416628
|
|
O(n^2) blowup due to overlong cx->tempPool arena list
|
Core
|
JavaScript Engine
|
brendan
|
RESO
|
FIXE
|
2008-05-07
|
306534
|
|
[FIX]###!!! ASSERTION: Float frame has wrong parent: 'floatFrame->GetParent() == mBlock', file nsBlockReflowState.cpp, line 835
|
Core
|
Layout: Block and In
|
bzbarsky
|
RESO
|
FIXE
|
2008-03-12
|
413250
|
|
chrome directory traversal (local disk access via "flat" addons)
|
Core
|
General
|
dveditz
|
RESO
|
FIXE
|
2009-06-16
|
406686
|
|
I can still steal your bank login (spoofing using <xul:popup>, take 2)
|
Core
|
General
|
enndeakin
|
RESO
|
FIXE
|
2008-03-28
|
411092
|
|
XPCNativeWrapper pollution using setTimeout()
|
Core
|
XPConnect
|
mrbkap
|
RESO
|
FIXE
|
2008-03-25
|
411093
|
|
XPCNativeWrapper pollution using Function constructor
|
Core
|
XPConnect
|
mrbkap
|
RESO
|
FIXE
|
2008-03-26
|
390813
|
|
Overlay scripts compiled using principal of first document sourcing overlay
|
Core
|
XUL
|
smaug
|
RESO
|
FIXE
|
2008-07-31
|
336303
|
|
[FIX]nsPrincipal::GetOrigin should dig into nested URIs
|
Core
|
Security
|
bzbarsky
|
RESO
|
FIXE
|
2008-03-25
|
295922
|
|
Client Auth "select cert automatically" is considered a privacy issue
|
Core Graveyard
|
Security: UI
|
dveditz
|
RESO
|
FIXE
|
2016-09-27
|
402995
|
|
jar: protocol content can use LiveConnect to connect to arbitrary ports on localhost
|
Core
|
Security
|
dveditz
|
RESO
|
FIXE
|
2008-10-22
|
415034
|
|
Referer spoofing by including '@' in URL
|
Core
|
Networking: HTTP
|
dveditz
|
RESO
|
FIXE
|
2008-04-16
|
415496
|
|
bad userpass URL parsing leads to addon install spoofing
|
Core
|
Networking
|
dveditz
|
RESO
|
FIXE
|
2008-03-25
|
417086
|
|
Use of colon (:) in hash/anchor part of chrome URL when using window.open results in an error.
|
Firefox
|
General
|
dveditz
|
RESO
|
FIXE
|
2008-03-22
|
415700
|
|
Search engine aliases can "take over" the location bar
|
Firefox
|
Search
|
rflint
|
RESO
|
FIXE
|
2008-05-07
|
403167
|
|
XSS by using XMLDocument.load() and event handler
|
Core
|
DOM: Core & HTML
|
smaug
|
RESO
|
FIXE
|
2019-03-13
|
403168
|
|
XSS by using XMLHttpRequest and event handler
|
Core
|
DOM: Core & HTML
|
smaug
|
RESO
|
FIXE
|
2019-03-13
|
416896
|
|
[FIX]2.0.0.12 causes <a> elements not to be recognised when inspected in firebug
|
Core
|
CSS Parsing and Comp
|
bzbarsky
|
RESO
|
FIXE
|
2008-03-17
|
381081
|
|
include en-US in shipped-locales
|
Firefox Build System
|
General
|
nrthomas
|
RESO
|
FIXE
|
2018-11-26
|
416183
|
|
add afrikaans to shipped-locales
|
Thunderbird
|
Build Config
|
nrthomas
|
RESO
|
FIXE
|
2008-04-23
|
375745
|
|
Unsubscribing from feeds still shows in list until manager is closed
|
MailNews Core
|
Feed Reader
|
bugzilla.mozilla.org-3
|
RESO
|
FIXE
|
2009-05-05
|
386376
|
|
Impossible to implement a content sniffer in JS due to recursive GetService calls (nsIContentSniffer, JavaScript)
|
Core
|
Networking: HTTP
