Sec-Status-Needed B2G 2.2
- Resolution: FIXED
- Classification: Client Software, Components
- Updated: (is greater than or equal to) 2014-11-21
- Closed: (changed after) 2014-11-21
- Keywords: sec-critical, sec-high
- Group: core-security
- Whiteboard: (does not contain the string) [b2g-adv-
- status-b2g-v2.2: (is empty)
This result was limited to 500 bugs. See all search results for this query.
ID | Product | Comp | Status▲ | Summary | status-firefox37 | status-b2g-v2.2 | status-b2g-v2.1 | Whiteboard | Keywords |
---|---|---|---|---|---|---|---|---|---|
1422631 | Core | Audio/Video: cubeb | RESO |
suspect cubeb |
--- | --- | --- | [keep hidden while bugs 1426603 and 1418820 are][post-critsmash-triage][adv-main59+] | crash, csectype-wildptr, regression, sec-high |
1423770 | Core | WebRTC: Audio/Video | RESO |
Write out of bounds in Convert |
--- | --- | --- | [adv-main58+][post-critsmash-triage] | crash, csectype-bounds, sec-high |
1604117 | Core | Audio/Video: cubeb | RESO |
Crash in [@ memcpy |
--- | --- | --- | [post-critsmash-triage] | crash, csectype-wildptr, regression, sec-high |
1614101 | Core | Layout | RESO |
heap-use-after-free in [@ ns |
--- | --- | --- | crash, csectype-uaf, regression, sec-high, testcase | |
1415770 | Core | DOM: Core & HTML | RESO |
Assertion failure: is |
--- | --- | --- | [adv-main58+][post-critsmash-triage] | assertion, csectype-uaf, sec-high, testcase |
1628120 | Core | DOM: Navigation | RESO |
Intermittent GECKO(11228) | SUMMARY: Address |
--- | --- | --- | [post-critsmash-triage] | csectype-uaf, intermittent-failure, regression, sec-high |
1755081 | Core | DOM: Security | RESO |
Cross-origin embeds/objects can obtain permissions of the |
--- | --- | --- | [domsecurity-active][post-critsmash-triage][adv-main100+][adv-esr91.9+] | csectype-priv-escalation, csectype-spoof, sec-high |
1644561 | GeckoView | General | RESO |
org |
--- | --- | --- | [geckoview:m79][fxr:p1][post-critsmash-triage] | csectype-uaf, regression, sec-high |
1719088 | GeckoView | General | RESO |
Firefox for Android Lock Exit Fullscreen Mode with Recurs |
--- | --- | --- | [keep hidden while bug 1718796 is][reporter-external] [client-bounty-form] [verif?][adv-main91+] | csectype-spoof, sec-high |
1730637 | Core | Graphics: CanvasWebG | RESO |
Web |
--- | --- | --- | csectype-intoverflow, sec-high | |
1412643 | Core | Printing: Output | RESO |
Crash in PR |
--- | --- | --- | [post-critsmash-triage] | crash, csectype-uaf, regression, sec-high |
1533554 | Core | Widget: Win32 | RESO |
Write beyond bounds in ns |
--- | --- | --- | [adv-main67+][adv-esr60.7+] | csectype-intoverflow, regression, sec-high |
1647115 | Core | JavaScript Engine | RESO |
Address |
--- | --- | --- | [post-critsmash-triage][sec-survey] | crash, csectype-race, regression, sec-high |
1823568 | Core | Web Audio | RESO |
heap-use-after-free in [@ JS::loader::Script |
--- | --- | --- | [adv-main113+r] | csectype-uaf, pernosco, regression, sec-high, testcase |
1863391 | Core | JavaScript Engine | RESO |
Assertion failure: Current |
--- | --- | --- | [bugmon:update,bisect][fuzzblocker] | assertion, regression, sec-high, testcase |
1416519 | Core | Audio/Video: Playbac | RESO |
Assertion failure: Is |
--- | --- | --- | [adv-main58+][post-critsmash-triage] | assertion, csectype-uaf, regression, sec-high, testcase |
1745874 | Core | Audio/Video | RESO |
Use-after-free of Audio |
--- | --- | --- | [reporter-external] [client-bounty-form][adv-main96+][adv-ESR91.5+][sec-survey][post-critsmash-triage] | csectype-uaf, sec-high |
1814314 | Core | Audio/Video: Playbac | RESO |
Assertion failure: m |
--- | --- | --- | [adv-main112+r] | assertion, csectype-other, regression, sec-high, testcase |
1337418 | Core | WebRTC: Audio/Video | RESO |
Crash in ns |
--- | --- | --- | [adv-main53+][adv-esr52.1+] | crash, csectype-uaf, sec-high, testcase-wanted |
1452576 | Core | DOM: Core & HTML | RESO |
Crash [@ get] with Structured |
--- | --- | --- | [adv-main61+][adv-esr52.9+][adv-esr60.1+][post-critsmash-triage] | crash, csectype-sandbox-escape, sec-high, testcase |
1493629 | Core | DOM: Security | RESO |
Address |
--- | --- | --- | [domsecurity-active][post-critsmash-triage] | crash, csectype-uaf, regression, sec-high |
1649347 | Core | DOM: Workers | RESO |
Address |
--- | --- | --- | [sec-survey][post-critsmash-triage][adv-main79+r][adv-ESR78.1+r] | csectype-race, regression, sec-high |
1325052 | Core | JavaScript Engine | RESO |
Assertion failure: !elements[i].is |
--- | --- | --- | [post-critsmash-triage][adv-main52+][adv-esr45.8+] | csectype-uaf, sec-critical |
1406398 | Core | JavaScript Engine | RESO |
Assertion failure: MOZ |
--- | --- | --- | [adv-main57+][adv-esr52.5+] | regression, sec-high |
1591019 | Core | JavaScript Engine | RESO |
Assertion failure: adjusted |
--- | --- | --- | [jsbugmon:update][post-critsmash-triage] | assertion, bugmon, regression, sec-high, testcase |
1593971 | Core | JavaScript Engine: J | RESO |
Assertion failure: input->type() == MIRType::Double, at j |
--- | --- | --- | [jsbugmon:update,bisect][post-critsmash-triage] | assertion, bugmon, csectype-jit, regression, sec-high, testcase |
1607665 | Core | JavaScript Engine | RESO |
Crash [@ ??] with Big |
--- | --- | --- | [fuzzblocker][jsbugmon:update][post-critsmash-triage] | bugmon, crash, regression, sec-high, testcase |
1607687 | Core | JavaScript Engine | RESO |
Crash [@ JS::Big |
--- | --- | --- | [jsbugmon:update,bisect][post-critsmash-triage] | bugmon, crash, regression, sec-high, testcase |
1614704 | Core | JavaScript Engine: J | RESO |
Alias-set for MCreate |
--- | --- | --- | [post-critsmash-triage][adv-main76+r][adv-ESR68.8+r] | csectype-jit, sec-high |
1791520 | Core | JavaScript Engine | RESO |
Nullptr dereference in Is |
--- | --- | --- | [post-critsmash-triage][adv-main106+][adv-esr102.4+] | csectype-uaf, sec-high |
1308688 | WebExtensions | Request Handling | RESO |
Prevent Web |
--- | --- | --- | [post-critsmash-triage][adv-main51+] triaged | csectype-priv-escalation, sec-high |
1769739 | Core | Graphics: CanvasWebG | RESO |
Address |
--- | --- | --- | [adv-main103+r][adv-esr102.1+r] | csectype-race, csectype-uaf, sec-high, testcase |
1833876 | Core | Graphics: Canvas2D | RESO |
Manipulation with Offscreen Canvas allows bypassing taint |
--- | --- | --- | [adv-main116+][adv-ESR102.14+][adv-ESR115.1+] | csectype-sop, sec-high |
1297099 | Core | Audio/Video: MediaSt | RESO |
Load |
--- | --- | --- | [post-critsmash-triage][adv-main49+] | sec-critical |
1317501 | Core | Audio/Video: MediaSt | RESO |
Media |
--- | --- | --- | [post-critsmash-triage][adv-main51+] | sec-high |
1360334 | Core | Audio/Video: MediaSt | RESO |
Crash in mozilla::Media |
--- | --- | --- | [adv-main56+][adv-esr52.4+][post-critsmash-triage] | crash, csectype-uaf, regression, sec-high, testcase-wanted |
1435036 | Core | WebRTC | RESO |
Address |
--- | --- | --- | [fuzzblocker][adv-main60+][post-critsmash-triage] | crash, csectype-uaf, sec-high |
1439655 | Core | WebRTC: Audio/Video | RESO |
Wild pointer read in copy |
--- | --- | --- | [adv-main60+][post-critsmash-triage] | csectype-wildptr, sec-high |
1440347 | Core | WebRTC: Audio/Video | RESO |
ASAN UAF in Media |
--- | --- | --- | csectype-uaf, regression, sec-high | |
1478575 | Core | WebRTC: Audio/Video | RESO |
Address |
--- | --- | --- | [adv-main62+][adv-esr60.2+][post-cristsmash-triage] | crash, csectype-uaf, regression, sec-high |
1571004 | Core | Audio/Video | RESO |
Address |
--- | --- | --- | [post-critsmash-triage] | crash, csectype-uaf, regression, sec-high, testcase-wanted |
1661710 | Core | Audio/Video: MediaSt | RESO |
Possible UAF in Cross |
--- | --- | --- | csectype-uaf, regression, sec-high | |
1662760 | Core | Audio/Video: MediaSt | RESO |
Address |
--- | --- | --- | [bugmon:confirm][post-critsmash-triage][sec-survey][adv-main82+r][adv-esr78.4+r] | csectype-uaf, regression, sec-high, testcase-wanted |
1728321 | Core | WebRTC: Audio/Video | RESO |
UAF in H264 encoder shutdown in Video |
--- | --- | --- | [sec-survey][adv-main93+r][adv-esr78.15+r][adv-esr91.2+r] | crash, csectype-uaf, sec-high |
1741118 | Core | WebRTC: Signaling | RESO |
Intermittent gtest | application crashed [@ webrtc::inter |
--- | --- | --- | [sec-survey] | csectype-uaf, intermittent-failure, sec-high |
1744081 | Core | WebRTC: Audio/Video | RESO |
Intermittent Main app process exited normally | applicati |
--- | --- | --- | [sec-survey] | crash, csectype-uaf, intermittent-failure, regression, sec-high |
1819465 | Core | XPCOM | RESO |
Intermittent browser/base/content/test/webrtc/ < test fil |
--- | --- | --- | [post-critsmash-triage][adv-main112+r] | crash, csectype-uaf, intermittent-failure, regression, sec-high |
1324810 | Core | JavaScript Engine: J | RESO |
Ion bug with Reg |
--- | --- | --- | [post-critsmash-triage][adv-main51+] | sec-critical |
1425691 | Core | JavaScript Engine | RESO |
Assertion failure: !unknown |
--- | --- | --- | [jsbugmon:update,bisect][post-critsmash-triage][adv-main59+] | assertion, bugmon, sec-high, testcase |
1460833 | Core | JavaScript Engine | RESO |
[Bin |
--- | --- | --- | [post-critsmash-triage] | crash, sec-high, testcase |
1739683 | Core | JavaScript: WebAssem | RESO |
Crash in Wasm Ion code when gczeal is used with reference |
--- | --- | --- | [sec-survey][adv-main95+][adv-ESR91.4.0+] | csectype-uaf, sec-high |
1631573 | NSS | Libraries | RESO | ECDSA Timing Countermeasure Bypass | --- | --- | --- | [sec-moderate for Firefox][RedHat INC1266620][disclosure date 2020-07-28][sec-survey][adv-main80+] | sec-high |
1295097 | Core | Audio/Video: Playbac | RESO |
heap-use-after-free in HTMLTrack |
--- | --- | --- | [rr] | csectype-uaf, regression, sec-high |
1371484 | Core | Storage: IndexedDB | RESO |
Write beyond bounds in Key::Encode |
--- | --- | --- | [adv-main55+][post-critsmash-triage] | csectype-bounds, sec-critical |
1325450 | Core | JavaScript Engine | RESO |
