343293
|
|
[FIX]Crash [@ nsLayoutUtils::GetFloatFromPlaceholder] using ::first-line, floats, caption and generated content
|
Core
|
Layout: Floats
|
bzbarsky
|
RESO
|
FIXE
|
2011-06-13
|
362701
|
|
[FIX]<math display="block"> does not respect floats
|
Core
|
MathML
|
bzbarsky
|
RESO
|
FIXE
|
2007-01-30
|
363679
|
|
R_X86_64_PC32 relocations in nsLDAPBERElement.cpp building trunk thunderbird
|
Firefox Build System
|
General
|
dbaron
|
RESO
|
FIXE
|
2018-03-02
|
315933
|
|
The slash in empty element tags in XML are red in view source
|
Core
|
DOM: HTML Parser
|
mrbkap
|
RESO
|
FIXE
|
2009-03-13
|
314980
|
|
DOM element.getAttribute() method error (CAttributeToken::SanitizeKey())
|
Core
|
DOM: HTML Parser
|
mrbkap
|
RESO
|
FIXE
|
2007-01-11
|
347852
|
|
reload leaks data from cache to end of page after hash collision in cache
|
Core
|
Networking
|
alfredkayser
|
RESO
|
FIXE
|
2007-02-23
|
366112
|
|
[FIX]Crash with naked <xul:nativescrollbar> [@ nsNativeScrollbarFrame::Hookup] [@ nsIFrame::GetContent]
|
Core
|
XBL
|
bzbarsky
|
RESO
|
FIXE
|
2007-12-17
|
367243
|
|
Crash [@ nsCounterList::SetScope] messing with counter-increment
|
Core
|
CSS Parsing and Comp
|
bzbarsky
|
RESO
|
FIXE
|
2007-12-17
|
368655
|
|
[FIX]Easy DoS by <img src="javascript:for(;;);"> even if javascript disabled
|
Core
|
DOM: Core & HTML
|
bzbarsky
|
RESO
|
FIXE
|
2019-03-13
|
368714
|
|
[FIX]Sandbox evaluation should handle branch callbacks
|
Core
|
XPConnect
|
bzbarsky
|
RESO
|
FIXE
|
2007-02-06
|
363355
|
|
[fr] Fixing typo for Firefox in 1.8.0 branch, 1.8 branch
|
Mozilla Localization
|
fr / French
|
cedric.corazza
|
RESO
|
FIXE
|
2007-03-25
|
370445
|
|
embedded nulls in location.hostname confuse same-origin checks (Zalewski XSS vulnerability)
|
Core
|
Networking
|
dveditz
|
RESO
|
FIXE
|
2007-02-26
|
364158
|
|
New version of JEP (0.9.6), please land on trunk and branches
|
Core Graveyard
|
Plug-ins
|
jaas
|
RESO
|
FIXE
|
2022-05-16
|
326864
|
|
Crash [@ XULPopupListenerImpl::PreLaunchPopup] involving "menupopup.menu = null;"
|
Core
|
XUL
|
jstenback+bmo
|
RESO
|
FIXE
|
2011-06-13
|
366082
|
|
Possible Remote Code Execution from adobe reader (mem corruption)
|
Core Graveyard
|
Plug-ins
|
jstenback+bmo
|
RESO
|
FIXE
|
2022-05-16
|
360493
|
|
Cross-Site Forms + Password Manager = Security Failure
|
Toolkit
|
Password Manager
|
mconnor
|
RESO
|
FIXE
|
2022-10-05
|
364599
|
|
Some new created profile files are write protected, for example bookmarks.html and localstore.rdf
|
Mozilla Localization
|
de / German
|
moco
|
RESO
|
FIXE
|
2010-12-24
|
369102
|
|
semi-support installing 1.5.0.x back over 2.0.0.x (after a major update), and 2.0.x back over 3.0.x
|
Firefox
|
Installer
|
moco
|
RESO
|
FIXE
|
2007-03-15
|
370266
|
|
Read-only files in DE 2.0.0.2 RC2 - \defaults\profile
|
Mozilla Localization
|
de / German
|
moco
|
