413250
|
|
chrome directory traversal (local disk access via "flat" addons)
|
Core
|
General
|
dveditz
|
RESO
|
FIXE
|
2009-06-16
|
413451
|
|
Bug 413250 allows to steal data from sessionstore.js
|
Core
|
Security
|
dveditz
|
RESO
|
FIXE
|
2008-01-30
|
408076
|
|
out of bounds read in BMP decoder can lead to information disclosure
|
Core
|
Graphics: ImageLib
|
gavin.sharp
|
RESO
|
FIXE
|
2008-03-12
|
405818
|
|
[FIX]Opening about:config results in warning about unresponsive script
|
Core
|
CSS Parsing and Comp
|
bzbarsky
|
RESO
|
FIXE
|
2008-03-20
|
408257
|
|
script timer not being reset when Microsoft Silverlight plug-in fires event callbacks to Javascript.
|
Core Graveyard
|
Plug-ins
|
jstenback+bmo
|
RESO
|
FIXE
|
2022-05-16
|
416183
|
|
add afrikaans to shipped-locales
|
Thunderbird
|
Build Config
|
nrthomas
|
RESO
|
FIXE
|
2008-04-23
|
411960
|
|
Build Break: XForms 1.8
|
Core Graveyard
|
XForms
|
aaronr
|
RESO
|
FIXE
|
2016-07-15
|
405303
|
|
Add ID to View -> Layout menupopup to make overlaying easier for extensions (e.g. Lightning)
|
Thunderbird
|
Mail Window Front En
|
bugzilla
|
RESO
|
FIXE
|
2008-02-13
|
387258
|
|
plain text txt file viewing capability lost after having downloaded a txt file with content-disposition: attachment and content-type: plain/text
|
Core Graveyard
|
File Handling
|
bzbarsky
|
RESO
|
FIXE
|
2016-08-26
|
396613
|
|
Crash [@gklayout!nsTableFrame::GetFrameAtOrBefore]
|
Core
|
Layout
|
bzbarsky
|
RESO
|
FIXE
|
2008-05-23
|
397427
|
|
[FIX]Stylesheet href property shows redirected URL unlike other browsers
|
Core
|
CSS Parsing and Comp
|
bzbarsky
|
RESO
|
FIXE
|
2010-02-23
|
403090
|
|
[FIX]Found text is no longer highlighted within INPUT text fields and TEXTAREAs
|
SeaMonkey
|
Search
|
bzbarsky
|
RESO
|
FIXE
|
2008-07-31
|
410456
|
|
URL autocomplete shows double entries
|
Core
|
XBL
|
bzbarsky
|
RESO
|
FIXE
|
2008-03-18
|
404003
|
|
Fix the window size of account manager in Thunderbird Ko
|
Mozilla Localization
|
ko / Korean
|
channy
|
RESO
|
FIXE
|
2007-12-28
|
409622
|
|
문자셋 오타
|
Mozilla Localization
|
ko / Korean
|
channy
|
RESO
|
FIXE
|
2007-12-28
|
410744
|
|
Wrong tranlsate popupWarningMultiple of browser.properties
|
Mozilla Localization
|
ko / Korean
|
channy
|
RESO
|
FIXE
|
2008-01-11
|
415116
|
|
Chrome urls not "skin" or "locale" are assumed to be "content"
|
Core
|
General
|
dveditz
|
RESO
|
FIXE
|
2008-03-24
|
402054
|
|
Updates for Thunderbird translation in Afrikaans
|
Mozilla Localization
|
af / Afrikaans
|
dwayne
|
RESO
|
FIXE
|
2008-01-28
|
411487
|
|
Updates for Thunderbird translation in Afrikaans
|
Mozilla Localization
|
af / Afrikaans
|
dwayne
|
RESO
|
FIXE
|
2008-01-28
|
413499
|
|
Updates for Thunderbird translation in Afrikaans
|
Mozilla Localization
|
af / Afrikaans
|
dwayne
|
RESO
|
FIXE
|
2008-01-28
|
413899
|
|
Updates for Thunderbird translation in Afrikaans