Assertion failure: !minimal |
--- | --- | --- | [post-critsmash-triage] | assertion, regression, sec-high, testcase |
1386490 | Core | JavaScript Engine | RESO |
Crash in js::Wrapper |
--- | --- | --- | [adv-main57+][post-critsmash-triage] | crash, csectype-wildptr, regression, sec-high |
1416523 | Core | JavaScript Engine: J | RESO |
Crash [@ js::Can |
--- | --- | --- | [jsbugmon:update,bisect][post-critsmash-triage][adv-main59+] | assertion, bugmon, crash, regression, sec-high, testcase |
1530958 | Core | JavaScript Engine | RESO |
Spidermonkey: Ion |
--- | --- | --- | [GP0 disclosure deadline May 27][jsbugmon:testComment=5,origRev=198cd4a81bf2][post-critsmash-triage][adv-main66+][adv-esr60.6+] | bugmon, sec-critical, testcase |
1386110 | Core | CSS Parsing and Comp | RESO |
stylo: Address |
--- | --- | --- | crash, csectype-uaf, regression, sec-critical, testcase | |
1319456 | Core | Printing: Output | RESO |
[e10s] Crash in std::_Hash<T>::equal |
--- | --- | --- | [post-critsmash-triage][adv-main51+] | crash, csectype-uaf, regression, sec-high |
1368268 | Core | Security: Process Sa | RESO |
Crash in `anonymous namespace''::Active |
--- | --- | --- | [post-critsmash-triage][adv-main61+] sb+ | crash, csectype-uaf, sec-high |
1451376 | Core | Printing: Output | RESO |
Use after free in Content |
--- | --- | --- | [adv-main60+][adv-esr52.8+][post-critsmash-triage] | csectype-sandbox-escape, csectype-uaf, sec-high |
1490234 | Core | IPC | RESO |
Shared memory should not allow executable images to be ma |
--- | --- | --- | [post-critsmash-triage][adv-main63+][adv-esr60.3+] | csectype-priv-escalation, csectype-sandbox-escape, sec-high |
1497749 | Core | IPC | RESO |
IPC channels created via Endpoint passing don't authentic |
--- | --- | --- | [post-critsmash-triage][adv-main65+][adv-esr60.5+] | csectype-priv-escalation, sec-high |
1554110 | Core | Security: Process Sa | RESO |
Windows sandbox: renderer processes can open each and unr |
--- | --- | --- | [reporter-external] [client-bounty-form][post-critsmash-triage][adv-main76+][adv-ESR68.8+] | csectype-priv-escalation, csectype-sandbox-escape, sec-high |
1599005 | Core | Security: Process Sa | RESO |
Race condition in firefox!sandbox::Shared |
--- | --- | --- | [reporter-external] [client-bounty-form] [verif?][post-critsmash-triage][adv-main72+][adv-esr68.4+] | csectype-priv-escalation, csectype-sandbox-escape, sec-high |
1618911 | Core | Security: Process Sa | RESO | Firefox: Default Content Process DACL Sandbox Escape | --- | --- | --- | [disclosure date is 2020-05-28][post-critsmash-triage][adv-main76+][adv-ESR68.8+] | csectype-priv-escalation, csectype-sandbox-escape, sec-critical |
1846687 | Core | Graphics | RESO |
use-after-free in m |
--- | --- | --- | [reporter-external] [client-bounty-form] [verif?] [adv-main117+] [adv-esr115.2+] [adv-esr102.15+] | csectype-sandbox-escape, csectype-uaf, sec-high, testcase |
1309469 | Core | WebRTC: Audio/Video | RESO |
Crash in ns |
--- | --- | --- | [post-critsmash-triage] | crash, csectype-uaf, sec-critical |
1317670 | Core | WebRTC | RESO |
ref |
--- | --- | --- | [post-critsmash-triage] | crash, csectype-uaf, regression, sec-high |
1353313 | Core | Audio/Video: Playbac | RESO |
Intermittent PROCESS-CRASH | dom/media/test/test |
--- | --- | --- | crash, csectype-uaf, intermittent-failure, sec-high | |
1419374 | Core | WebRTC: Audio/Video | RESO |
Crash in std::_Function |
--- | --- | --- | [clouseau] | crash, csectype-wildptr, regression, sec-high |
1279819 | Core | DOM: Animation | RESO |
heap-use-after-free in mozilla::Keyframe |
--- | --- | --- | csectype-uaf, regression, sec-high | |
1632717 | Core | Audio/Video: Playbac | RESO |
Potential Ua |
--- | --- | --- | [post-critsmash-triage][adv-main77+r][adv-esr68.9+r] | crash, csectype-uaf, sec-high |
1827359 | Core | JavaScript Engine | RESO |
Intermittent Assertion failure: a |
--- | --- | --- | [adv-main113+r][adv-ESR102.11+r] | assertion, csectype-bounds, intermittent-failure, sec-high |
1395598 | Core | DOM: Core & HTML | RESO |
Intermittent Address |
--- | --- | --- | [adv-main56+][adv-esr52.4+][post-critsmash-triage] | csectype-bounds, intermittent-failure, sec-critical |
1545345 | Core | DOM: Workers | RESO |
Web Workers - Use After Free with XMLHttp |
--- | --- | --- | [post-critsmash-triage][adv-main76+][adv-ESR68.8+] | csectype-uaf, sec-critical |
1626728 | Core | Storage: Cache API | RESO |
Address |
--- | --- | --- | csectype-uaf, sec-critical | |
1634872 | Core | DOM: Workers | RESO |
Leak of post-redirect url in error stacktrace when script |
--- | --- | --- | [reporter-external] [client-bounty-form] [sec-survey][adv-main79+][adv-ESR78.1+] [adv-esr68.11+] | csectype-sop, sec-high |
1755621 | Core | DOM: Web Authenticat | RESO |
Win |
--- | --- | --- | [reporter-external] [client-bounty-form] [verif?][sec-survey][adv-main99+][adv-esr91.8+] | csectype-bounds, csectype-sandbox-escape, sec-high |
1568862 | Core | Widget: Cocoa | RESO |
Crash in [@ objc |
--- | --- | --- | [post-critsmash-triage] | crash, csectype-uaf, regression, sec-high, topcrash |
1651705 | GeckoView | General | RESO |
UAF in ns |
--- | --- | --- | [geckoview:m80][geckoview:m81][geckoview:m82][post-critsmash-triage][adv-main83+r] | csectype-race, csectype-uaf, sec-high |
1830975 | Core | JavaScript: WebAssem | RESO |
Undefined |
--- | --- | --- | [bugmon:update,bisect] | crash, csectype-bounds, regression, sec-high, testcase |
1833681 | Core | JavaScript: WebAssem | RESO | Subtypes can leak through block params and results | --- | --- | --- | sec-high | |
1538042 | Core | Find Backend | RESO |
ns |
--- | --- | --- | [adv-main67+][adv-esr60.7+] | crash, csectype-bounds, regression, sec-high, testcase |
1552206 | Toolkit | Application Update | RESO |
Permissions overwrite via folder symlink TOCTOU by Mainte |
--- | --- | --- | [fixed in bug 1551913][reporter-external] [client-bounty-form] [verif?][adv-main69+][adv-esr68.1+][post-critsmash-triage] | csectype-priv-escalation, sec-high |
1732435 | Toolkit | Application Update | RESO |
Arbitrary permissions overwrite due to folder locking TOC |
--- | --- | --- | [reporter-external] [client-bounty-form] [verif?][fidedi-security][sec-survey][post-critsmash-triage][adv-main97+][adv-esr91.6+] | csectype-priv-escalation, sec-high |
1806394 | Toolkit | Application Update | RESO |
Mar File Lock Bypass Leads to Privilege Escalation via Mo |
--- | --- | --- | enterprisey [post-critsmash-triage][adv-main112+][adv-esr102.10+] | csectype-priv-escalation, sec-high |
1400599 | Core | DOM: Core & HTML | RESO |
Assertion failure: this != pres |
--- | --- | --- | [post-critsmash-triage] | assertion, csectype-uaf, regression, sec-high, testcase |
1530146 | Core | DOM: Core & HTML | RESO |
Tab Crash - Viewing Facebook [@ js::Context |
--- | --- | --- | [post-critsmash-triage] | crash, crashreportid, regression, sec-high, topcrash |
1521214 | Core | Audio/Video | RESO |
Update Buffer |
--- | --- | --- | [post-critsmash-triage][adv-main66+][adv-esr60.6+] | csectype-bounds, sec-high |
1614971 | Core | Audio/Video: cubeb | RESO |
Fix heap-use-after-free errors found by Address |
--- | --- | --- | [post-critsmash-triage][adv-main74+][adv-esr68.6+] | csectype-uaf, sec-high |
1620488 | Core | Audio/Video: cubeb | RESO | Switching device in a row can lead to a UAF | --- | --- | --- | [post-critsmash-triage][adv-main76+r] | csectype-uaf, sec-high |
1622291 | Core | Audio/Video: cubeb | RESO |
UAF when destroying cubeb context while device collection |
--- | --- | --- | [post-critsmash-triage][adv-main76+r] | csectype-race, csectype-uaf, sec-high |
1256065 | Core | Audio/Video: GMP | RESO |
crash in mozilla::GMPVideo |
--- | --- | --- | [post-critsmash-triage][adv-main46+][adv-esr45.1+] | crash, csectype-uaf, regression, sec-critical, topcrash-win |
1664453 | Core | JavaScript: WebAssem | RESO |
Hit MOZ |
--- | --- | --- | assertion, crash, regression, sec-high, testcase | |
1776655 | Core | DOM: Device Interfac | RESO |
Crash in [@ (anonymous namespace)::Darwin |
--- | --- | --- | [post-critsmash-triage][adv-main105+r][adv-esr102.3+r] | crash, csectype-uaf, sec-high |
1571223 | Core | DOM: Content Process | RESO |
heap-use-after-free in [@ mozilla::dom::Content |
--- | --- | --- | [post-critsmash-triage][adv-main70+][adv-main70+r][adv-esr68.2+][adv-esr68.2+r] | crash, csectype-uaf, sec-high, testcase-wanted |
1580288 | Core | Networking: HTTP | RESO |
Crash [@ Length] through [@ mozilla::net::ns |
--- | --- | --- | [adv-main71+r][necko-triaged][post-critsmash-triage][adv-esr68.3+r] | crash, csectype-race, sec-high, testcase |
1604851 | Core | Networking | RESO |
Assertion failure: Is |
--- | --- | --- | [necko-triaged][post-critsmash-triage][adv-main73+r] [adv-esr68.5+r] | crash, csectype-race, sec-high |
1339259 | Core | Widget: Win32 | RESO |
Crash in mozilla::widget::Audio |
--- | --- | --- | tpi:+, win7only[tbird crash][adv-main57+][adv-esr52.5+][post-critsmash-triage] | crash, csectype-uaf, sec-high |
1449388 | Core | Security: Process Sa | RESO |
Crash in CLocked |
--- | --- | --- | [post-critsmash-triage] | crash, csectype-wildptr, regression, sec-high |
1402014 | Core | Networking: HTTP | RESO |
Crash in mozilla::net::Http2Session::Flush |
--- | --- | --- | [necko-triaged][sec-survey] | crash, csectype-uaf, regression, sec-high |
1515459 | Core | Networking: HTTP | RESO |
Crash in mozilla::net::TLSFilter |
--- | --- | --- | [necko-triaged][post-cristsmash-triage] | crash, csectype-uaf, regression, sec-high |
1520483 | Core | Networking: HTTP | RESO |
Crash in mozilla::net::ns |
--- | --- | --- | [necko-triaged][post-cristsmash-triage][adv-main66+] | crash, csectype-uaf, regression, sec-high |
1618158 | Core | Networking | RESO |
PHC Crash in [@ neqo |
--- | --- | --- | [necko-triaged] [post-critsmash-triage] disabled on beta/release | crash, csectype-race, regression, sec-high |