|
cbiesinger
|
RESO
|
FIXE
|
2008-03-14
|
415116
|
|
Chrome urls not "skin" or "locale" are assumed to be "content"
|
Core
|
General
|
dveditz
|
RESO
|
FIXE
|
2008-03-24
|
415401
|
|
Arbitrary Referer Spoofing with Empty Username
|
Core
|
Networking: HTTP
|
dveditz
|
RESO
|
FIXE
|
2010-06-08
|
415500
|
|
bad userpass URL parsing leads to HelperApp dialog spoofing
|
Firefox
|
File Handling
|
dveditz
|
RESO
|
FIXE
|
2008-04-01
|
421840
|
|
land attachment 308078 on trunk to fix regressions from 415034
|
Core
|
Networking
|
dveditz
|
RESO
|
FIXE
|
2008-03-17
|
409796
|
|
No pictures shown in saved file (file name and folder name, containing that file, is in cyrillic)
|
Core Graveyard
|
File Handling
|
ivanov
|
RESO
|
FIXE
|
2016-06-22
|
415135
|
|
Slow/Hang/lock-up on long From lines in header with high cpu
|
MailNews Core
|
MIME
|
mnyromyr
|
RESO
|
FIXE
|
2008-07-31
|
363891
|
|
Indirect use of eval can run code with the wrong principal.
|
Core
|
JavaScript Engine
|
mrbkap
|
RESO
|
FIXE
|
2013-03-26
|
397188
|
|
FCK Editor no longer working on Firefox trunk
|
Core
|
JavaScript Engine
|
mrbkap
|
RESO
|
FIXE
|
2008-03-14
|
414749
|
|
nsJSUtils::GetCallingLocation doesn't deal with null principals well
|
Core
|
DOM: Core & HTML
|
mrbkap
|
RESO
|
FIXE
|
2019-03-13
|
415030
|
|
Security check in js_ValueToFunctionObject uses the wrong principal
|
Core
|
JavaScript Engine
|
mrbkap
|
RESO
|
FIXE
|
2013-03-26
|
415292
|
|
some Help content broken in fr locale
|
Firefox Graveyard
|
Help Documentation
|
nobody
|
RESO
|
FIXE
|
2016-04-22
|
405783
|
|
Midas crashes [@ GetNearestCapturingView] when iframe style is changed during editing
|
Core
|
DOM: UI Events & Foc
|
smaug
|
RESO
|
FIXE
|
2019-03-13
|
419116
|
|
Sending mail through SMTP server that doesn't require user:pass fails
|
MailNews Core
|
Composition
|
standard8
|
RESO
|
FIXE
|
2014-01-01
|
416354
|
|
Missing SAVE_SP_AND_PC in JSOP_NEG
|
Core
|
JavaScript Engine
|
igor
|
VERI
|
FIXE
|
2008-03-29
|
416705
|
|
throw from xml filter leaves pending block objects unput
|
Core
|
JavaScript Engine
|
igor
|
VERI
|
FIXE
|
2008-04-21
|
328258
|
|
Firefox "ARGB32_image_ARGB32 ()" .gif File Processing DoS
|
Core
|
Graphics
|
jd.bugzilla
|
VERI
|
FIXE
|
2011-08-10
|
399286
|
|
port fix for mac large image crasher to 1.8 branch
|
Core
|
Graphics
|
jd.bugzilla
|
VERI
|
FIXE
|
2009-01-22
|
387390
|
|
The fix for bug 384750 can be circumvented
|
Core
|
Security
|
mrbkap
|
VERI
|
FIXE
|
2008-03-26
|
417780
|
|
content-disposition with filename containing "./" attempts to create temporary file called "/tmp"
|
Firefox
|
File Handling
|
dveditz
|
VERI
|
FIXE
|
2008-04-16
|
412926
|
|
JS_ValueToId(cx, JSVAL_NULL) should return atom for 'null' string
|
Core
|
JavaScript Engine
|
igor
|
VERI
|
FIXE
|
2008-03-29
|
417617
|
|
DOMParser.parseFromString in Greasemonkey script causes "ASSERTION: Should have inner window here!"
