| 418996
|
|
[FIX]Unsigned documents can inject script into signed JARs
|
Core
|
Security: CAPS
|
bzbarsky
|
RESO
|
FIXE
|
2012-08-16
|
| 421715
|
|
canvas.2dcontext.putImageData(array[undefined]) causes a crash [@ JS_GetProperty]
|
Core
|
Graphics: Canvas2D
|
gavin.sharp
|
RESO
|
FIXE
|
2011-06-09
|
| 418356
|
|
[FIX]It's unsafe to use mozIJSSubScriptLoader.loadSubScript() with non-chrome urls or chrome urls whose scheme/host part contain uppercase characters
|
Core
|
Security
|
jstenback+bmo
|
RESO
|
FIXE
|
2009-02-16
|
| 422118
|
|
Crash reading malformed zip [@nsZipArchive::BuildFileList]
|
Core
|
Networking: JAR
|
dveditz
|
RESO
|
FIXE
|
2011-06-13
|
| 419846
|
|
Non-chrome XUL documents can load chrome scripts from the fastload file
|
Core
|
Security
|
jstenback+bmo
|
RESO
|
FIXE
|
2009-01-05
|
| 410156
|
|
URL files (IE bookmarks) cause remote code to run as local file when opened directly
|
Firefox
|
Security
|
robert.strong.bugs
|
RESO
|
FIXE
|
2017-03-10
|
| 418131
|
|
Need a way to detect GTK+ version so we don't break users on major update
|
Toolkit
|
Application Update
|
ventnor.bugzilla
|
RESO
|
FIXE
|
2008-07-31
|
| 424426
|
|
[FIX]Downgrading codebase principals in signed jars is not effective
|
Core
|
Security: CAPS
|
bzbarsky
|
RESO
|
FIXE
|
2008-11-12
|
| 426628
|
|
Land dynamic gczeal on 1.8 branch
|
Core
|
JavaScript Engine
|
crowderbt
|
RESO
|
FIXE
|
2008-07-27
|
| 401105
|
|
Indicate which theme is in use in update URL variable
|
Toolkit
|
Add-ons Manager
|
dtownsend
|
RESO
|
FIXE
|
2008-07-31
|
| 417994
|
|
navigator object does not fully reflect user agent settings
|
Core
|
DOM: Core & HTML
|
gfleischer+bugzilla
|
RESO
|
FIXE
|
2019-03-13
|
| 432591
|
|
Fix for bug 428672 can be circumvented by using XUL element
|
Core
|
Security
|
jstenback+bmo
|
RESO
|
FIXE
|
2008-07-02
|
| 240261
|
|
[1.8 branch] peer-trusted certs can use alt names to spoof
|
Core
|
Security: PSM
|
kaie
|
RESO
|
FIXE
|
2008-07-04
|
| 419030
|
|
FF2 should pick up NSS fixes, but keep the FIPS approved softoken module
|
Firefox Build System
|
General
|
kaie
|
RESO
|
FIXE
|
2018-11-26
|
| 434743
|
|
clean up built locales for Firefox 2
|
Firefox Build System
|
General
|
l10n
|
RESO
|
FIXE
|
2018-11-26
|
| 390788
|
|
Accessing innerWidth of a tabbrowser contentWindow throws NS_ERROR_XPC_SECURITY_MANAGER_VETO
|
Core
|
XPConnect
|
mrbkap
|
RESO
|
FIXE
|
2008-06-12
|
| 428672
|
|
XSS using an event handler attached to the outer window
|
Core
|
Security
|
mrbkap
|
RESO
|
FIXE
|
2008-08-17
|
| 437758
|
|
XMLHttpRequest broken in 2008-06-06 version of the 1.8.1-tree
|
Firefox
|
General
|
nobody
|
RESO
|
FIXE
|
2008-06-11
|
| 416751
|
|
rich text editor no longer in designmode when navigating back
|
Core
|
DOM: Editor
|
peterv
|
RESO
|
FIXE
|
2008-06-25
|
| 282660
|
|
Crash [@ jsds_NotifyPendingDeadScripts] ds->script is null
|
Other Applications G
|
Venkman JS Debugger
|
timeless
|
RESO
|
FIXE
|
2018-10-16
|
| 425576
|
|
Crash on login to Excite Japan Blog (exblog.jp) after updating to Firefox 2.0.0.13 [@ js_MarkGCThing]
|
Core
|
JavaScript Engine
|
igor
|
VERI
|
FIXE
|
2013-03-19
|
| 428606
|
|
New version of JEP (0.9.6.4), please land on trunk and branch
|
Plugins Graveyard
|
Java (Java Embedding
|
smichaud
|
VERI
|
FIXE
|
2016-04-28
|
| 424291
|
|
Crash [@ nsCellMap::SetNextSibling] while trying to print
|
Core
|
Layout: Tables
|
bernd_mozilla
|
VERI
|
FIXE
|
2011-06-09
|
| 391178
|
|
Crash [@ nsCSSFrameConstructor::FindFrameWithContent] with XUL trees, position:fixed
|
Core
|
XUL
|
dholbert
|
VERI
|
FIXE
|
2011-06-13
|
| 356378
|
|
"invalid getter usage" or assertion failure with "var x; x getter= function () { };"
|
Core
|
JavaScript Engine
|
igor
|
VERI
|
FIXE
|
2008-08-16
|
| 418128
|
|
Yet another GC hazard with ++/-- in js_Interpret
|
Core
|
JavaScript Engine
|