1767590 | NSS | Libraries | RESO | Uninitialized variable leads to invalid/arbitrary memory ... | --- | --- | --- | [adv-main101+][adv-esr91.10+][post-critsmash-triage] | csectype-uninitialized, sec-high |
1770337 | Core | Security: PSM | RESO |
Upgrade Firefox 101 to use NSS 3 |
--- | --- | --- | [post-critsmash-triage][adv-main101-] | sec-high |
1368652 | Core | Security: PSM | RESO |
Get |
--- | --- | --- | [psm-assigned][adv-main55+][adv-esr52.3+][post-critsmash-triage] | crash, regression, sec-high |
1368870 | Core | Security | RESO |
the changes made by the bugs tracked by bug 1197205 may h |
--- | --- | --- | [adv-main57-][post-critsmash-triage] | csectype-bounds, meta, sec-audit, sec-critical |
1369561 | Core | Security | RESO | misc potentially unsafe snprintf and related calls | --- | --- | --- | [adv-main57+][adv-esr52.5+][post-critsmash-triage] | csectype-bounds, sec-high |
1411458 | Core | Security: PSM | RESO |
type confusion in Verify |
--- | --- | --- | [psm-assigned][adv-main57+][adv-esr52.5+][post-critsmash-triage] | sec-critical |
1483905 | Core | DOM: Device Interfac | RESO |
Address |
--- | --- | --- | [webauthn][adv-main63+][adv-esr60.3+] | crash, csectype-uaf, sec-high, testcase |
1598605 | Core | Security: PSM | RESO |
Address |
--- | --- | --- | [psm-assigned][post-critsmash-triage][adv-main72+r][adv-esr68.4+r] | crash, csectype-bounds, regression, sec-high |
1620972 | Core | Security: PSM | RESO |
Crash in [@ mozilla::psm::Transport |
--- | --- | --- | [psm-assigned][post-critsmash-triage][adv-main77+r] | crash, csectype-uaf, regression, sec-high |
1834862 | Core | Security: PSM | RESO |
Use-after-free crash in [@ HASH |
--- | --- | --- | [psm-assigned][adv-main115+r][adv-esr102.13+r] | crash, csectype-uaf, sec-high |
1314667 | Core | WebRTC: Audio/Video | RESO |
Adding too many Simulcast |
--- | --- | --- | [adv-main50+] | csectype-bounds, regression, sec-critical |
1368030 | Core | WebRTC: Audio/Video | RESO |
Intermittent dom/media/tests/mochitest/test |
--- | --- | --- | [adv-main55+][adv-esr52.3+][post-critsmash-triage] | csectype-uaf, intermittent-failure, sec-high |
1414829 | Core | WebRTC: Audio/Video | RESO |
Intermittent |
--- | --- | --- | [adv-main61+][adv-esr60.1+][post-critsmash-triage] | csectype-uaf, sec-high |
1417797 | Core | WebRTC: Audio/Video | RESO |
UAF in H264 decoder shutdown in VCMDecoded |
--- | --- | --- | [adv-main58+][adv-esr52.6+][post-critsmash-triage] | crash, csectype-uaf, sec-high |
1458048 | Core | WebRTC: Networking | RESO |
Likely write beyond bounds in sctp |
--- | --- | --- | [adv-main61+][adv-esr60.1+][adv-esr52.9+] | csectype-bounds, sec-high |
1480092 | Core | WebRTC: Audio/Video | RESO |
Web |
--- | --- | --- | [post-critsmash-triage][adv-main62+][adv-esr60.2+] | csectype-uaf, sec-high |
1506500 | Core | WebRTC | RESO |
Intermittent SUMMARY: Address |
--- | --- | --- | [post-critsmash-triage] | csectype-uaf, intermittent-failure, regression, sec-high |
1611938 | Core | WebRTC: Audio/Video | RESO |
UAF in webrtc::Video |
--- | --- | --- | [post-critsmash-triage][adv-main76+r] | crash, csectype-uaf, intermittent-failure, regression, sec-high |
1666570 | Core | WebRTC: Networking | RESO | Cherrypick use-after-free fix from upstream usrsctp | --- | --- | --- | [sec-survey][adv-main82+][adv-esr78.4+] | csectype-uaf, sec-high |
1211389 | Core | WebRTC: Networking | RESO |
Crash in nr |
--- | --- | --- | crash, sec-high | |
1218326 | Core | WebRTC | RESO |
UAF due to Data |
--- | --- | --- | [adv-main43+][adv-esr38.5+] | csectype-uaf, regression, sec-critical |
1280443 | Core | WebRTC: Networking | RESO |
Crash in nr |
--- | --- | --- | [adv-main48+] | csectype-race, csectype-uaf, sec-critical |
1293347 | Core | Networking | RESO |
UAF in sctp |
--- | --- | --- | [adv-main49+][adv-esr45.4+] | csectype-uaf, sec-high |
1406154 | Core | WebRTC: Networking | RESO |
Stack buffer overflow in nr |
--- | --- | --- | [adv-main57-][post-critsmash-triage] | crash, csectype-bounds, sec-critical |
1419325 | Core | WebRTC: Audio/Video | RESO |
SUMMARY: Address |
--- | --- | --- | csectype-uaf, sec-high | |
1493689 | Core | WebRTC: Networking | RESO |
SUMMARY: Address |
--- | --- | --- | [post-critsmash-triage] | crash, csectype-uaf, sec-high, testcase |
1550133 | Core | WebRTC | RESO | Intermittent /webrtc/<randomtest> | application crashed [... | --- | --- | --- | [sec-survey][post-critsmash-triage][adv-main79+r][adv-ESR78.1+r][adv-esr68.11+r] | crash, csectype-uaf, csectype-wildptr, intermittent-failure, regression, sec-high |
1551836 | Core | WebRTC | RESO |
heap-use-after-free and assertion with RTCPeer |
--- | --- | --- | [post-critsmash-triage] | csectype-uaf, regression, sec-high |
1592078 | Core | WebRTC: Signaling | RESO |
Potential reentrancy UAFs with Peer |
--- | --- | --- | [fixed in bug 1591199][post-critsmash-triage][adv-main74+r][adv-esr68.6+r] | csectype-uaf, sec-high |
1624405 | Core | WebRTC: Networking | RESO |
Crash in [@ nr |
--- | --- | --- | fix in bug 1634145[sec-survey] | crash, csectype-uaf, sec-high |
1642792 | Core | WebRTC: Networking | RESO |
Web |
--- | --- | --- | [disclosure date 2020-Jul-28][sec-survey][post-critsmash-triage][reporter is Natalie Silvanovich of Google Project Zero][adv-main79+][adv-ESR78.1+][adv-esr68.11+] | sec-high |
1643437 | Core | WebRTC: Networking | RESO |
Crash in [@ nr |
--- | --- | --- | [adv-main78+r][adv-esr68.10+r][sec-survey] | crash, csectype-uaf, sec-high |
1657739 | Core | WebRTC: Audio/Video | RESO |
Thread |
--- | --- | --- | [sec-survey][adv-main83+r][adv-esr78.5+r] | csectype-race, sec-high |
1671923 | Core | WebRTC: Audio/Video | RESO |
Thread |
--- | --- | --- | [sec-survey][adv-main83+r][adv-esr78.5+r] | sec-high |
1804626 | Core | JavaScript Engine: J | RESO |
Assertion failure: [barrier verifier] Unmarked edge: JS O |
--- | --- | --- | [bugmon:update,bisected,confirmed][post-critsmash-triage][adv-main109+r] | assertion, crash, csectype-uaf, regression, sec-high, testcase |
1372383 | Core | WebRTC: Signaling | RESO |
[Libfuzzer] Heap-buffer-overflow in sdp |
--- | --- | --- | [post-critsmash-triage][adv-main55-][adv-esr52.3-] don't disclose until upstream agrees to disclose | csectype-bounds, sec-high |
1372467 | Core | WebRTC: Signaling | RESO |
[Libfuzzer] Heap-buffer-overflow in sdp |
--- | --- | --- | [post-critsmash-triage][adv-main55-][adv-esr52.3-] don't disclose until upstream agrees to disclose | csectype-bounds, sec-high |
1384801 | Core | WebRTC: Signaling | RESO |
[Lib |
--- | --- | --- | [adv-main56-][adv-esr52.4-][post-critsmash-triage] don't disclose until upstream agrees to disclose | crash, csectype-bounds, sec-high, testcase |
1424342 | Core | WebRTC | RESO |
Web |
--- | --- | --- | regression, sec-high | |
1426988 | Core | WebRTC: Audio/Video | RESO |
UAF crash in libvpx 1 |
--- | --- | --- | [post-critsmash-triage][adv-main59+][adv-esr52.7+] | crash, csectype-uaf, sec-high |
1464063 | Core | WebRTC: Signaling | RESO |
[Lib |
--- | --- | --- | [adv-main61+][adv-esr52.9+][adv-esr60.1+][post-critsmash-triage] | crash, csectype-bounds, sec-high, testcase |
1467938 | Core | WebRTC: Networking | RESO | VP9 Missing Frame Processing Out-of-Bounds Memory Access | --- | --- | --- | [adv-main61+][adv-esr60.1+][post-critsmash-triage] | csectype-bounds, sec-high |
1477253 | Core | Audio/Video: Playbac | RESO | AV1 decoder is turned on by default ! | --- | --- | --- | [post-critsmash-triage] | regression, sec-high |
1677590 | Core | WebRTC: Signaling | RESO |
stack-buffer-overflow in [@ sdp |
--- | --- | --- | [disclosure 2021-02-15][adv-main85+r][adv-esr78.7+r][sec-survey] | oss-fuzz, sec-high |
1683964 | Core | WebRTC: Networking | RESO | Use-after-free write when handling malicious COOKIE-ECHO | --- | --- | --- | [sec-survey] | csectype-uaf, sec-critical |
1856716 | Core | Panning and Zooming | RESO |
Crash in [@ mozilla::layers::Active |
--- | --- | --- | crash, csectype-uaf, regression, sec-high, topcrash | |
1578671 | Core | DOM: Core & HTML | RESO |
heap-use-after-free in mozilla::Identifier |
--- | --- | --- | [post-critsmash-triage] | csectype-uaf, regression, sec-high |
1546331 | Core | DOM: Workers | RESO |
Web Workers - Use After Free in Register |
--- | --- | --- | [adv-main71+][adv-esr68.3+] | csectype-uaf, sec-high |
1616079 | Core | DOM: Workers | RESO |
Crash in [@ Rtl |
--- | --- | --- | [post-critsmash-triage] | crash, csectype-uaf, regression, sec-high |
1631618 | Core | DOM: Service Workers | RESO |
[TALOS-2020-1053] use-after-free in Shared |
--- | --- | --- | [post-critsmash-triage][adv-main77+][adv-esr68.9+][sec-survey] | crash, csectype-uaf, sec-high, testcase |
1840273 | Core | Graphics: WebGPU | RESO |
Web |
--- | --- | --- | [fixed in wgpu#3936][reporter-external] [client-bounty-form] [verif?] | csectype-sandbox-escape, sec-high |
1330739 | Core | Disability Access AP | RESO |
crash near null and potential UAF [@mozilla::a11y::Doc |
--- | --- | --- | [fuzzblocker][adv-main55+][post-critsmash-triage] | crash, csectype-uaf, regression, sec-critical, testcase |
1387918 | Core | Disability Access AP | RESO |
heap-use-after-free in [@ mozilla::a11y::Doc |
--- | --- | --- | [adv-main56+][adv-esr52.4+][post-critsmash-triage] | crash, csectype-uaf, regressionwindow-wanted, sec-high, testcase |
1410808 | Core | CSS Parsing and Comp | RESO |
stylo: heap-use-after-free in mozilla::css::Rule::cycle |
--- | --- | --- | csectype-uaf, regression, sec-high | |
1535612 | Core | CSS Parsing and Comp | RESO |
SUMMARY: Address |
--- | --- | --- | [adv-main67+][adv-esr60.7+] | crash, csectype-uaf, sec-high, testcase |
1442010 | Toolkit | UI Widgets | RESO |
Crash in ns |
--- | --- | --- | [post-critsmash-triage][adv-main63+][adv-esr60.3+] | crash, csectype-uaf, sec-high |
1312294 | Firefox for iOS | Browser | RESO |
IDN implementation in Firefox for i |
--- | --- | --- | [mobileCore] | csectype-spoof, sec-high, testcase |
1497242 | Firefox for iOS | General | RESO |
Continuously revealing of Cross-Origin URL (history navig |