|
Mozilla Localization
|
af / Afrikaans
|
dwayne
|
RESO
|
FIXE
|
2008-01-28
|
403052
|
|
Relicence moz*TXTToHTMLConv files
|
Core
|
Networking
|
gerv
|
RESO
|
FIXE
|
2008-01-29
|
377808
|
|
0x7d ("}") should be disallowed in hostnames
|
Core
|
Networking
|
jruderman
|
RESO
|
FIXE
|
2008-03-10
|
410658
|
|
add Ukrainian to the builds
|
Thunderbird
|
Build Config
|
l10n
|
RESO
|
FIXE
|
2008-03-12
|
375292
|
|
Stray tmprules.dat files created when getting new messages
|
MailNews Core
|
Filters
|
legion
|
RESO
|
FIXE
|
2010-09-17
|
403258
|
|
[10.5] When using an SDK, many configure checks fail
|
Firefox Build System
|
General
|
mark
|
RESO
|
FIXE
|
2018-03-02
|
326035
|
|
Page Up and Page Down do not hide cursor
|
Core
|
Widget: Cocoa
|
markus
|
RESO
|
FIXE
|
2008-01-30
|
342511
|
|
correcting another word (with spell checker) doesn't cause current word to be spell-checked
|
Core
|
Spelling checker
|
martijn.martijn
|
RESO
|
FIXE
|
2008-01-30
|
279505
|
|
Crash in pop-up window on parent.close() due to double free. [@ nsCSSFrameConstructor::RestyleEvent::HandleEvent]
|
Core
|
DOM: Events
|
MatsPalmgren_bugz
|
RESO
|
FIXE
|
2008-03-21
|
407842
|
|
Crash with very large font-size (XIOError exit)
|
Core Graveyard
|
GFX: Gtk
|
MatsPalmgren_bugz
|
RESO
|
FIXE
|
2009-01-22
|
372075
|
|
javascript: URI evaluation should use sandboxed context for toString, etc
|
Core
|
DOM: Core & HTML
|
mrbkap
|
RESO
|
FIXE
|
2019-03-13
|
408034
|
|
"click" MouseEvent can be used to set focus on file input and selectively capture keystrokes, which can be used to upload arbitrary files
|
Firefox
|
Security
|
nobody
|
RESO
|
DUPL
|
2008-02-07
|
415292
|
|
some Help content broken in fr locale
|
Firefox Graveyard
|
Help Documentation
|
nobody
|
RESO
|
FIXE
|
2016-04-22
|
301291
|
|
Forward-inline ignores outgoing-charset preference
|
MailNews Core
|
Composition
|
petr.hroudny
|
RESO
|
FIXE
|
2008-07-31
|
407646
|
|
Update mail/ copyright dates to 2008
|
Thunderbird
|
General
|
philringnalda
|
RESO
|
FIXE
|
2008-01-02
|
413299
|
|
I object to application/object-stream
|
Thunderbird
|
Preferences
|
philringnalda
|
RESO
|
FIXE
|
2008-02-13
|
152156
|
|
filepicker dialog freezes mozilla redraw
|
Core
|
XUL
|
sergei_d
|
RESO
|
WONT
|
2011-10-11
|
185946
|
|
filepicker crashes Mozilla on second press of Open/Browse buttons on web-pages
|
Core
|
XUL
|
sergei_d
|
RESO
|
INVA
|
2012-06-07
|
404264
|
|
Junk Mail Controls to stop abnormally when processing email with null "from" (sender)
|
MailNews Core
|
Address Book
|
standard8
|
RESO
|
FIXE
|
2008-07-31
|
409576
|
|
[uk] quotes, apostrophes and fixes
|
Mozilla Localization
|
uk / Ukrainian
|
tim.babych
|
RESO
|
FIXE
|
2008-01-17
|
408164
|
|
Web forgery warning not shown until tab switch
|
Toolkit
|
Safe Browsing
|
tony
|
RESO
|
FIXE
|
2014-05-27
|
283493
|
|