igor
|
VERI
|
FIXE
|
2008-07-03
|
| 413161
|
|
nsIPrincipal needs a stricter origin
|
Core
|
Security: CAPS
|
jonas
|
VERI
|
FIXE
|
2009-01-05
|
| 423541
|
|
Arbitrary file upload via originalTarget and DOM Range
|
Core
|
DOM: Core & HTML
|
smaug
|
VERI
|
FIXE
|
2009-01-05
|
| 408329
|
|
Mac OS X Java Plugin (JEP) - LiveConnect can still use document.domain bypass to create arbitrary socket connections
|
Core Graveyard
|
Plug-ins
|
smichaud
|
VERI
|
FIXE
|
2022-05-16
|
| 421737
|
|
[fr] Typo in editorOverlay.dtd for Thunderbird
|
Mozilla Localization
|
fr / French
|
cedric.corazza
|
VERI
|
FIXE
|
2008-06-06
|
| 422509
|
|
[fr] French MySpell dictionary update
|
Mozilla Localization
|
fr / French
|
cedric.corazza
|
VERI
|
FIXE
|
2008-06-06
|
| 430417
|
|
[fr] Printed messages have a double colon after some email headers in French Thunderbird
|
Mozilla Localization
|
fr / French
|
cedric.corazza
|
VERI
|
FIXE
|
2008-06-06
|
| 308429
|
|
make tooMuchGC dynamic (runtime gczeal option)
|
Core
|
JavaScript Engine
|
crowderbt
|
VERI
|
FIXE
|
2009-02-17
|
| 439735
|
|
exploitable crash at nsBlockFrame::DrainOverflowLines
|
Core
|
Layout
|
dbaron
|
VERI
|
FIXE
|
2009-01-05
|
| 286661
|
|
can't install extensions over ssl, fails with message "Download error"
|
Core Graveyard
|
Installer: XPInstall
|
dtownsend
|
VERI
|
FIXE
|
2015-12-11
|
| 430120
|
|
Update blocklist URL to include same info as update URL
|
Toolkit
|
Add-ons Manager
|
dtownsend
|
VERI
|
FIXE
|
2012-12-25
|
| 433615
|
|
Firefox should send version numbers to PFS not just build ids
|
Toolkit Graveyard
|
Plugin Finder Servic
|
dtownsend
|
VERI
|
FIXE
|
2014-09-24
|
| 380833
|
|
Crash during GC after uneval (involves E4X, mysterious sharp variable)
|
Core
|
JavaScript Engine
|
igor
|
VERI
|
FIXE
|
2008-06-11
|
| 425594
|
|
new branch top crash [@ js_GC] maybe also crash [@ js_MarkGCThing][@js_GetGCThingFlags]
|
Core
|
JavaScript Engine
|
igor
|
VERI
|
FIXE
|
2011-06-09
|
| 427185
|
|
JS Assertion from hell with gczeal 2
|
Core
|
JavaScript Engine
|
igor
|
VERI
|
FIXE
|
2008-07-02
|
| 439035
|
|
Same-origin check in nsXMLHttpRequest::OnChannelRedirect() can be circumvented
|
Core
|
Security
|
jstenback+bmo
|
VERI
|
FIXE
|
2008-08-25
|
| 425699
|
|
[it] Update Wikipedia searchplugin to match title
|
Mozilla Localization
|
it / Italian
|
l10n-it
|
VERI
|
FIXE
|
2008-03-29
|
| 411433
|
|
file location URL in directory listing should be HTML escaped
|
Core Graveyard
|
File Handling
|
masa141421356
|
VERI
|
FIXE
|
2016-06-22
|
| 378027
|
|
Printing crash [@ nsCellMap::GetCellInfoAt] Exception: EXC_BAD_INSTRUCTION (0x0002)
|
Core
|
Layout: Tables
|
MatsPalmgren_bugz
|
VERI
|
FIXE
|
2011-06-13
|
| 430814
|
|
Crash [@ nsStyleContext::GetStyleDisplay] while trying to print
|
Core
|
Layout: Tables
|
MatsPalmgren_bugz
|
VERI
|
FIXE
|
2011-06-13
|
| 371292
|
|
Crash [@ js_AtomToPrintableString]
|
Core
|
JavaScript Engine
|
mrbkap
|
VERI
|
FIXE
|
2011-06-13
|
| 433328
|
|
XSS using <script> element in unloaded document
|
Core
|
Security
|
mrbkap
|
VERI
|
FIXE
|
2008-07-23
|
| 427216
|
|
Make tools menu popup match other applications
|
Other Applications
|
DOM Inspector
|
philipp
|
VERI
|
FIXE
|
2008-06-11
|
| 425689
|
|
[lt] Update Wikipedia searchplugin to match title
|
Mozilla Localization
|
lt / Lithuanian
|
rimas
|
VERI
|
FIXE
|
2008-03-29
|
| 423226
|
|
Installer should remove Firefox 3 files in case of downgrade to avoid crash on start [@ nsACString_internal::Assign][@ xpcom_core.dll]
|
Firefox
|
Installer
|
robert.strong.bugs
|
VERI
|
FIXE
|
2011-06-09
|
| 440308
|
|
XSS by using XMLHttpRequest and onreadystatechange handler
|
Core
|
Security
|
smaug
|
VERI
|
FIXE
|
2008-08-25
|
| 426566
|
|
[ru] Update Yandex search plugin on 1.8 branch
|
Mozilla Localization
|
ru / Russian
|
unghost
|
VERI
|
FIXE
|
2008-05-04
|