--- | --- | --- | [fixed by Apple] | csectype-sop, sec-high, sec-vector |
1557763 | Focus | Security: iOS | RESO |
Address bar and SSL spoofing issue in Firefox focus for i |
--- | --- | --- | csectype-spoof, sec-high | |
1586176 | NSS | Libraries | RESO |
Out-of-bounds write when passing an output buffer smaller |
--- | --- | --- | [adv-main71+][adv-esr68.3+] | csectype-bounds, sec-high |
1377959 | Core | WebRTC | RESO |
jvm |
--- | --- | --- | [adv-main55-][post-critsmash-triage] | csectype-other, sec-high |
1186715 | Core | Audio/Video: Playbac | RESO |
Stagefright: heap-buffer-overflow crash [@stagefright::Sa |
--- | --- | --- | crash, csectype-bounds, sec-high | |
1277614 | Core | IPC | RESO |
Crash in mozilla::dom::PBlob |
--- | --- | --- | [adv-main48-] btpp-active, e10s-only | crash, csectype-uaf, sec-high |
1186657 | Core | WebRTC: Audio/Video | RESO |
Crash (UAF) in Video |
--- | --- | --- | [adv-main41+] | crash, csectype-uaf, sec-high |
1189058 | Core | WebRTC: Audio/Video | RESO |
unresponsive g |
--- | --- | --- | sec-high | |
1247236 | Core | WebRTC: Audio/Video | RESO | UAF in Cameras Shutdown on channel errors | --- | --- | --- | [adv-main45+][post-critsmash-triage] | csectype-uaf, sec-high |
1542581 | Toolkit | Crash Reporting | RESO |
Race condition in google |
--- | --- | --- | [reporter-external] [client-bounty-form] [verif?][adv-main67+][adv-esr60.7+] | csectype-race, csectype-sandbox-escape, regression, sec-high |
1443748 | Core | IPC | RESO |
Crash in mozilla::ipc::IPDLParam |
--- | --- | --- | [post-critsmash-triage][adv-main63+][adv-esr60.3+] | crash, csectype-uaf, regression, sec-high |
1322291 | Core | DOM: Animation | RESO |
SEGV on unknown address [@ fetch |
--- | --- | --- | [post-critsmash-triage] | crash, csectype-wildptr, sec-high, testcase |
1607536 | Core | DOM: Animation | RESO |
Crash in [@ core::ptr::real |
--- | --- | --- | crash, csectype-uaf, sec-high | |
1540759 | Core | Networking: HTTP | RESO |
Address |
--- | --- | --- | [necko-triaged][post-critsmash-triage][adv-main68+][adv-esr60.8+] | crash, csectype-race, regression, sec-high |
1548822 | Core | Networking: HTTP | RESO |
Address |
--- | --- | --- | [necko-triaged][post-critsmash-triage][adv-main68+][adv-esr60.8+] | crash, csectype-uaf, regression, sec-high |
1550498 | Core | Networking: HTTP | RESO |
Clone connection info object with unprotected m |
--- | --- | --- | [necko-triaged][post-critsmash-triage][adv-main68+][adv-esr60.8+] | crash, csectype-uaf, sec-high |
1561912 | Core | Networking: File | RESO |
Crash in [@ mozilla::File |
--- | --- | --- | [geckoview:fenix:m8] [bcs:p1][necko-triaged] [fennec68.1][adv-main69+][adv-esr68.1+][post-critsmash-triage] | crash, csectype-uaf, regression, sec-high |
1575217 | Core | Networking: WebSocke | RESO |
Address |
--- | --- | --- | [necko-triaged][post-critsmash-triage][adv-main70+][adv-main70+r][adv-esr68.2+][adv-esr68.2+r] | crash, regression, sec-high, testcase |
1425520 | Core | DOM: Serializers | RESO |
Crash in ns |
--- | --- | --- | [safe crash on 58 and later][adv-main59+][adv-esr52.7+] | crash, regression, sec-high, testcase-wanted |
1562033 | Core | DOM: HTML Parser | RESO |
title |
--- | --- | --- | [reporter-external] [client-bounty-form] [verif?][post-critsmash-triage][adv-main69+][adv-esr68.1+][adv-esr60.9+], [wptsync upstream] | regression, sec-high |
1639590 | Core | JavaScript Engine | RESO |
Fix Get |
--- | --- | --- | [adv-main77+][adv-esr68.9+][post-critsmash-triage][sec-survey] | regression, sec-high |
1729269 | Core | JavaScript Engine: J | RESO |
Assertion failure: return |
--- | --- | --- | [bugmon:update,bisect][sec-survey] | crash, regression, sec-high, testcase |
1810711 | Core | JavaScript Engine | RESO |
Assertion failure: Is |
--- | --- | --- | [adv-main110+][adv-esr102.8+] | csectype-uaf, sec-high |
1814899 | Core | JavaScript Engine: J | RESO |
MOZ |
--- | --- | --- | [adv-main111+][adv-esr102.9+] | csectype-bounds, sec-high |
1851599 | Core | JavaScript Engine | RESO |
Assertion failure: baseline |
--- | --- | --- | [adv-main118+][adv-esr115.3+] | regression, sec-high |
1648964 | Testing | geckodriver | RESO | CSRF to RCE in geckodriver | --- | --- | --- | [reporter-external] [client-bounty-form] [post-critsmash-triage][adv-main80-][adv-esr78.2-] | sec-high |
1508776 | NSS | Libraries | RESO |
UAF in sftk |
--- | --- | --- | [post-critsmash-triage][adv-main71+] | crash, csectype-uaf, csectype-wildptr, sec-high |
1558548 | Core | Security: PSM | RESO |
Upgrade Firefox 60 ESR to use NSS 3 |
--- | --- | --- | [post-critsmash-triage] | csectype-other, sec-high |
1558549 | Core | Security: PSM | RESO |
Upgrade Firefox 68 to use NSS 3 |
--- | --- | --- | [post-critsmash-triage] | csectype-other, sec-high |
1324773 | Core | JavaScript Engine | RESO |
Crash [@ js::gc::Is |
--- | --- | --- | [jsbugmon:][post-critsmash-triage] | assertion, bugmon, crash, regression, sec-high, testcase |
1400003 | Core | JavaScript: GC | RESO |
ns |
--- | --- | --- | [adv-main57+][adv-esr52.5+][post-critsmash-triage] | csectype-uaf, sec-high |
1446811 | Core | JavaScript Engine | RESO |
Crash in js::gc::Store |
--- | --- | --- | crash, sec-high | |
1500759 | Core | DOM: Security | RESO |
Address |
--- | --- | --- | [domsecurity-active][post-critsmash-triage][adv-main64+][adv-esr60.4+] | crash, regression, sec-high |
1504816 | Core | DOM: Core & HTML | RESO | Buffer source patches from 1475228 may have introduced a ... | --- | --- | --- | [post-critsmash-triage][adv-main64+] | csectype-uaf, regression, sec-high |
1506640 | Core | JavaScript Engine | RESO |
Assertion failure: found() running jit-test basic/bug9089 |
--- | --- | --- | [adv-main64+][adv-esr60.4+] | assertion, csectype-uaf, sec-high |
1510145 | Core | JavaScript Engine | RESO |
Assertion failure: arena->buffered |
--- | --- | --- | [jsbugmon:][post-critsmash-triage][adv-main65+] | assertion, bugmon, regression, sec-high, testcase |
1518001 | Core | JavaScript: GC | RESO |
Assertion failure: current |
--- | --- | --- | [post-critsmash-triage][adv-main66+][adv-esr60.6+] | assertion, reproducible, sec-high |
1555936 | Core | JavaScript: GC | RESO |
Crash in [@ js::Atoms |
--- | --- | --- | crash, csectype-wildptr, regression, sec-high | |
1647325 | Core | JavaScript: GC | RESO |
Crash [@ js::Mutex::owned |
--- | --- | --- | [sec-survey][post-critsmash-triage] | crash, csectype-uaf, regression, sec-high, testcase |
1714066 | Core | JavaScript: GC | RESO |
Assertion failure: linear |
--- | --- | --- | [bugmon:update,bisect,confirmed][fuzzblocker][sec-survey][adv-main90+r] | assertion, regression, sec-high, testcase |
1756567 | Core | JavaScript: GC | RESO |
Use a Weak |
--- | --- | --- | [sec-survey] | regression, sec-high |
1791975 | Core | JavaScript Engine | RESO |
Segfault in js::gc::Is |
--- | --- | --- | [post-critsmash-triage][adv-main107+][adv-esr102.5+] | csectype-uaf, sec-high |
1796901 | Core | JavaScript: GC | RESO |
Assertion failure: zone |
--- | --- | --- | [post-critsmash-triage][adv-esr102.5+] | csectype-uaf, regression, sec-high, testcase |
1820543 | Core | JavaScript: GC | RESO |
Assertion failure: this->flags() == 0, at gc/Cell |
--- | --- | --- | [adv-main112+][adv-esr102.10+] | csectype-uaf, regression, sec-high |
1835886 | Core | JavaScript Engine | RESO | Reproducible Tab Crash while doing module load in iframe | --- | --- | --- | [adv-main115+r][adv-esr102.13+r] | csectype-wildptr, regression, sec-high |
1845248 | Core | JavaScript: GC | RESO |
Crash in js::gc::detail::Cell |
--- | --- | --- | csectype-uaf, regression, sec-high | |
1847397 | Core | JavaScript: GC | RESO |
Assertion failure: kind == JS::Tracer |
--- | --- | --- | [fixed in 118 by bug 1847017] [adv-main117+] [adv-esr115.2+] | csectype-uaf, pernosco, regression, sec-high, testcase |
1315856 | Core | JavaScript Engine: J | RESO |
Assertion failure: (ptr |
--- | --- | --- | [jsbugmon:][post-critsmash-triage] | assertion, bugmon, crash, regression, sec-critical, testcase |
1346140 | Core | JavaScript Engine | RESO |
Use-after-free when creating dependent strings with an ex |
--- | --- | --- | [adv-main53+][adv-esr52.1+] | csectype-uaf, regression, sec-critical |
1404636 | Core | JavaScript Engine: J | RESO | Differential Testing: Different output message involving ... | --- | --- | --- | [adv-main57+][adv-esr52.5+][post-critsmash-triage] | sec-high, testcase |
1408412 | Core | JavaScript Engine: J | RESO | Max number of actual arguments is not checked everywhere | --- | --- | --- | [adv-main57+][adv-esr52.5+] | sec-critical |
1412420 | Core | JavaScript Engine | RESO |
Crash [@ js::Type |
--- | --- | --- | [jsbugmon:][adv-main58+][adv-esr52.6+][post-critsmash-triage] | bugmon, crash, regression, sec-high, testcase |
1415883 | Core | JavaScript Engine | RESO | Heap-buffer-overflow READ 8 with async generators | --- | --- | --- | [adv-main58+][post-critsmash-triage] | csectype-bounds, oss-fuzz, sec-high |
1444668 | Core | JavaScript Engine: J | RESO |
Write beyond bounds caused by overlarge offset in WASM as |
--- | --- | --- | [adv-main60+][adv-esr52.8+] | csectype-bounds, csectype-intoverflow, sec-high |
1544386 | Core | JavaScript Engine: J | RESO |
Spidermonkey: Ion |
--- | --- | --- | csectype-jit, sec-critical | |
1546327 | Core | JavaScript Engine | RESO |
Bytecode length can overflow UINT32 |
--- | --- | --- | [adv-main67+][adv-esr60.7+] | csectype-intoverflow, sec-high |
1592524 | Core | JavaScript Engine | RESO |
Assertion failure: mir->resume |
--- | --- | --- | [jsbugmon:update][post-critsmash-triage] | assertion, bugmon, regression, sec-high, testcase |
1603055 | Core | XPConnect | RESO |
Big |
--- | --- | --- | [reporter-external] [client-bounty-form] [verif?][adv-main72+][adv-esr68.4+][sec-survey] | csectype-undefined, regression, sec-high |
1608256 | Core | JavaScript Engine | RESO |
Assertion failure: start |