flushing of training data during session practically never happens due to too high "# of changes" threshold
|
MailNews Core
|
Filters
|
tuukka.tolvanen
|
RESO
|
FIXE
|
2008-07-31
|
406617
|
|
Finnish (fi) search engine huuto.net not 100% functional
|
Mozilla Localization
|
fi / Finnish
|
ville.pohjanheimo
|
RESO
|
FIXE
|
2008-01-28
|
391028
|
|
drawImage with broken PNG draws random memory
|
Core
|
Graphics: Canvas2D
|
vladimir
|
RESO
|
FIXE
|
2008-03-20
|
392944
|
|
ecma_3/extensions/regress-320854.js FAIL
|
Core
|
JavaScript Engine
|
brendan
|
VERI
|
FIXE
|
2008-01-28
|
398668
|
|
[FIX]Crash [@ JS_GetPrivate] with binding with destructor, setting javascript disabled, reloading and going back
|
Core
|
XBL
|
bzbarsky
|
VERI
|
FIXE
|
2011-06-09
|
400556
|
|
[FIX]Vulnerability allows script to see where user is headed, sniff history, and crash [@ nsDocShell::Destroy()] the browser too
|
Core
|
DOM: Core & HTML
|
bzbarsky
|
VERI
|
FIXE
|
2019-03-13
|
402150
|
|
Buffer overrun [@ nsDocument::RetrieveRelevantHeaders] at provided URL
|
Core
|
DOM: Core & HTML
|
dveditz
|
VERI
|
FIXE
|
2019-03-13
|
408256
|
|
Use a constant-size buffer in BMP decoder to reduce fragmentation
|
Core
|
Graphics: ImageLib
|
gavin.sharp
|
VERI
|
FIXE
|
2008-03-12
|
394610
|
|
Content can corrupt stored passwords by injecting line breaks
|
Toolkit
|
Password Manager
|
jdinbox
|
VERI
|
FIXE
|
2009-01-06
|
399298
|
|
Bypassing XPCNativeWrapper by redefining XPCNativeWrapper
|
Core
|
Security
|
mrbkap
|
VERI
|
FIXE
|
2008-03-22
|
406572
|
|
JSOP_CLOSURE unconditionally replaces properties of the variable object
|
Core
|
JavaScript Engine
|
igor
|
VERI
|
FIXE
|
2012-10-16
|
404252
|
|
Potential XSS vulnerability because of U+0008 being treated as whitespace
|
Core
|
DOM: HTML Parser
|
mrbkap
|
VERI
|
FIXE
|
2008-05-08
|
407289
|
|
XPCNativeWrapper calls untrusted functions during construction
|
Core
|
XPConnect
|
mrbkap
|
VERI
|
FIXE
|
2008-07-08
|
197052
|
|
crash if modification innerHTML of element in this element [@ js_EmitTree ]
|
Core
|
DOM: Core & HTML
|
smaug
|
VERI
|
FIXE
|
2011-06-09
|
373344
|
|
Mousedown event listener changing body style and alert()ing crashes [@ PresShell::HandleEventInternal] browser
|
Core
|
DOM: UI Events & Foc
|
smaug
|
VERI
|
FIXE
|
2019-03-13
|
407161
|
|
Garbled Japanese after bug 381412, XSS variant still possible
|
Core
|
DOM: HTML Parser
|
VYV03354
|
VERI
|
FIXE
|
2008-03-25
|
407635
|
|
Update browser/toolkit copyright dates to 2008
|
Firefox
|
General
|
philringnalda
|
VERI
|
FIXE
|
2008-01-30
|
367538
|
|
Firefox Phishing Protection bypass
|
Toolkit
|
Safe Browsing
|
tony
|
VERI
|
FIXE
|
2014-05-27
|
406036
|
|
putImageData draws random memory
|
Core
|
Graphics: Canvas2D
|
vladimir
|
VERI
|
FIXE
|
2008-02-07
|
364801
|
|
ASSERTION: Some frame destructors were not called with this testcase that makes scrollbars disappear
|
