| 464174
|
|
The fix in bug 451680 does not fix <field>
|
Core
|
XBL
|
mrbkap
|
RESO
|
FIXE
|
2009-01-07
|
| 416284
|
|
Detached attachments should not be able to be re-detached
|
MailNews Core
|
Attachments
|
mkmelin+mozilla
|
RESO
|
FIXE
|
2012-06-20
|
| 460803
|
|
[FIX]PresShell::InitialReflow "ASSERTION: Why are we being called?" with XUL iframe
|
Core
|
Layout
|
bzbarsky
|
RESO
|
FIXE
|
2008-12-16
|
| 461735
|
|
[FIX]Security: theft of strings cross-domain with redirect, <script src> and window.onerror
|
Core
|
DOM: Core & HTML
|
bzbarsky
|
RESO
|
FIXE
|
2019-03-13
|
| 462806
|
|
[FIX]Stop initializing PSM on startup when dealing with chrome jars
|
Core
|
Security
|
bzbarsky
|
RESO
|
FIXE
|
2009-01-14
|
| 464998
|
|
integer overflow in nsEscape, still
|
Core
|
XPCOM
|
dveditz
|
RESO
|
FIXE
|
2009-04-20
|
| 355126
|
|
stealing pictures via canvas and http redirect
|
Core
|
Graphics: Canvas2D
|
joe
|
RESO
|
FIXE
|
2020-10-25
|
| 363897
|
|
Don't give onerror handlers detailed information about syntax errors in off-site "scripts"
|
Core
|
DOM: Events
|
jstenback+bmo
|
RESO
|
FIXE
|
2013-06-09
|
| 425046
|
|
URLs containing 0x01 are interpreted very oddly - possible overflow bug?
|
Core
|
Networking
|
nobody
|
RESO
|
FIXE
|
2009-01-13
|
| 463205
|
|
It's possible to make SessionStore inject text data into the wrong document
|
Firefox
|
Session Restore
|
zeniko
|
RESO
|
FIXE
|
2013-11-28
|
| 453526
|
|
Remaining attack vectors in feed preview on 1.8 branch
|
Firefox Graveyard
|
RSS Discovery and Pr
|
asaf
|
VERI
|
FIXE
|
2018-12-20
|
| 451680
|
|
XSS by attaching a binding to an element in an unloaded document
|
Core
|
Security
|
mrbkap
|
VERI
|
FIXE
|
2008-12-16
|
| 453310
|
|
XPCNativeWrapper pollution using top-level statement of chrome JS
|
Core
|
XPConnect
|
mrbkap
|
VERI
|
FIXE
|
2010-02-24
|
| 464620
|
|
XSS with SessionStore after bug 463205, bug 463206, and bug 461743 are fixed
|
Firefox
|
Session Restore
|
zeniko
|
VERI
|
FIXE
|
2010-02-13
|
| 370461
|
|
__proto__ of a function returned by Components.lookupMethod() comes from content
|
Core
|
XPConnect
|
mrbkap
|
VERI
|
FIXE
|
2013-08-25
|
| 228856
|
|
[FIX] \0 in CSS is ignored
|
Core
|
CSS Parsing and Comp
|
zack+mozbugs
|
VERI
|
FIXE
|
2013-06-02
|
| 460713
|
|
[FIX]Memory exhaustion setting HTMLSelect.length() [GSEC-TZO-26-2009]
|
Core
|
General
|
bzbarsky
|
VERI
|
FIXE
|
2009-07-21
|
| 463347
|
|
disable SafeBrowsing in Firefox 2.0.0.19+, alert users
|
Toolkit
|
Safe Browsing
|
dave.camp
|
VERI
|
FIXE
|
2014-05-27
|
| 453278
|
|
Crash [@ nsContentUtils::TriggerLink] with xlink stuff in display: none iframe
|
Core
|
XML
|
MatsPalmgren_bugz
|
VERI
|
FIXE
|
2011-06-13
|
| 393321
|
|
trees set attributes during reflow (nsTreeBodyFrame::UpdateScrollbars) still crashes Mac 2.0.0.6
|
Core
|
XUL
|
smaug
|
VERI
|
FIXE
|
2009-02-09
|
| 461743
|
|
A chrome function runs on content can cause arbitrary code execution hole
|
Core
|
Security
|
zeniko
|
VERI
|
FIXE
|
2010-02-13
|
| 463206
|
|
SessionStore does not correctly restore text data when subframes are involved
|
Firefox
|
Session Restore
|
zeniko
|
VERI
|
FIXE
|
2010-02-13
|