--- | --- | --- | [jsbugmon:bisect][post-critsmash-triage][sec-survey][adv-main74+r][adv-esr68.6+r] | assertion, bugmon, csectype-bounds, regression, sec-high, testcase |
1608994 | Core | JavaScript Engine | RESO |
Assertion failure: Load |
--- | --- | --- | [Nightly only] [jsbugmon:bisect][post-critsmash-triage][sec-survey] | assertion, bugmon, crash, csectype-jit, regression, sec-high, testcase |
1640737 | Core | JavaScript Engine: J | RESO |
Assertion failure: Load |
--- | --- | --- | [post-critsmash-triage][sec-survey][adv-main78+][adv-esr68.10+] | sec-high |
1667685 | Core | JavaScript Engine | RESO |
[warp] Assertion failure: !ic |
--- | --- | --- | [sec-survey][post-critsmash-triage][adv-main83+] | regression, sec-high, testcase |
1720031 | Core | JavaScript Engine: J | RESO |
Assertion failure: !Is |
--- | --- | --- | [sec-survey][adv-main91+][adv-esr78.13+] | csectype-uaf, sec-high |
1808352 | Core | JavaScript Engine: J | RESO |
Crash in [@ mozilla::dom::Element::Class |
--- | --- | --- | [adv-main111+r][adv-esr102.9+r] | crash, csectype-jit, sec-high, topcrash |
1819486 | Core | JavaScript Engine: J | RESO |
Crash [@ js::jit::Call |
--- | --- | --- | [bugmon:update,bisected,confirmed][post-critsmash-triage][adv-main112+r] | assertion, crash, regression, sec-high, testcase |
1820602 | Core | JavaScript Engine: J | RESO |
Remaining crashes on JS |
--- | --- | --- | [post-critsmash-triage][adv-main112+r][adv-esr102.10+r] | csectype-jit, sec-high |
1827073 | Core | JavaScript Engine: J | RESO |
Assertion failure: m |
--- | --- | --- | [adv-main113-] | csectype-bounds, regression, sec-high |
1841682 | Core | JavaScript: GC | RESO |
Assertion failure: this->flags() == 0, at gc/Cell |
--- | --- | --- | [bugmon:update,bisected,confirmed][adv-main116+r][adv-ESR115.1+r] | assertion, csectype-uaf, regression, sec-high, testcase |
1422931 | Core | DOM: Core & HTML | RESO |
Address |
--- | --- | --- | csectype-bounds, sec-high | |
1842674 | Core | Graphics: Text | RESO |
Potential Double-Free race in gfx |
--- | --- | --- | [adv-main118+r][adv-esr115.3+r] | csectype-race, regression, sec-high |
1292534 | Core | Graphics: CanvasWebG | RESO | flex: buffer overflow in generated code | --- | --- | --- | [gfx-noted][adv-main53+][adv-esr52.1+][adv-esr45.9+] | csectype-intoverflow, sec-high |
1333858 | Core | Graphics: CanvasWebG | RESO |
SEGV in Address |
--- | --- | --- | gfx-noted [adv-main53+][adv-esr45.9+][adv-esr52.1+] | csectype-bounds, sec-critical, testcase |
1394265 | Core | Graphics: CanvasWebG | RESO |
Crash in OOM | large | NS |
--- | --- | --- | [gfx-noted][adv-main57+][adv-esr52.5+][post-critsmash-triage] | crash, csectype-uaf, regression, sec-high |
1402372 | Core | Graphics: CanvasWebG | RESO |
heap buffer overflow in Vertex |
--- | --- | --- | [gfx-noted][adv-main57+][adv-esr52.5.1+] | crash, csectype-bounds, regression, sec-critical, testcase |
1434400 | Core | Graphics: CanvasWebG | RESO |
using Web |
--- | --- | --- | [CVE-2018-10229][disclose 1442504 in advisory for release when this is public] gfx-noted | sec-high |
1442504 | Core | Graphics: CanvasWebG | RESO |
Disable disjoint timer queries to prevent use as a high-p |
--- | --- | --- | [embargo until 1434400 is fixed][adv-main59-][adv-esr52.7-] gfx-noted | sec-high |
1507696 | Core | Graphics: CanvasWebG | RESO |
ANGLE crash in copy |
--- | --- | --- | gfx-noted[post-critsmash-triage][adv-main68+] | csectype-uaf, regression, sec-high |
1527534 | Core | Graphics | RESO | On Android, Gecko always tries to load a library from an ... | --- | --- | --- | gfx-noted[post-critsmash-triage][adv-main66+] | csectype-priv-escalation, sec-high |
1550655 | Core | Graphics: CanvasWebG | RESO | Cherry-pick fixes to angle-66 | --- | --- | --- | [post-critsmash-triage] | regression, sec-high |
1608330 | Core | Graphics: CanvasWebG | RESO |
Address |
--- | --- | --- | [post-critsmash-triage] | crash, csectype-uaf, regression, sec-high, testcase |
1654211 | Core | Graphics | RESO |
Address |
--- | --- | --- | [sec-survey][post-critsmash-triage][adv-main81+] | crash, csectype-uaf, regression, sec-high |
1663466 | Core | Graphics: CanvasWebG | RESO |
Heap Overflow in web |
--- | --- | --- | [sec-survey][adv-main84+][adv-esr78.6+] | csectype-bounds, sec-high |
1664257 | Core | Graphics: WebRender | RESO |
Crash in [@ mozilla::Weak |
--- | --- | --- | [post-critsmash-triage][sec-survey][adv-main82+r] | crash, csectype-uaf, regression, sec-high |
1743767 | Core | Graphics: CanvasWebG | RESO |
heap-buffer-overflow in mozilla::gl::GLContext::raw |
--- | --- | --- | [post-critsmash-triage][adv-main101+][adv-esr91.10+] | csectype-bounds, sec-high |
1755806 | Core | Graphics: CanvasWebG | RESO |
webgl heap overflow (raw |
--- | --- | --- | [fixed by bug 1779800 in Fx106][post-critsmash-triage] | csectype-bounds, sec-high, sec-vector |
1770930 | Core | Graphics | RESO |
Address |
--- | --- | --- | [fixed by bug 1779800][adv-esr102.6+] | crash, csectype-bounds, regression, sec-high |
1550955 | Core | WebRTC: Audio/Video | RESO |
Crash in [@ mozilla::Source |
--- | --- | --- | [post-critsmash-triage] | crash, csectype-uaf, regression, sec-high |
1773396 | Core | Graphics: WebGPU | RESO |
stack-use-after-scope in [@ smallvec::Small |
--- | --- | --- | [bugmon:bisected,confirmed][fuzzblocker] [post-critsmash-triage] | crash, csectype-wildptr, regression, sec-high, testcase |
1800172 | Core | Graphics: WebGPU | RESO |
stack-use-after-scope [@ wgpu |
--- | --- | --- | [fuzzblocker][bugmon:bisected,confirmed][post-critsmash-triage] | crash, csectype-uaf, regression, sec-high, testcase |
1741201 | Core | Storage: IndexedDB | RESO |
Out-of-bounds write due to integer overflow [@ Object |
--- | --- | --- | [sec-survey][adv-main96+r][adv-ESR91.5+r] | csectype-intoverflow, csectype-sandbox-escape, regression, sec-high |
1744165 | Core | Storage: localStorag | RESO |
Intermittent browser/components/preferences/tests/site |
--- | --- | --- | [post-critsmash-triage][adv-main97+r][sec-survey][adv-esr91.6+r] | crash, csectype-uaf, intermittent-failure, sec-high |
1516325 | Core | Networking | RESO | Crash in poll | --- | --- | --- | [necko-triaged][adv-main67+][adv-esr60.7+] | crash, csectype-bounds, sec-high, testcase-wanted |
1565744 | Core | IPC | RESO |
Mem |
--- | --- | --- | [adv-main69+][adv-esr68.1+][post-critsmash-triage] | csectype-priv-escalation, sec-high |
1760611 | NSPR | NSPR | RESO |
Address |
--- | --- | --- | [necko-triaged][adv-main104+r][adv-esr102.2+r] [post-critsmash-triage] | csectype-bounds, sec-high, testcase-wanted |
1762078 | Core | DOM: Service Workers | RESO |
Service |
--- | --- | --- | [post-critsmash-triage][adv-main107+][adv-esr102.5+] | csectype-sop, sec-high |
1596826 | Core | Widget: Cocoa | RESO |
Crash in [@ -[NSView build |
--- | --- | --- | crash, csectype-uaf, intermittent-failure, regression, sec-high | |
1395138 | Core | Graphics: Layers | RESO |
Crash in mozilla::layers::Render |
--- | --- | --- | [gfx-noted][adv-main57+][adv-esr52.5+][post-critsmash-triage] | crash, csectype-uaf, regression, sec-high, topcrash |
1469472 | Core | Web Painting | RESO |
heap-buffer-overflow in [@ mozilla::Frame |
--- | --- | --- | crash, csectype-bounds, regression, sec-high, testcase | |
1848890 | Core | Graphics: Canvas2D | RESO |
Crash in [@ mozilla::fontlist::Font |
--- | --- | --- | [adv-main118+r][adv-esr115.3+r] | crash, csectype-race, csectype-uaf, sec-high, topcrash |
1662507 | Core | WebRTC: Audio/Video | RESO |
Racy access to Webrtc |
--- | --- | --- | [sec-survey][adv-main85+r][adv-esr78.7+r] | csectype-race, sec-high |
1330769 | Core | JavaScript Engine | RESO |
ASLR leak via pointer scrambling in Shape |
--- | --- | --- | [adv-main51+][adv-esr45.7+] Disclosure date ~Jan 21 2017 (note Fx51 scheduled for Jan 24) | csectype-disclosure, csectype-sop, sec-high |
1384615 | Core | JavaScript Engine | RESO |
Assertion failure: !wcompartment->lookup |
--- | --- | --- | [fixed by bug 1404107][adv-main57+][post-critsmash-triage] | assertion, sec-high, testcase |
1403716 | Core | JavaScript Engine | RESO |
Fix the underlying issues that make the patch for bug 135 |
--- | --- | --- | [adv-main57+][post-critsmash-triage] Fixed by bug 1404107 | csectype-uaf, sec-high |
1425612 | Core | JavaScript Engine | RESO |
Structured |
--- | --- | --- | [adv-main58+][adv-esr52.6+][post-critsmash-triage] | crash, csectype-sandbox-escape, csectype-wildptr, sec-high, testcase |
1426783 | Core | JavaScript Engine | RESO |
Address |
--- | --- | --- | [jsbugmon:update,bisect][adv-main58+][adv-esr52.6+] | bugmon, crash, csectype-sandbox-escape, regression, sec-high, testcase |
1459932 | Core | JavaScript Engine | RESO |
Crash in Name |
--- | --- | --- | [#jsapi:crashes-retriage][adv-main67+] | crash, csectype-wildptr, regression, sec-high |
1547561 | Core | JavaScript Engine | RESO |
Crash in [@ js::frontend::Rewriting |
--- | --- | --- | crash, csectype-wildptr, sec-high | |
1679003 | Core | JavaScript Engine | RESO |
Uninitialised memory read with Big |
--- | --- | --- | [also affects WebKit and Chrome][sec-survey][adv-main84+][adv-esr78.6+] | csectype-uninitialized, regression, sec-critical |
1745667 | NSS | Libraries | RESO |
Crash in [@ PR |
--- | --- | --- | [sec-moderate for Firefox][will be fixed in bug 1370866][sec-survey] [post-critsmash-triage][adv-main99+][adv-esr91.8+] | crash, csectype-race, csectype-uaf, sec-high |
1753535 | NSS | Libraries | RESO |
Address |
--- | --- | --- | [post-critsmash-triage][sec-survey][adv-main100+r] | crash, csectype-uaf, regression, sec-high, testcase |
1756271 | NSS | Libraries | RESO |
Crash in nss |
--- | --- | --- | [nss-fx][post-critsmash-triage][adv-main99-][sec-survey][adv-esr91.8-] | crash, csectype-race, csectype-uaf, sec-high |
1798823 | NSS | Libraries | RESO |
segmentation fault or buffer overflow when calling RSA |
--- | --- | --- | [post-critsmash-triage][adv-main110-][adv-esr102.8-] | csectype-bounds, sec-high |