Core
|
Layout
|
roc
|
VERI
|
FIXE
|
2008-03-20
|
393141
|
|
Crash [@ nsAccessibilityService::GetAccessible] with display:none option inside optgroup
|
Core
|
Disability Access AP
|
aaronlev
|
VERI
|
FIXE
|
2011-06-13
|
408419
|
|
Shipping of the French dictionary in Firefox 2.x/3.x and Thunderbird 2.x/3.x
|
Mozilla Localization
|
fr / French
|
bugzilla.fr
|
VERI
|
FIXE
|
2008-01-05
|
404627
|
|
[FIX]XPinstall whitelist bypass using refresh after fix for bug 402649
|
Core
|
DOM: Core & HTML
|
bzbarsky
|
VERI
|
FIXE
|
2019-03-13
|
405340
|
|
[fr] Maps service in Thunderbird is broken (in addressbook)
|
Mozilla Localization
|
fr / French
|
cedric.corazza
|
VERI
|
FIXE
|
2008-02-12
|
407978
|
|
[fr] Missing letter in customizeCharset.dtd
|
Mozilla Localization
|
fr / French
|
cedric.corazza
|
VERI
|
FIXE
|
2007-12-13
|
409257
|
|
[fr] Typo in Thunderbird 2.x
|
Mozilla Localization
|
fr / French
|
cedric.corazza
|
VERI
|
FIXE
|
2007-12-21
|
314874
|
|
Function.call/apply pass thisArg.valueOf() as the this value when thisArg is not a primitive value
|
Core
|
JavaScript Engine
|
crowderbt
|
VERI
|
FIXE
|
2008-01-13
|
415191
|
|
Check in rdf/chrome version of bug 413250
|
Core
|
General
|
dveditz
|
VERI
|
FIXE
|
2008-03-25
|
404051
|
|
Add .es to IDN TLD whitelist
|
Core
|
Networking
|
gerv
|
VERI
|
FIXE
|
2008-01-29
|
406314
|
|
Add .ir to the IDN whitelist
|
Core
|
Networking
|
gerv
|
VERI
|
FIXE
|
2008-01-29
|
398085
|
|
Crash with large switch statement [@ js_Interpret]
|
Core
|
JavaScript Engine
|
igor
|
VERI
|
FIXE
|
2012-01-23
|
406555
|
|
the decompiler should not depend on JS_C_STRINGS_ARE_UTF8
|
Core
|
JavaScript Engine
|
igor
|
VERI
|
FIXE
|
2008-02-07
|
407720
|
|
js_FindClassObject causes crashes with getter/setter
|
Core
|
JavaScript Engine
|
igor
|
VERI
|
FIXE
|
2008-03-25
|
409515
|
|
Please enable Afrikaans (af) for Thunderbird 2 (MOZILLA_1_8_BRANCH)
|
Thunderbird
|
Build Config
|
l10n
|
VERI
|
FIXE
|
2008-03-12
|
362516
|
|
Cannot select address bar through Alt+D when FastFind is focused (only for IT Italian version)
|
Mozilla Localization
|
it / Italian
|
l10n-it
|
VERI
|
FIXE
|
2008-01-17
|
401319
|
|
link in help to plugins is broken
|
Mozilla Localization
|
it / Italian
|
l10n-it
|
VERI
|
FIXE
|
2008-01-16
|
412327
|
|
Update Italian it-IT Wikipedia search plugin to support suggestions
|
Mozilla Localization
|
it / Italian
|
l10n-it
|
VERI
|
FIXE
|
2008-01-16
|
411728
|
|
Update Polish Wikipedia search plugin to support suggestions
|
Mozilla Localization
|
pl / Polish
|
marcoos+bmo
|
VERI
|
FIXE
|
2008-02-17
|
408755
|
|
Update MOZILLA_1_8_BRANCH to NSPR_4_6_8_RTM for Leopard build compatibility
|
Firefox Build System
|
General
|
mark
|
VERI
|
FIXE
|
2018-03-02
|
408935
|
|
Can't --disable-xpcom-obsolete in a 1.8 branch static build
|
Firefox Build System
|
General
|
mark
|
VERI
|
FIXE
|
2018-03-02