RESO
|
FIXE
|
2007-02-17
|
364398
|
|
Crash [@ nsXBLPrototypeHandler::GetHandlerElement] when <key> is removed from DOM
|
Core
|
XBL
|
smaug
|
RESO
|
FIXE
|
2007-03-20
|
361332
|
|
Need a better way to determine if an NSPR_CO_TAG can pulled by date
|
Firefox Build System
|
General
|
wtc
|
RESO
|
FIXE
|
2018-03-02
|
363070
|
|
Upgrade NSS on trunk and branches
|
Firefox Build System
|
General
|
wtc
|
RESO
|
FIXE
|
2018-03-02
|
366292
|
|
__defineSetter__("x", ...) changes x's value to the string "__lookupSetter__"
|
Core
|
JavaScript Engine
|
brendan
|
VERI
|
FIXE
|
2007-01-29
|
366468
|
|
Trying to set a value on a property without a setter crashes (Assertion failure: !SPROP_HAS_STUB_SETTER(sprop), at m:/trunk/mozilla/js/src/jsobj.c:3697)
|
Core
|
JavaScript Engine
|
brendan
|
VERI
|
FIXE
|
2007-01-29
|
367589
|
|
"Assertion failure: !SPROP_HAS_STUB_SETTER(sprop) || (sprop->attrs & JSPROP_GETTER)"
|
Core
|
JavaScript Engine
|
brendan
|
VERI
|
FIXE
|
2007-12-14
|
360511
|
|
[FIX]Going back to page with URL hash (#foo) doesn't show hash part
|
Core
|
DOM: Navigation
|
bzbarsky
|
VERI
|
FIXE
|
2009-07-10
|
362716
|
|
[FIX]crash in [@ nsXBLPrototypeHandler::AppendHandlerText]
|
Core
|
XBL
|
bzbarsky
|
VERI
|
FIXE
|
2007-02-08
|
362837
|
|
[FIX]Different-domain subframe can't document.write/document.open to itself (DHTML Menu does not display when using masked domains)
|
Core
|
Security
|
bzbarsky
|
VERI
|
FIXE
|
2007-01-08
|
363235
|
|
[FIX]Regression with display of image placeholders when an invalid protocol is used
|
Core
|
Layout
|
bzbarsky
|
VERI
|
FIXE
|
2007-01-12
|
366123
|
|
compiling long XML filtering predicate hangs
|
Core
|
JavaScript Engine
|
igor
|
VERI
|
FIXE
|
2008-02-11
|
364037
|
|
xsl:copy-of a xsl:variable which contains a node crashes mozilla
|
Core
|
XSLT
|
peterv
|
VERI
|
FIXE
|
2007-01-05
|
315473
|
|
Investigate allowing NULs in attribute keys
|
Core
|
DOM: HTML Parser
|
mrbkap
|
VERI
|
FIXE
|
2008-08-22
|
363791
|
|
Crash [@ nsTreeBodyFrame::PrefillPropertyArray] involving removal of <treecols>
|
Core
|
XUL
|
asqueella
|
VERI
|
FIXE
|
2011-06-13
|
337124
|
|
Crash [@ nsTableRowGroupFrame::GetNumLines] with table-row-group/table-column-group [@ nsTableRowGroupFrame::IncrementalReflow]
|
Core
|
Layout: Tables
|
bernd_mozilla
|
VERI
|
FIXE
|
2011-06-09
|
362724
|
|
Crash [@ nsIView::Destroy] on print preview
|
Core
|
Layout
|
bernd_mozilla
|
VERI
|
FIXE
|
2011-06-13
|
362872
|
|
script can drop a watchpoint that is in use
|
Core
|
JavaScript Engine
|
brendan
|
VERI
|
FIXE
|
2007-08-08
|
366396
|
|
"Assertion failure: !SPROP_HAS_STUB_GETTER(sprop)" with setter and %=
|
Core
|
JavaScript Engine
|
brendan
|
VERI
|
FIXE
|
2007-05-16
|
356280
|
|
[FIX](i)Frames that do not specify a charset inherit it from parent across sites
|
Core
|
Security
|
bzbarsky
|
VERI
|
FIXE
|