1576969 | Core | JavaScript: WebAssem | RESO | thread '<unnamed>' panicked at 'assertion failed: `(left ... | --- | --- | --- | [jsbugmon:][post-critsmash-triage] | assertion, bugmon, crash, regression, sec-high, testcase |
1673555 | Core | JavaScript: WebAssem | RESO |
Hit MOZ |
--- | --- | --- | [sec-survey][post-critsmash-triage][adv-main85+r] | assertion, crash, regression, sec-high, testcase |
1673589 | Core | JavaScript: WebAssem | RESO |
Crash [@ ??] with SIGTRAP with Web |
--- | --- | --- | [bugmon:update,bisect][sec-survey][adv-main84+r][adv-esr78.6+r] | crash, regression, sec-high, testcase |
1678582 | Core | JavaScript: WebAssem | RESO | Crash [@ ??] with Cranelift | --- | --- | --- | [fuzzblocker][sec-survey][adv-main85+r] | crash, regression, sec-high, testcase |
1741869 | Core | DOM: Workers | RESO |
Address |
--- | --- | --- | [keep hidden while 1748401 is][fixed by 1650214][bugmon:confirm][adv-main96+r][adv-ESR91.5+r][sec-survey][post-critsmash-triage] | csectype-uaf, sec-high, testcase |
1447156 | Core | Storage: IndexedDB | RESO |
Crash in mozilla::dom::IDBFactory::Open |
--- | --- | --- | crash, csectype-uaf, regression, sec-high | |
1489020 | Core | Storage: IndexedDB | RESO |
Use after free in Indexed |
--- | --- | --- | [reporter-external] [client-bounty-form] [verif?],DWS_NEXT | csectype-uaf, sec-high, testcase |
1499108 | Core | Storage: IndexedDB | RESO |
Address |
--- | --- | --- | [fixed by bug 1538619][adv-main67+][adv-esr60.7+] | crash, csectype-uaf, sec-high, testcase-wanted |
1499719 | Core | Storage: IndexedDB | RESO |
Address |
--- | --- | --- | [fixed by bug 1538619][adv-main67+][adv-esr60.7+] | crash, csectype-uaf, sec-high, testcase-wanted |
1538619 | Core | Storage: IndexedDB | RESO |
Transaction |
--- | --- | --- | [adv-main67+][adv-esr60.7+] | csectype-uaf, sec-high |
1506969 | Core | JavaScript Engine | RESO |
Assertion failure: start |
--- | --- | --- | [disclosure deadline Feb 12, 2019][post-critsmash-triage] | assertion, crash, csectype-bounds, oss-fuzz, sec-high, testcase |
1596706 | Core | JavaScript Engine | RESO |
Assertion failure: chars |
--- | --- | --- | [jsbugmon:update,bisect][post-critsmash-triage][adv-main73+r][adv-esr68.5+r] | assertion, bugmon, crash, csectype-bounds, regression, sec-high, testcase |
1602497 | Core | JavaScript: Internat | RESO |
Intl |
--- | --- | --- | [sec-survey][post-critsmash-triage] | csectype-intoverflow, sec-high |
1612308 | Core | DOM: Networking | RESO |
Security: OOB access in js::Readable |
--- | --- | --- | [disclosure date is 2020-04-29][post-critsmash-triage][adv-main74+][adv-esr68.6+], [wptsync upstream] | sec-high |
1660954 | Core | DOM: Core & HTML | RESO |
Abort |
--- | --- | --- | [sec-survey][adv-main82+r][post-critsmash-triage][adv-esr78.4+r] | sec-high |
1542097 | Core | Audio/Video: Playbac | RESO |
heap-buffer-overflow in [@ mozilla::Audio |
--- | --- | --- | [adv-main67+][adv-esr60.7+] | crash, csectype-bounds, sec-high, testcase |
1561484 | Core | Audio/Video: Playbac | RESO |
Benchmark code doesn't keep Media |
--- | --- | --- | [post-critsmash-triage][adv-main69+][adv-esr68.1+] | crash, csectype-uaf, sec-high, testcase |
1673240 | MailNews Core | Security: OpenPGP | RESO |
RNP-01-014 WP1 Thunderbird: Key manipulation via uncertif |
--- | --- | --- | [RNP][fixed-in-rnp][needs tb adjustments] | sec-high |
1689613 | Chat Core | Security: OTR | RESO |
Update libgcrypt to 1 |
--- | --- | --- | sec-critical | |
1738501 | MailNews Core | Security: S/MIME | RESO |
Automatic S/MIME cert import should use additional verifi |
--- | --- | --- | sec-critical | |
1319271 | Core | IPC | RESO | IDB - Use After Free in ipc::IPCResult::Fail | --- | --- | --- | csectype-uaf, regression, sec-critical | |
1223670 | Core | Audio/Video: MediaSt | RESO |
"Assertion failure: cycle |
--- | --- | --- | [adv-main44+][adv-esr38.6+][post-critsmash-triage] | assertion, csectype-uaf, regression, sec-critical, testcase |
1408276 | Core | Audio/Video: MediaSt | RESO |
races with LIFECYCLE |
--- | --- | --- | [adv-main58+][adv-esr52.6+][post-critsmash-triage] | crash, csectype-wildptr, sec-high |
1471953 | Core | Audio/Video: MediaSt | RESO |
Address |
--- | --- | --- | [post-critsmash-triage][adv-main62+][adv-esr60.2+] | csectype-uaf, sec-high, testcase-wanted |
1606148 | Core | Web Audio | RESO |
addition of unsigned offset to 0xe4e4e4e4e4e4e4e4 overflo |
--- | --- | --- | [post-critsmash-triage] | csectype-uninitialized, sec-high |
1430589 | Core | Web Painting | RESO |
ASAN Stack-overflow on ns |
--- | --- | --- | csectype-uaf, regression, sec-high | |
1544526 | Core | Networking: HTTP | RESO |
IPC: heap-use-after-free crash [@mozilla::net::ns |
--- | --- | --- | [necko-triaged][post-critsmash-triage] | crash, csectype-sandbox-escape, csectype-uaf, regression, sec-high, testcase |
1656697 | Core | Networking: HTTP | RESO |
Thread |
--- | --- | --- | [post-critsmash-triage][sec-survey][adv-main83+r][adv-esr78.5+r] | crash, csectype-uaf, sec-high, testcase |
1662676 | Core | Networking: Cache | RESO |
Crash in [@ ns |
--- | --- | --- | [sec-survey][post-critsmash-triage][adv-main91+r][adv-esr78.13+r] | crash, csectype-uaf, sec-high |
1667102 | Core | Networking: HTTP | RESO |
Crash in [@ mozilla::net::Http2Stream::Transmit |
--- | --- | --- | [necko-triaged][sec-survey][adv-main93+][adv-esr91.3+] | crash, sec-high, testcase-wanted |
1715029 | Core | Networking | RESO |
Crash in [@ mozilla::net::ns |
--- | --- | --- | [necko-triaged][sec-survey] | crash, csectype-uaf, regression, regressionwindow-wanted, sec-high |
1740274 | Core | Networking: HTTP | RESO |
Crash in [@ mozilla::net::Http2Stream::Transmit |
--- | --- | --- | [necko-triaged][sec-survey][adv-main96+r][adv-ESR91.5+r] | crash, csectype-uaf, sec-high, testcase-wanted |
1746543 | Core | Networking: HTTP | RESO |
Use-after-free crash in [@ mozilla::net::Proxy |
--- | --- | --- | [necko-triaged][sec-survey][post-critsmash-triage] | crash, csectype-uaf, regression, sec-high |
1750688 | Core | Networking: WebSocke | RESO |
Crash in [@ mozilla::net::Web |
--- | --- | --- | [necko-triaged][sec-survey][post-critsmash-triage] | csectype-uaf, sec-high |
1794061 | Core | Networking: HTTP | RESO |
Crash in [@ ns |
--- | --- | --- | [necko-triaged][post-critsmash-triage][adv-main107+r][adv-esr102.5+r] | crash, csectype-uaf, sec-high |
1806974 | Core | Networking: HTTP | RESO |
Address |
--- | --- | --- | [necko-triaged][necko-priority-queue][post-critsmash-triage][adv-main109+r][adv-esr102.7+r] | crash, csectype-uaf, sec-high, testcase |
1814947 | Core | Networking | RESO |
UAF in Http3Web |
--- | --- | --- | [necko-triaged][post-critsmash-triage] | csectype-uaf, pernosco, sec-high |
1848999 | Core | Networking: Cache | RESO |
Poison crash in [@ mozilla::net::TLSTransport |
--- | --- | --- | [necko-triaged] [necko-priority-queue] [adv-main117+r] [adv-esr115.2+r] | crash, csectype-uaf, regression, sec-high |
1577953 | NSS | Libraries | RESO | HKDF SHA1 stack buffer overflow (write) | --- | --- | --- | [reporter-external] [client-bounty-form] [verif?][adv-main70+][adv-esr68.2+][post-critsmash-triage] | crash, csectype-bounds, sec-high, testcase |
1631583 | NSS | Libraries | RESO | Side channel attack on ECDSA signature generation | --- | --- | --- | [sec-moderate in Firefox][disclosure date 2020-07-28][RedHat INC1266630][sec-survey][adv-main80+] | csectype-disclosure, sec-high |
1450688 | Core | XBL | RESO |
Crash [@ JS::Get |
--- | --- | --- | [needs followup patch with comment][adv-main61+][adv-esr52.9+][adv-esr60.1+][post-critsmash-triage] | crash, sec-high, testcase |
1516738 | Core | JavaScript: WebAssem | RESO |
Assertion failure: size |
--- | --- | --- | [jsbugmon:update][post-cristsmash-triage][adv-main65+][adv-esr60.5+] | assertion, bugmon, csectype-bounds, regression, sec-high, testcase |
1587050 | Core | JavaScript: WebAssem | RESO |
table |
--- | --- | --- | sec-high | |
1644550 | Core | JavaScript: WebAssem | RESO |
Crash [@ ??] with SIGTRAP with Web |
--- | --- | --- | [bugmon:update,bisect,confirmed][post-critsmash-triage][sec-survey] | crash, regression, sec-high, testcase |
1666140 | Core | JavaScript: WebAssem | RESO |
Crash [@ ??] with Web |
--- | --- | --- | [bugmon:update,bisected,confirmed][post-critsmash-triage][sec-survey][adv-main82+r][adv-esr78.4+r] | crash, regression, sec-high, testcase |
1675844 | Core | JavaScript: WebAssem | RESO |
Assertion failure: m |
--- | --- | --- | [adv-main85+r][adv-esr78.7+r][sec-survey] | assertion, csectype-bounds, regression, sec-high, testcase |
1707774 | Core | JavaScript Engine: J | RESO | Live range splitting can lead to conflicting assignments ... | --- | --- | --- | [sec-survey][post-critsmash-triage][adv-main91+] | csectype-bounds, regression, sec-high, testcase |
1710312 | Core | JavaScript Engine: J | RESO |
Address |
--- | --- | --- | [fuzzblocker][post-critsmash-triage][sec-survey] | regression, sec-high, testcase |
1713108 | Core | JavaScript: WebAssem | RESO |
Lowering and code generation of generic 32-bit wasm selec |
--- | --- | --- | [sec-survey] | sec-high |
1745170 | Core | JavaScript: WebAssem | RESO |
table |
--- | --- | --- | [sec-survey] | regression, sec-high |
1767177 | Core | JavaScript: WebAssem | RESO |
Address |
--- | --- | --- | [jsbugmon:update,bisect][post-critsmash-triage][adv-main101+r] | crash, regression, sec-high, testcase |
1366446 | Core | Graphics | RESO |
Address |
--- | --- | --- | [post-critsmash-triage][adv-main54+] | crash, csectype-uaf, sec-high |
1375842 | Core | Graphics | RESO |
Address |
--- | --- | --- | [gfx-noted] | crash, csectype-bounds, regressionwindow-wanted, sec-high, testcase |
1441941 | Core | Graphics | RESO |
Skia and Firefox: Integer overflow in Sk |
--- | --- | --- | [disclosure deadline May 30][adv-main60+][adv-esr52.8+] | csectype-intoverflow, sec-high |
1454692 | Core | Graphics | RESO | Backport relevant post-m55 Skia security fixes to ESR52 | --- | --- | --- | [adv-esr52.8+] | sec-critical |
