479560
|
|
Arbitrary code execution using sidebar
|
Core
|
Security
|
mrbkap
|
RESO
|
FIXE
|
2015-10-16
|
481647
|
|
[FIX]Internal frame with generated src by javascript is not working properly in FF 3.0.7, used to work in FF 3.0.6
|
Core
|
DOM: Navigation
|
bzbarsky
|
RESO
|
FIXE
|
2009-05-13
|
456705
|
|
Firefox 2.0.0.17 crashes when opening a https-site or on shutdown with FoxyProxy 2.8.5 [@ nsSSLThread::Run]
|
Core
|
Security: PSM
|
honzab.moz
|
RESO
|
FIXE
|
2016-04-04
|
479880
|
|
Non-200 responses to proxy CONNECT requests lead to attacks on HTTPS
|
Core
|
Networking: HTTP
|
jduell.mcbugs
|
RESO
|
FIXE
|
2019-05-24
|
479413
|
|
SSL spoofing using IDN characters that appear like spaces on Windows (invisible)
|
Core
|
Networking
|
smontagu
|
RESO
|
FIXE
|
2009-06-11
|
479943
|
|
Restrictions on file-URL-to-file-URL scripting don't appear to be working properly
|
Core
|
Security: CAPS
|
bzbarsky
|
RESO
|
FIXE
|
2009-06-11
|
487539
|
|
[FIX]"ASSERTION: Shouldn't happen here: '!IsTablePseudo(inFlowFrame)'" with image map
|
Core
|
Layout
|
bzbarsky
|
RESO
|
FIXE
|
2009-05-13
|
495648
|
|
Incorrect itemCount and scrolling of listboxes with XUL templates for RDF datasources
|
Core
|
XUL
|
bzbarsky
|
RESO
|
FIXE
|
2014-10-11
|
489322
|
|
3.0.10 pre crashes with HTML validator when viewing source [@ @0x0 | nsTextFrame::ClearTextRun() ]
|
Core
|
Layout
|
dholbert
|
RESO
|
FIXE
|
2011-06-09
|
435788
|
|
Plugin finder service can't install plugins using installerLocation
|
Toolkit Graveyard
|
Plugin Finder Servic
|
dtownsend
|
RESO
|
FIXE
|
2014-09-24
|
474763
|
|
Add automated tests for xpinstall
|
Core Graveyard
|
Installer: XPInstall
|
dtownsend
|
RESO
|
FIXE
|
2015-12-11
|
475347
|
|
Crash after closing tab that initiated an install and included a callback function [@ js_UpdateMallocCounter]
|
Core Graveyard
|
Installer: XPInstall
|
dtownsend
|
RESO
|
FIXE
|
2015-12-11
|
463486
|
|
Form history shouldn't remember the default values of unmodified fields.
|
Toolkit
|
Form Manager
|
jdinbox
|
RESO
|
FIXE
|
2020-06-02
|
477979
|
|
XUL scripts skip some security checks
|
Core
|
XUL
|
jwkbugzilla
|
RESO
|
FIXE
|
2013-08-25
|
446118
|
|
Sqlite query "SELECT DISTINCT X FROM Y WHERE X IS NOT NULL" returns invalid result set if X is indexed
|
Toolkit
|
Storage
|
nobody
|
RESO
|
FIXE
|
2009-05-13
|
483688
|
|
Modify Firefox Installer to Incorporate Feedback Form
|
Firefox
|
Installer
|
robert.strong.bugs
|
RESO
|
FIXE
|
2009-05-15
|
486398
|
|
Crash [@ nsHTMLIFrameElement::QueryInterface]
|
Core
|
XML
|
smaug
|
RESO
|
FIXE
|
2013-08-25
|
445704
|
|
JSON bookmarks backup has localized filename (and can't be easily restored)
|
Firefox
|
Bookmarks & History
|
dietrich
|
VERI
|
FIXE
|
2009-11-26
|
487204
|
|
js_FillPropertyCache is called with garbage-collected pobj
|
Core
|
JavaScript Engine
|
igor
|
VERI
|
FIXE
|
2010-03-17
|
464994
|
|
about:license and about:rights both contain similar text, potentially contradict each other
|
Firefox
|
General
|
jdinbox
|
VERI
|
FIXE
|
2009-05-22
|
460437
|
|
innerHtml doesn't update DOM when HTML markup goes from Invalid to Valid
|
Core
|
DOM: HTML Parser
|
bent.mozilla
|
VERI
|
FIXE
|
2009-06-15
|
432068
|
|
Crash [@ nsListBoxBodyFrame::GetNextItemBox] with <xul:listbox>, XBL
|
Core
|
XUL
|
bzbarsky
|
VERI
|
FIXE
|
2018-04-30
|
488390
|
|
"ASSERTION: Shouldn't hit this case -- we should a be a combobox if we have no size set and no multiple set!" with RLO, <tr>
|
Core
|
Layout: Form Control
|
bzbarsky
|
VERI
|
FIXE
|
2009-06-10
|
431086
|
|