|
409027
|
|
transformiix builds with conflicting visibility on 1.8 branch due to header name collision
|
Firefox Build System
|
General
|
mark
|
VERI
|
FIXE
|
2018-03-02
|
409066
|
|
sNativeRegionPool visibility is wrong in libgkgfx
|
Core Graveyard
|
GFX: Mac
|
mark
|
VERI
|
FIXE
|
2009-01-22
|
409849
|
|
1.8 branch build for ppc with gcc 4.0 fails: .../nsCanvasRenderingContext2D.cpp: 1026: error: invalid conversion from 'int' to 'CGImageAlphaInfo'
|
Core
|
Graphics: Canvas2D
|
mark
|
VERI
|
FIXE
|
2008-01-30
|
384937
|
|
crashes [@ nsFrameManager::Destroy] upon loading page with iframe
|
Core
|
Layout
|
MatsPalmgren_bugz
|
VERI
|
FIXE
|
2011-06-13
|
395374
|
|
Send Unsent Messages fails silently in offline mode
|
Thunderbird
|
Mail Window Front En
|
mkmelin+mozilla
|
VERI
|
FIXE
|
2008-02-25
|
368864
|
|
Menu selection is invisible in SeaMonkey 1.1 on Warp 3
|
SeaMonkey
|
General
|
mozilla
|
VERI
|
FIXE
|
2007-12-28
|
403989
|
|
Cannot save images with SeaMonkey any more
|
Core
|
XPCOM
|
mozilla
|
VERI
|
FIXE
|
2007-12-28
|
405440
|
|
IMAP cache broken if the message download is not finished due to user interaction (offline-use case, even after fix of 386514)
|
Thunderbird
|
General
|
mozilla
|
VERI
|
FIXE
|
2010-06-27
|
363597
|
|
XSS by using javascript: url
|
Core
|
Security
|
mrbkap
|
VERI
|
FIXE
|
2008-02-07
|
375344
|
|
accessing prototype of DOM objects throws uncatchable error
|
Core
|
JavaScript Engine
|
mrbkap
|
VERI
|
FIXE
|
2010-02-11
|
390597
|
|
watch point + eval-as-setter allows access to dead JSStackFrame
|
Core
|
JavaScript Engine
|
mrbkap
|
VERI
|
FIXE
|
2008-03-29
|
394337
|
|
Crash [@gklayout!nsBindingManager::GetNestedInsertionPoint]
|
Core
|
XBL
|
nobody
|
VERI
|
FIXE
|
2011-06-13
|
400792
|
|
recursive document.write leads to crash
|
Core
|
General
|
nobody
|
VERI
|
FIXE
|
2009-09-12
|
404391
|
|
Firefox input and file focus stealing through label
|
Core
|
Layout: Form Control
|
nobody
|
VERI
|
FIXE
|
2008-01-29
|
412701
|
|
Crash in nsCSSFrameConstructor::RestyleEvent::HandleEvent when closing
|
Thunderbird
|
General
|
nobody
|
VERI
|
FIXE
|
2008-01-19
|
333821
|
|
Capital (uppercase) J cannot be typed when entering text in some fields in Thunderbird
|
Thunderbird
|
General
|
philringnalda
|
VERI
|
FIXE
|
2008-02-25
|
378340
|
|
SpamAssasin typo in mailnews.js - causes "trust spamassassin" not to work
|
Thunderbird
|
Preferences
|
philringnalda
|
VERI
|
FIXE
|
2010-09-17
|
346405
|
|
[columns] crash [@ nsColumnSetFrame::GetContentInsertionFrame] and [@ nsLineLayout::TrimTrailingWhiteSpaceIn]
|
Core
|
Layout
|
roc
|
VERI
|
FIXE
|
2011-06-13
|
399963
|
|
Wrong translation in Thunderbird 2.0
|
Mozilla Localization
|
es-ES / Spanish
|
rpmdisguise-nave
|
VERI
|
FIXE
|
2007-12-20
|
405347
|
|
'Redo' translated as if it was 'Repeat'
|
Mozilla Localization
|
es-ES / Spanish
|
rpmdisguise-nave