1817336 | Core | Graphics | RESO |
Crash in [@ nouveau |
--- | --- | --- | [adv-main111+r] | crash, csectype-uaf, sec-high |
1437087 | Core | DOM: Editor | RESO |
heap-use-after-free in [@ mozilla::Editor |
--- | --- | --- | [post-critsmash-triage][adv-main59+][adv-esr52.7+] | csectype-uaf, sec-high |
1486314 | Core | DOM: Editor | RESO |
heap-buffer-overflow in [@ mozilla::Text |
--- | --- | --- | [post-critsmash-triage][adv-main63+] | crash, csectype-bounds, regression, sec-high, testcase |
1415291 | Core | JavaScript Engine | RESO |
Heap-buffer-overflow READ 8 · js::Wasm |
--- | --- | --- | [adv-main58+][post-critsmash-triage] | csectype-bounds, oss-fuzz, sec-high |
1559858 | Firefox | Security | RESO |
Sending `Prompt:Open` from the child allows for a sandbox |
--- | --- | --- | [post-critsmash-triage][adv-main67+][adv-esr60.7+] | csectype-priv-escalation, csectype-sandbox-escape, sec-high |
1415598 | Toolkit | Places | RESO |
Crash in ns |
--- | --- | --- | [fxsearch][adv-main58+][adv-esr52.6+][post-critsmash-triage] | crash, csectype-uaf, regression, sec-high |
1386915 | Core | CSS Parsing and Comp | RESO |
stylo: Address |
--- | --- | --- | crash, csectype-race, csectype-wildptr, sec-high, testcase | |
1823547 | Core | Networking: HTTP | RESO |
Crash in [@ ns |
--- | --- | --- | [necko-triaged][post-critsmash-triage][adv-main112+r] | crash, csectype-uaf, regression, sec-high |
1454126 | Core | DOM: Editor | RESO |
crash at null in [@ ns |
--- | --- | --- | [adv-main60+] | crash, csectype-bounds, regression, sec-high, testcase |
1850938 | Core | DOM: UI Events & Foc | RESO |
Crash in [@ JSContext::verify |
--- | --- | --- | crash, csectype-uaf, regression, sec-high | |
1340138 | Core | DOM: Core & HTML | RESO | table use-after-free | --- | --- | --- | [disclosure date May 17 2017][adv-main52+][adv-esr45.8+] | csectype-uaf, sec-critical, testcase |
1352295 | Core | Graphics: Canvas2D | RESO |
mozilla::dom::Canvas |
--- | --- | --- | [fixed by bug 1355873][post-critsmash-triage][adv-main54+][adv-esr52.2+] | crash, csectype-uaf, regression, sec-critical |
1490561 | Core | Layout | RESO |
heap-use-after-free in [@ mozilla::Scroll |
--- | --- | --- | [adv-main63+][adv-esr60.3+] | crash, csectype-uaf, sec-high, testcase |
1414282 | Core | Graphics: Layers | RESO |
Layer |
--- | --- | --- | [potential sandbox escape][post-critsmash-triage][adv-main59-] | csectype-other, csectype-sandbox-escape, sec-high |
1490396 | Core | Graphics: WebRender | RESO |
[lib |
--- | --- | --- | [post-critsmash-triage] | crash, csectype-bounds, sec-high, testcase |
1643874 | Core | DOM: Core & HTML | RESO |
Crash in [@ mozilla::dom::Promise::Maybe |
--- | --- | --- | [post-critsmash-triage][adv-main78+][adv-esr68.10+][sec-survey] | crash, csectype-uaf, sec-high |
1588353 | Core | DOM: Service Workers | RESO |
Intermittent GECKO(2373) | SUMMARY: Address |
--- | --- | --- | [post-critsmash-triage] | csectype-uaf, intermittent-failure, sec-high |
1597481 | Core | DOM: Workers | RESO |
Address |
--- | --- | --- | [post-critsmash-triage][adv-main72+r] | crash, csectype-uaf, sec-high, testcase-wanted |
1601024 | Core | DOM: Workers | RESO |
heap-use-after-free in [@ Get |
--- | --- | --- | [testcase reduction blocked by bug 1588357][adv-main73+r][post-critsmash-triage] | crash, csectype-uaf, regression, sec-high, testcase-wanted |
1604719 | Core | DOM: Service Workers | RESO |
Intermittent dom/serviceworkers/test/test |
--- | --- | --- | crash, csectype-uaf, intermittent-failure, sec-high | |
1607276 | Core | DOM: Service Workers | RESO |
heap-use-after-free in [@ mozilla::DOMEvent |
--- | --- | --- | [post-critsmash-triage] | crash, csectype-uaf, regression, sec-high |
1425780 | Core | WebRTC | RESO |
Address |
--- | --- | --- | [adv-main58+][adv-esr52.6+][post-critsmash-triage] | crash, csectype-uaf, sec-high, testcase |
1438556 | Core | JavaScript Engine: J | RESO | Avoid non-wrapper cross-compartment edges in ICs | --- | --- | --- | [adv-main61+][adv-esr60.1+][post-critsmash-triage] | sec-high |
1439235 | Core | JavaScript Engine | RESO |
Assertion failure: Integer input should be equal or highe |
--- | --- | --- | [jsbugmon:] | assertion, bugmon, crash, regression, sec-high, testcase |
1536768 | Core | JavaScript Engine: J | RESO |
Ion |
--- | --- | --- | [adv-main67+][adv-esr60.7+] | sec-high |
1616909 | Core | JavaScript Engine | RESO |
Hazard Introduced by Source |
--- | --- | --- | [post-critsmash-triage] | csectype-uaf, regression, sec-high |
1765343 | Core | DOM: Streams | RESO |
Address |
--- | --- | --- | [bugmon:confirm] | csectype-uaf, regression, sec-high, testcase |
1418854 | Core | Networking: Cache | RESO |
Intermittent SUMMARY: Address |
--- | --- | --- | [OA][necko-triaged][adv-main58+][adv-esr52.6+][post-critsmash-triage] | csectype-uaf, intermittent-failure, sec-high |
1528481 | Core | Networking: HTTP | RESO | use after free in HTTP2 code, mozilla::net::Http2Session:... | --- | --- | --- | [necko-triaged][post-critsmash-triage][adv-main68+][adv-esr60.8+] | csectype-uaf, sec-high, testcase-wanted |
1547266 | Core | Networking: HTTP | RESO |
Intermittent Address |
--- | --- | --- | [necko-triaged][post-critsmash-triage][adv-main68+][adv-esr60.8+] | csectype-uaf, intermittent-failure, regression, sec-high |
1601712 | Core | Networking: HTTP | RESO |
Address |
--- | --- | --- | [necko-triaged][post-critsmash-triage][adv-main73+r] | crash, csectype-uaf, regression, sec-high, testcase |
1380426 | WebExtensions | General | RESO |
ns |
--- | --- | --- | [post-critsmash-triage][adv-main55+][adv-esr52.3+] triaged | csectype-uaf, sec-high |
1860977 | MailNews Core | Security: OpenPGP | RESO | PGP encryption can change subject of E-Mail if selecting ... | --- | --- | --- | [see comment 32, 38] | regression, sec-high, testcase |
1204580 | Core | Audio/Video: Playbac | RESO |
Stagefright: crash [@stagefright::Sample |
--- | --- | --- | [post-critsmash-triage][adv-main42+][adv-esr38.4+] | crash, csectype-intoverflow, sec-high |
1216748 | Core | Audio/Video: Playbac | RESO |
stagefright: potential underflow in 'covr', unchecked all |
--- | --- | --- | [adv-main43+][adv-esr38.5+] AndroidID-20923261, published in August 2015; uplift 1206211 first on beta&esr-38 | csectype-bounds, sec-high |
1274637 | Core | Audio/Video: Playbac | RESO |
ZDI-CAN-3766: Mozilla Firefox Clear |
--- | --- | --- | [adv-main48+][adv-esr45.3+] | csectype-bounds, sec-high |
1289280 | Core | Audio/Video: Playbac | RESO |
FFMPEG: heap-buffer-overflow read in [@av |
--- | --- | --- | [adv-main49+][adv-esr45.4+] | crash, csectype-bounds, sec-high, testcase |
1404297 | Core | DOM: Core & HTML | RESO |
Crash in ns |
--- | --- | --- | [adv-main59+] | crash, csectype-uaf, sec-high, testcase-wanted |
1348424 | Core | Widget: Cocoa | RESO |
Crash in objc |
--- | --- | --- | [post-critsmash-triage][adv-main54+][adv-esr52.2+] tpi:+ | crash, csectype-uaf, sec-high |
1400563 | Core | WebRTC: Networking | RESO |
Crash in Win |
--- | --- | --- | [adv-main68+] | crash, csectype-race, csectype-uaf, regression, sec-high |
1580156 | Core | WebRTC | RESO |
Intermittent Address |
--- | --- | --- | Coordinate CVE w/Google [adv-main71+][adv-esr68.3+] | crash, csectype-bounds, intermittent-failure, sec-high, testcase-wanted |
1585760 | Core | Graphics: Canvas2D | RESO |
Address |
--- | --- | --- | [adv-main71+r][adv-esr68.3+r] | crash, csectype-uaf, sec-high, testcase-wanted |
1464829 | Core | JavaScript Engine: J | RESO |
Possible OOB read from RInstruction |
--- | --- | --- | [adv-main61+][adv-esr52.9+][adv-esr60.1+][post-critsmash-triage] | sec-high |
1502013 | Core | JavaScript Engine: J | RESO |
js::jit::Remove |
--- | --- | --- | [post-critsmash-triage][adv-main64+][adv-esr60.4+] | sec-high |
1528829 | Core | JavaScript Engine: J | RESO |
Arbitrary range mis-inference due to loop phi range analy |
--- | --- | --- | [reporter-external] [client-bounty-form] [verif?][jsbugmon:update,testComment=2,origRev=dd4aa59c6a12][post-critsmash-triage][adv-main66+][adv-esr60.6+] | assertion, bugmon, sec-high, testcase |
1532599 | Core | JavaScript Engine: J | RESO |
Spidermonkey: Ion |
--- | --- | --- | [adv-main66+][adv-esr60.6+] | csectype-other, regression, sec-critical |
1546446 | Core | JavaScript Engine: J | RESO |
has |
--- | --- | --- | [post-critsmash-triage] | sec-critical |
1766283 | Core | JavaScript Engine | RESO |
Inline |
--- | --- | --- | [post-critsmash-triage][adv-main101+r][adv-esr91.10+r] | csectype-jit, sec-high |
1877357 | Core | JavaScript Engine: J | RESO |
Assertion failure: v |
--- | --- | --- | [sp3] | regression, sec-high, testcase |
1683490 | Core | DOM: Service Workers | RESO |
Crash in [@ mozilla::ipc::IProtocol::Actor |
--- | --- | --- | [post-critsmash-triage][sec-survey][adv-main86+r] | crash, csectype-uaf, sec-high |
1740797 | Core | DOM: File | RESO |
Address |
--- | --- | --- | [bugmon:confirm][sec-survey][adv-main96+r][adv-ESR91.5+r] | csectype-uaf, sec-high, testcase |
1757805 | Core | IPC | RESO | Shmem stores length in shared memory region | --- | --- | --- | [sec-survey][adv-main99+r][adv-esr91.8+r] | csectype-sandbox-escape, sec-high |
1761981 | Core | DOM: Core & HTML | RESO | Firefox sandbox iframe can execute scripts without allow-... | --- | --- | --- | [reporter-external] [client-bounty-form][post-critsmash-triage][adv-main100+][adv-esr91.9+] | sec-high |
1587681 | Firefox | Security | RESO |
Web |
--- | --- | --- | sec-high | |
1291702 | Core | Web Audio | RESO |
Web |
--- | --- | --- | [post-critsmash-triage] | crash, csectype-bounds, regression, sec-critical, testcase |
1302231 | Core | Audio/Video: MediaSt | RESO |
Crash in mozilla::Media |
--- | --- | --- | [fixed on trunk by bug 1314514][post-critsmash-triage][adv-main51+] | crash, regression, sec-high |
1388243 | Core | Audio/Video | RESO |
Heap-use-after-free in mozilla::Media |
--- | --- | --- | csectype-uaf, sec-high | |