Crash [@ nsHTMLEditor::HideResizers] with non-HTML root, changing contentEditable property a lot
|
Core
|
DOM: Editor
|
chris
|
VERI
|
FIXE
|
2011-06-13
|
426520
|
|
crash [@ ParseXMLSource / jsxml.c:1978]
|
Core
|
JavaScript Engine
|
igor
|
VERI
|
FIXE
|
2011-06-13
|
406646
|
|
Clicking to open slow menu (e.g. Bookmarks) invokes first item in menu (e.g. "Bookmark This Page")
|
Core
|
XUL
|
roc
|
VERI
|
FIXE
|
2019-01-16
|
472776
|
|
Crash [@ UnhookTextRunFromFrames] [@ ClearAllTextRunReferences] with bidi
|
Core
|
Layout: Text and Fon
|
roc
|
VERI
|
FIXE
|
2018-05-03
|
487345
|
|
Crash [@ nsObjectLoadingContent::Instantiate] when enabling Flashblock after visiting this URL
|
Core Graveyard
|
Plug-ins
|
smaug
|
VERI
|
FIXE
|
2022-05-16
|
489988
|
|
Java Applets reload when print is called
|
Core Graveyard
|
Plug-ins
|
smaug
|
VERI
|
FIXE
|
2022-05-16
|
380359
|
|
Crash [@ nsEventStateManager::GetContentState] [@ nsNativeTheme::CheckBooleanAttr] with -moz-appearance and position: fixed
|
Core
|
Widget
|
vladimir
|
VERI
|
FIXE
|
2011-06-13
|
468538
|
|
Crash [@ nsParser::ParseFragment] setting innerHTML in mixed-content document
|
Core
|
DOM: HTML Parser
|
bent.mozilla
|
VERI
|
FIXE
|
2011-06-13
|
490513
|
|
Shutdown crash [@ PL_DHashTableFinish] with high surrogate in <style>
|
Core
|
XPCOM
|
dbaron
|
VERI
|
FIXE
|
2011-06-13
|
489647
|
|
New 1.9.0.9 topcrash [@nsTextFrame::ClearTextRun()]
|
Core
|
Layout
|
dholbert
|
VERI
|
FIXE
|
2017-03-14
|
491801
|
|
Arbitrary domain cookie access from content loaded via local file (file:/// URL)
|
Core
|
Networking
|
dveditz
|
VERI
|
FIXE
|
2020-05-04
|
455395
|
|
make "Gran Paradiso" branding the default on CVS trunk
|
Firefox Build System
|
General
|
gavin.sharp
|
VERI
|
FIXE
|
2018-11-26
|
369696
|
|
"Assertion failure: map->depth > 0" in js_LeaveSharpObject
|
Core
|
JavaScript Engine
|
igor
|
VERI
|
FIXE
|
2012-04-09
|
427196
|
|
"Assertion failure: OBJ_SCOPE(pobj)->object == pobj" with __proto__, __defineSetter__
|
Core
|
JavaScript Engine
|
igor
|
VERI
|
FIXE
|
2009-08-18
|
483818
|
|
Leak when script appended via DOM does document.write
|
Core
|
DOM: HTML Parser
|
jonas
|
VERI
|
FIXE
|
2009-05-15
|
489041
|
|
Atom table crash triggered by DOM mutation events and unicode surrogates
|
Core
|
DOM: Core & HTML
|
jstenback+bmo
|
VERI
|
FIXE
|
2019-03-13
|
421576
|
|
Unpaired surrogate handled wrongly (Acid3 #68)
|
Core
|
XPCOM
|
jwalden
|
VERI
|
FIXE
|
2009-06-07
|
484458
|
|
body onload="alert(1)" crashes Firefox after reload
|
Core
|
Widget: Gtk
|
karlt
|
VERI
|
FIXE
|
2010-03-18
|
474303
|
|
leave_notify_event_cb() tries to AddRef already released window
|
Core
|
Widget: Gtk
|
nobody
|
VERI
|
FIXE
|
2015-10-16
|
490410
|
|
Another Crash on testcase from 489647 with accessibility enabled in [@nsTextFrame::ClearTextRun()]
|
Core
|
Layout
|
nobody
|
VERI
|
FIXE
|
2009-06-11
|
429969
|
|
Crash [@ IsPercentageAware] with :first-letter, rtl
|
Core
|
Layout
|
roc
|
VERI
|
FIXE
|
2011-06-13
|
488710
|
|
Upgrade to sqlite 3.6.7 on the 1.9.0 branch
|
Toolkit
|
Storage
|
sdwilsh
|
VERI
|
FIXE
|
2009-08-05
|
461049
|
|
Crash [@ nsTransactionItem::UndoChildren] or "ASSERTION: no frame, see bug #188946: 'frame'" with mutation events
|
Core
|
DOM: Editor
|
smaug
|
VERI
|
FIXE
|
2011-06-13
|
489131
|
|
Arbitrary code execution using event listeners attached to an element whose owner document is null
|
Core
|
Security
|
smaug
|
VERI
|
FIXE
|
2009-06-11
|
480582
|
|
contenteditable=true breaks mouse pointer hover style for unrelated image links
|
Core
|
DOM: Editor
|
zack+mozbugs
|
VERI
|
FIXE
|
2009-05-13
|