2008-06-26
|
367906
|
|
[FIX]counter of CSS is broken
|
Core
|
Layout: Block and In
|
bzbarsky
|
VERI
|
FIXE
|
2007-01-26
|
347155
|
|
Crash due to too much recursion [@ js_FoldConstants] with deeply nested e4x literal
|
Core
|
JavaScript Engine
|
crowderbt
|
VERI
|
FIXE
|
2011-06-09
|
355497
|
|
Stack overflow with Array.slice, getter for "0"
|
Core
|
JavaScript Engine
|
crowderbt
|
VERI
|
FIXE
|
2007-05-16
|
367118
|
|
Potential memory corruption in script_compile
|
Core
|
JavaScript Engine
|
crowderbt
|
VERI
|
FIXE
|
2007-05-06
|
367119
|
|
Potential memory corruption in script_exec
|
Core
|
JavaScript Engine
|
crowderbt
|
VERI
|
FIXE
|
2007-05-06
|
367120
|
|
Potential memory corruption in script_toSource and script_toString
|
Core
|
JavaScript Engine
|
crowderbt
|
VERI
|
FIXE
|
2007-05-06
|
368763
|
|
Arbitrary code execution by using javascript: url with <img> tag
|
Core
|
Security
|
crowderbt
|
VERI
|
FIXE
|
2007-08-06
|
367504
|
|
Hang with -moz-inline-block, float ("yikes! spinning on a line over 1000 times!")
|
Core
|
Layout
|
dbaron
|
VERI
|
FIXE
|
2007-10-04
|
365234
|
|
Scrolled items in listbox are invisible (Firefox profile manager doesn't show 6+ profiles correctly)
|
Core
|
XUL
|
enndeakin
|
VERI
|
FIXE
|
2008-07-31
|
298960
|
|
-remote can no longer handle commas or quotes
|
Toolkit
|
Startup and Profile
|
gavin.sharp
|
VERI
|
FIXE
|
2008-07-31
|
357853
|
|
if no browser window exists, "-new-tab <url>" commandline argument does not open <url>
|
Firefox
|
General
|
gavin.sharp
|
VERI
|
FIXE
|
2010-09-17
|
369427
|
|
Showing a blocked pop-up bypasses CheckLoadURI (can load file: URLs)
|
Firefox
|
Security
|
gavin.sharp
|
VERI
|
FIXE
|
2007-02-22
|
367501
|
|
getter/setter issue is not yet fixed on branches
|
Core
|
JavaScript Engine
|
general
|
VERI
|
FIXE
|
2007-08-08
|
313967
|
|
Performance issue when loading a very large script!
|
Core
|
JavaScript Engine
|
igor
|
VERI
|
FIXE
|
2007-01-29
|
354297
|
|
GC_MARK_DEBUG: getter/setter can be on index
|
Core
|
JavaScript Engine
|
igor
|
VERI
|
FIXE
|
2007-02-28
|
365527
|
|
JSOP_ARGUMENTS does not set obj register
|
Core
|
JavaScript Engine
|
igor
|
VERI
|
FIXE
|
2007-05-06
|
365692
|
|
getter/setter bytecodes assume number of atoms is less then 64K
|
Core
|
JavaScript Engine
|
igor
|
VERI
|
FIXE
|
2007-08-08
|
366122
|
|
large script miscompiles
|
Core
|
JavaScript Engine
|
igor
|
VERI
|
FIXE
|
2007-06-14
|
366601
|
|
switch assumes all atom indexes below 64K
|
Core
|
JavaScript Engine
|
igor
|
VERI
|
FIXE
|
2007-08-08
|
364692
|
|
[Fx 2.0.0.1/1.5.0.9 regression] Can't view talkbacks on ynet.co.il
|
Core
|
DOM: Core & HTML
|
jonas
|
VERI
|
FIXE
|
2019-03-13
|
337716
|
|
Crash [@ js_GetSlotThreadSafe nsGetInterface::operator JS_GetParent] with testcase, using iframe/timers/alert
|
Core
|
DOM: Core & HTML
|
jstenback+bmo
|
VERI
