
2024-04-22
|
| 565670
|
|
Information disclosure when using notifications and xscreensaver
|
Thunderbird
|
OS Integration
|
nobody
|
REOP
|
---
|
2023-01-16
|
| 823829
|
|
thumbnail service captures pages that have "Cache-Control: no-store" content
|
Firefox
|
Tabbed Browser
|
nobody
|
REOP
|
---
|
2022-10-10
|
| 1225322
|
|
Add "Do not remember browsing history for this site" option in site identity panel
|
Firefox
|
Settings UI
|
nobody
|
REOP
|
---
|
2022-10-11
|