|
VERI
|
FIXE
|
2007-12-20
|
381291
|
|
Stephen Donner's name is misspelled in credits.xhtml
|
Firefox
|
General
|
sdwilsh
|
VERI
|
FIXE
|
2008-01-22
|
393761
|
|
XSS and Arbitrary code execution by using XMLDocument.load() and event handler
|
Core
|
Security
|
smaug
|
VERI
|
FIXE
|
2008-06-11
|
393762
|
|
Arbitrary code execution using an event handler attached to an element whose owner document has no script global object
|
Core
|
Security
|
smaug
|
VERI
|
FIXE
|
2009-03-19
|
398088
|
|
Crash [@ nsXBLPrototypeBinding::AttributeChanged] with DOMAttrModified, <xul:progressmeter mode>
|
Core
|
XBL
|
smaug
|
VERI
|
FIXE
|
2011-06-13
|
404451
|
|
Sample exploit for Bug 404391
|
Core
|
Security
|
smaug
|
VERI
|
FIXE
|
2008-02-07
|
405299
|
|
Firefox file input focus stealing through label element dispatch mouse click event
|
Core
|
Layout: Form Control
|
smaug
|
VERI
|
FIXE
|
2008-03-22
|
411072
|
|
"focus" Event can be used to set focus on file input and selectively capture keystrokes, which can be used to upload arbitrary files
|
Core
|
Security
|
smaug
|
VERI
|
FIXE
|
2008-09-29
|
411073
|
|
File upload input focus stealing: if click event is canceled on label with tabindex, focus is set on file text entry field
|
Core
|
Security
|
smaug
|
VERI
|
FIXE
|
2008-09-29
|
411075
|
|
File upload input focus stealing: focus can be set on text input element and remains following change to file type
|
Core
|
Security
|
smaug
|
VERI
|
FIXE
|
2008-09-29
|
411077
|
|
File upload input focus stealing: by setting font size larger than page, any user mouse click will set focus in file element
|
Core
|
Security
|
smaug
|
VERI
|
FIXE
|
2008-09-29
|
411080
|
|
File upload input focus stealing: any "tab" keydown events can be used to set focus in file input element
|
Core
|
Security
|
smaug
|
VERI
|
FIXE
|
2008-09-29
|
413135
|
|
Prevent canceling individual keystrokes on input type="file"
|
Core
|
DOM: Core & HTML
|
smaug
|
VERI
|
FIXE
|
2008-09-04
|
414856
|
|
Firefox 2.0.0.12 RC1 breaks Stylish with "TypeError: stylesheet has no properties"
|
Core
|
XML
|
smaug
|
VERI
|
FIXE
|
2008-03-17
|
398499
|
|
Crash in DispatchEventToHandlers(EventTargetRec*, OpaqueEventRef*, HandlerCallRec*
|
Core Graveyard
|
Widget: Mac
|
smichaud
|
VERI
|
FIXE
|
2009-11-21
|
406214
|
|
Dialogs with checkbox have focus on checkbox rather than on the default button
|
Core
|
XUL
|
smichaud
|
VERI
|
FIXE
|
2008-01-22
|
410320
|
|
Crash when deleting mail, if two windows for the mail are opened [@ nsMsgMailSession::OnItemEvent]
|
MailNews Core
|
Backend
|
standard8
|
VERI
|
FIXE
|
2008-07-31
|
312018
|
|
Page with "long" title saved as PDF as "Untitled.pdf"
|
Core
|
Printing: Output
|
stuart.morgan+bugzilla
|
VERI
|
FIXE
|
2008-12-26
|
405584
|
|
Canvas.drawImage method is not working
|
Core
|
Graphics: Canvas2D
|
vladimir
|
VERI
|
FIXE
|
2010-09-17
|