|
FIXE
|
2019-03-13
|
354973
|
|
Yet Another PopupBlocker XSS
|
Core
|
Security
|
jstenback+bmo
|
VERI
|
FIXE
|
2007-02-23
|
364104
|
|
Array.indexOf endless loop
|
Core
|
JavaScript Engine
|
jwalden
|
VERI
|
FIXE
|
2007-01-29
|
362951
|
|
Crash [@ nsPasswordManager::Init]
|
Toolkit
|
Password Manager
|
martijn.martijn
|
VERI
|
FIXE
|
2011-06-13
|
363960
|
|
Crash when clicking on the image inside a designMode-enabled IFRAME [@ nsHTMLEditor::SetShadowPosition]
|
Core
|
DOM: Editor
|
martijn.martijn
|
VERI
|
FIXE
|
2007-01-25
|
364412
|
|
Crash when updating in nsIncrementalDownload::OnStartRequest, attempting to allocate a huge amount of memory (was "[Mac] Crash when updating from FF 2->2.0.0.1")
|
Toolkit
|
Application Update
|
moco
|
VERI
|
FIXE
|
2010-09-06
|
368082
|
|
update history status says "Install Pending" after major update
|
Toolkit
|
Application Update
|
moco
|
VERI
|
FIXE
|
2008-07-31
|
368661
|
|
on install, remove the updates directory, updates.xml and the active-update.xml file
|
Firefox
|
Installer
|
moco
|
VERI
|
FIXE
|
2007-09-19
|
366129
|
|
Firefox installs wrong version of Java on Windows Vista
|
addons.mozilla.org G
|
Plugins
|
morgamic
|
VERI
|
FIXE
|
2016-02-05
|
365553
|
|
Update browser/toolkit copyright dates to 2007
|
Firefox
|
General
|
philringnalda
|
VERI
|
FIXE
|
2007-02-16
|
344228
|
|
Crash [@ nsTreeBodyFrame::VisibilityChanged] [@ nsGfxScrollFrameInner::SetScrollbarVisibility]
|
Core
|
XUL
|
roc
|
VERI
|
FIXE
|
2011-06-13
|
359371
|
|
Float in column disappears; crash [@ nsBlockFrame::IsFloatContainingBlock] [@ nsBlockFrame::ClearLineCursor]
|
Core
|
Layout: Floats
|
roc
|
VERI
|
FIXE
|
2011-06-13
|
361298
|
|
URL spoof using custom cursor with CSS3 hotspot
|
Core
|
Layout
|
roc
|
VERI
|
FIXE
|
2007-10-04
|
363813
|
|
Crash [@ nsHTMLReflowState::nsHTMLReflowState][@ nsRuleNode::Mark] with unminimised testcase, using generated content and lots of floats
|
Core
|
Layout
|
roc
|
VERI
|
FIXE
|
2011-06-13
|
358415
|
|
Crash [@ nsHTMLCSSUtils::GetCSSInlinePropertyBase] when inputing title of new blog entry on blogger.com before page is entirely loaded up
|
Core
|
DOM: Editor
|
smaug
|
VERI
|
FIXE
|
2007-01-20
|
364718
|
|
Crash [@ nsXULElement::HandleDOMEvent]
|
Core
|
DOM: Events
|
smaug
|
VERI
|
FIXE
|
2007-02-07
|
165296
|
|
Crash in TB09 [@ nsAddrDatabase::GetListRowByRowID ] importing an address book with a mailing list for the 2nd time.
|
MailNews Core
|
Import
|
standard8
|
VERI
|
FIXE
|
2008-07-31
|
363988
|
|
huge javascript crashes firefox [@ JS_GetPrivate()]
|
Core
|
JavaScript Engine
|
sync2d
|
VERI
|
FIXE
|
2011-06-09
|
364023
|
|
LITOPX DEFFUN is exploitable
|
Core
|
JavaScript Engine
|
sync2d
|
VERI
|
FIXE
|
2024-06-26
|
357333
|
|
Branches only: build using a supported NSS 3.11 tag
|
Core
|
Security: PSM
|
wtc
|
VERI
|
FIXE
|
2007-01-22
|