|
Core
|
DOM: Core & HTML
|
smaug
|
VERI
|
FIXE
|
2019-03-13
|
419718
|
|
Crash if <CANVAS> destroyed but drawing context kept
|
Core
|
Graphics: Canvas2D
|
vladimir
|
VERI
|
FIXE
|
2013-08-25
|
417421
|
|
Loss of back forward buttons when switching between 1.8 and 1.9
|
Firefox
|
Toolbars and Customi
|
dao+bmo
|
VERI
|
FIXE
|
2008-05-13
|
357172
|
|
mail invitation text garbled (VCALENDAR not recognized as UTF-8)
|
MailNews Core
|
MIME
|
bugzilla.mozilla.org-3
|
VERI
|
FIXE
|
2008-07-31
|
415342
|
|
[fr] Content help is broken on MOZILLA_1_8_BRANCH
|
Mozilla Localization
|
fr / French
|
cedric.corazza
|
VERI
|
FIXE
|
2008-02-15
|
393432
|
|
Firefox crashes sometimes if you click the back button on www.userfriendly.org [@ DummyParserRequest::Cancel 334d84da]
|
Core
|
DOM: HTML Parser
|
colin
|
VERI
|
FIXE
|
2011-06-09
|
415191
|
|
Check in rdf/chrome version of bug 413250
|
Core
|
General
|
dveditz
|
VERI
|
FIXE
|
2008-03-25
|
384871
|
|
[1.8 branch] Crash [@ DocumentViewerImpl::Destroy] with popup as root element, setting autoPosition and reloading
|
Core
|
Layout
|
enndeakin
|
VERI
|
FIXE
|
2011-06-13
|
416329
|
|
Correct Ria Klaassen's name in "Credits"
|
Firefox
|
General
|
gavin.sharp
|
VERI
|
FIXE
|
2008-03-12
|
414755
|
|
Missing SAVE_SP_AND_PC in STORE_(NUMBER|INT|UINT)
|
Core
|
JavaScript Engine
|
igor
|
VERI
|
FIXE
|
2008-03-29
|
420880
|
|
Assertion failure: fp, in jsobj.c
|
Core
|
JavaScript Engine
|
igor
|
VERI
|
FIXE
|
2008-03-25
|
382509
|
|
Disallow indirect eval
|
Core
|
JavaScript Engine
|
mrbkap
|
VERI
|
FIXE
|
2010-09-01
|
383381
|
|
docs.google.com depends on indirect eval
|
Core
|
JavaScript Engine
|
mrbkap
|
VERI
|
FIXE
|
2008-04-09
|
383682
|
|
eval is too dynamic (js1_5/Regress/regress-68498-003.js)
|
Core
|
JavaScript Engine
|
mrbkap
|
VERI
|
FIXE
|
2016-05-11
|
384750
|
|
Arbitrary code execution by polluting implicit XPCNativeWrapper (without using eval)
|
Core
|
DOM: Core & HTML
|
mrbkap
|
VERI
|
FIXE
|
2019-03-13
|
387084
|
|
"View Page Info" is broken
|
Firefox
|
Page Info Window
|
mrbkap
|
VERI
|
FIXE
|
2008-04-09
|
417876
|
|
[lt] Collision of shortcut keys in extension update screen
|
Mozilla Localization
|
lt / Lithuanian
|
rimas
|
VERI
|
FIXE
|
2008-02-28
|
415827
|
|
Crash when zooming
|
Core
|
Layout
|
roc
|
VERI
|
FIXE
|
2008-04-03
|
414856
|
|
Firefox 2.0.0.12 RC1 breaks Stylish with "TypeError: stylesheet has no properties"
|
Core
|
XML
|
smaug
|
VERI
|
FIXE
|
2008-03-17
|