1423916 | Core | WebRTC: Audio/Video | RESO | Crash in webrtc::Deinterleave<T> | --- | --- | --- | [clouseau] | crash, csectype-bounds, csectype-wildptr, regression, sec-high |
1424318 | Core | WebRTC | RESO |
Crash in webrtc::Float |
--- | --- | --- | crash, csectype-wildptr, regression, sec-high | |
1499426 | Core | WebRTC: Audio/Video | RESO |
Intermitent Address |
--- | --- | --- | [post-critsmash-triage][adv-main65+] | csectype-uaf, intermittent-failure, sec-high |
1607309 | Core | Audio/Video: MediaSt | RESO |
..application crashed [@ mozilla::Deadlock |
--- | --- | --- | [post-critsmash-triage] | crash, csectype-uaf, sec-high |
1626382 | Core | Web Audio | RESO |
Address |
--- | --- | --- | [post-critsmash-triage][adv-main76+r][adv-ESR68.8+r] | crash, csectype-uaf, sec-high, testcase |
1571439 | Core | JavaScript: GC | RESO |
Address |
--- | --- | --- | [fuzzblocker] [jsbugmon:][post-critsmash-triage] | assertion, bugmon, crash, regression, sec-high, testcase |
1538007 | Core | Internationalization | RESO | [ZDI-CAN-8374] Sandbox escape: XUL injection in language ... | --- | --- | --- | [adv-main68+][adv-esr60.8+] | csectype-priv-escalation, csectype-sandbox-escape, sec-high |
1619997 | GeckoView | General | RESO |
Gecko |
--- | --- | --- | [reporter-external] [client-bounty-form][post-critsmash-triage][adv-main75-] | csectype-priv-escalation, sec-high |
1798798 | Fenix | Browser Engine | RESO |
Window prompt with long description hides fullscreen noti |
--- | --- | --- | [reporter-external] [client-bounty-form] [verif?][geckoview][fxdroid][adv-main111+] | csectype-spoof, sec-high |
1401459 | Core | Networking: HTTP | RESO |
Address |
--- | --- | --- | [necko-triaged][post-critsmash-triage][adv-main58+] | csectype-race, csectype-uaf, regression, sec-high |
1516425 | Core | Graphics: Layers | RESO |
Crash in mozilla::layout::Get |
--- | --- | --- | [post-critsmash-triage][adv-main67+] | crash, csectype-uaf, regression, sec-high |
1637430 | Core | JavaScript: WebAssem | RESO |
Bounds check ref |
--- | --- | --- | [post-critsmash-triage][sec-survey] | csectype-bounds, regression, sec-high |
1747562 | Core | JavaScript: WebAssem | RESO |
Address |
--- | --- | --- | [bugmon:update,bisect][sec-survey][post-critsmash-triage] | crash, csectype-uaf, regression, sec-high, testcase |
1751699 | Core | JavaScript: WebAssem | RESO |
Assertion failure: a |
--- | --- | --- | [bugmon:update,bisect][sec-survey][post-critsmash-triage] | assertion, csectype-bounds, regression, sec-high, testcase |
1762441 | Core | JavaScript: WebAssem | RESO |
Stackmaps are not serialized/deserialized with Web |
--- | --- | --- | [sec-survey][post-critsmash-triage] | sec-critical |
1797685 | Core | JavaScript: WebAssem | RESO |
Address |
--- | --- | --- | [jsbugmon:update,bisect][post-critsmash-triage][adv-main108+r][adv-esr102.6+r] | assertion, crash, csectype-uaf, regression, sec-high, testcase |
1811559 | Core | JavaScript: WebAssem | RESO |
Emit |
--- | --- | --- | [adv-main111-] | csectype-uaf, regression, sec-high |
1833339 | Core | JavaScript: WebAssem | RESO |
Address |
--- | --- | --- | [bugmon:update,bisect][adv-main114+r][adv-esr102.12+r] | crash, csectype-bounds, regression, sec-high, testcase |
1219814 | Core | WebRTC: Audio/Video | RESO |
Overflow in Rtp |
--- | --- | --- | csectype-bounds, sec-high | |
1220493 | Core | WebRTC: Networking | RESO |
Underflow in RTPReceiver |
--- | --- | --- | [post-critsmash-triage][adv-main43+][adv-esr38.5+] | csectype-bounds, sec-high |
1254876 | Core | WebRTC: Audio/Video | RESO |
Intermittent 1113005 |
--- | --- | --- | [post-critsmash-triage][adv-main46+][adv-esr45.1+][adv-esr38.8+] | csectype-uaf, intermittent-failure, sec-high |
1258079 | Core | Audio/Video: MediaSt | RESO |
Intermittent test |
--- | --- | --- | [post-critsmash-triage][adv-main48+][adv-esr45.3+] | csectype-uaf, intermittent-failure, sec-high |
1258942 | Core | WebRTC | RESO |
Intermittent test |
--- | --- | --- | csectype-uaf, intermittent-failure, sec-high | |
1263384 | Core | WebRTC: Audio/Video | RESO |
VP8 encoder: Heap block overrun (writing) from copy |
--- | --- | --- | [post-critsmash-triage][adv-main47+][adv-esr45.2+] | csectype-bounds, sec-high |
1294407 | Core | WebRTC | RESO | Firefox crash when packets with missing headers are received | --- | --- | --- | [adv-main49+][adv-esr45.4+] | csectype-bounds, sec-high |
1311380 | Core | WebRTC: Networking | RESO |
Crash in mozilla::Data |
--- | --- | --- | crash, csectype-uaf, sec-high | |
1315288 | Core | WebRTC | RESO |
Crash in memcpy | copy |
--- | --- | --- | crash, csectype-bounds, regression, sec-high | |
1353476 | Core | WebRTC: Audio/Video | RESO |
Crash in mozilla::camera::Cameras |
--- | --- | --- | [adv-main53+][adv-esr52.1+] | crash, csectype-uaf, regression, sec-high |
1415582 | Core | WebRTC: Audio/Video | RESO |
Cleanup Web |
--- | --- | --- | [adv-main58+][adv-esr52.6+][post-critsmash-triage] | csectype-uaf, sec-high |
1421963 | Core | WebRTC: Audio/Video | RESO |
Intermittent GECKO(3202) | ==3255==ERROR: Address |
--- | --- | --- | [post-critsmash-triage][adv-main59+] | csectype-uaf, intermittent-failure, sec-high |
1425930 | GeckoView | General | RESO |
Crash in @0x0 | ns |
--- | --- | --- | [adv-main61+][adv-esr60.1+][post-critsmash-triage] | crash, csectype-uaf, regression, sec-high |
1426449 | Core | WebRTC | RESO |
Crash in webrtc::Simulcast |
--- | --- | --- | [adv-main58+][post-critsmash-triage] | crash, csectype-uaf, sec-high |
1429216 | Core | WebRTC | RESO | UAF due to webrtc codec init failure | --- | --- | --- | crash, csectype-uaf, sec-high | |
1544127 | Core | Networking | RESO |
Crash in [@ mozilla::net::Cookie |
--- | --- | --- | [necko-triaged] [necko-priority-review][adv-esr102.8+r] | crash, csectype-uaf, regression, sec-high |
1750565 | Toolkit | Add-ons Manager | RESO | Extension permission prompts skipped via dictionary | --- | --- | --- | [sec-survey][post-critsmash-triage][adv-main97+][adv-esr91.6+] | csectype-priv-escalation, sec-high |
1631576 | NSS | Libraries | RESO | Timing attack on DSA on NSS library | --- | --- | --- | [disclosure date 2020-06-02][RedHat INC1266622][post-critsmash-triage][adv-main77+][adv-esr68.9+][sec-survey] | sec-high |
1389561 | Core | Storage: IndexedDB | RESO |
crash in PLDHash |
--- | --- | --- | [adv-main58+][post-critsmash-triage] | crash, csectype-uaf, sec-high |
1628076 | Core | Storage: Cache API | RESO | Crash in [@ mozilla::dom::cache::Manager::Factory::Abort] | --- | --- | --- | [sec-survey][post-critsmash-triage][adv-main76+r][adv-ESR68.8+r] | crash, csectype-uaf, regression, sec-high |
1643613 | Core | DOM: Workers | RESO |
Intermittent PROCESS-CRASH | Main app process exited norm |
--- | --- | --- | [sec-survey][post-critsmash-triage][adv-main79+r][adv-ESR78.1+r] | crash, csectype-uaf, intermittent-failure, sec-high |
1646006 | Core | Storage: IndexedDB | RESO |
Crash in [@ mozilla::dom::indexed |
--- | --- | --- | [sec-survey][post-critsmash-triage][adv-main79+r][adv-ESR78.1+r] | crash, csectype-uaf, regression, sec-high |
1675868 | Core | DOM: postMessage | RESO |
Crash in [@ mozilla::detail::Support |
--- | --- | --- | [sec-survey][adv-main85+r][adv-esr78.7+r] | crash, csectype-uaf, sec-high, testcase-wanted |
1687597 | Core | DOM: Workers | RESO |
heap-use-after-free in [@ mozilla::dom::Worker |
--- | --- | --- | [sec-survey][adv-main86+r][adv-esr78.8+r] | csectype-uaf, regression, sec-high |
1317409 | Core | DOM: Core & HTML | RESO |
UAF involving mutation events, contenteditable iframes an |
--- | --- | --- | [adv-main50.1+][adv-esr45.6+] | csectype-uaf, sec-critical |
1346590 | Core | DOM: Core & HTML | RESO |
heap-use-after-free [@ Get |
--- | --- | --- | [adv-main55+][adv-esr52.3+][post-critsmash-triage] | crash, csectype-uaf, sec-high, testcase |
1416307 | Core | DOM: Navigation | RESO |
When Refresh |
--- | --- | --- | [keep hidden until 1414425 embargo ends][post-critsmash-triage][adv-main59-][adv-esr52.7-] | csectype-sop, sec-high |
1418922 | Core | DOM: Core & HTML | RESO |
heap-use-after-free in Get |
--- | --- | --- | [adv-esr52.6+][fixed on trunk in bug 1343037] | crash, csectype-uaf, sec-high, testcase |
1459693 | Core | DOM: Core & HTML | RESO |
heap-use-after-free in ns |
--- | --- | --- | [adv-main61+][adv-esr52.9+][adv-esr60.1+][post-critsmash-triage] | csectype-uaf, sec-critical |
1544670 | Core | DOM: Core & HTML | RESO |
heap-use-after-free in mozilla::dom::Wake |
--- | --- | --- | [adv-main67+][adv-esr60.7+] | csectype-uaf, regression, sec-high |
1620818 | Core | DOM: Navigation | RESO |
Address |
--- | --- | --- | csectype-uaf, sec-critical, testcase-wanted | |
1666285 | Core | Graphics: Canvas2D | RESO |
Address |
--- | --- | --- | [sec-survey][adv-main85+r][adv-esr78.7+r] | crash, csectype-wildptr, sec-high, testcase-wanted |
1827655 | Core | DOM: Navigation | RESO |
Crash in [@ ns |
--- | --- | --- | [adv-main114+r][adv-esr102.12+r] | crash, csectype-sandbox-escape, csectype-uaf, sec-high |
1631597 | NSS | Libraries | RESO | side channel vulnerabilities during RSA key generation | --- | --- | --- | [sec-moderate for Firefox][disclosure date 2020-06-30][RedHat INC1266675][sec-survey][post-critsmash-triage][adv-main78+] | csectype-disclosure, sec-high |
1493497 | Core | Graphics: CanvasWebG | RESO | Crash in gl::Framebuffer::Framebuffer | --- | --- | --- | [post-critsmash-triage][adv-main65+] | crash, csectype-uaf, regression, sec-high |
1532525 | Core | Graphics: CanvasWebG | RESO |
could be trigger oom problem with Web |
--- | --- | --- | [adv-main67+][adv-esr60.7+] | csectype-intoverflow, sec-high |
1434384 | Core | JavaScript Engine | RESO |
Address |
--- | --- | --- | [adv-main59+][adv-esr52.7+] | crash, csectype-sandbox-escape, regression, sec-high, testcase |
1442722 | Core | JavaScript Engine | RESO |
Assertion failure: point |
--- | --- | --- | [adv-main61+][adv-esr52.9+][adv-esr60.1+][post-critsmash-triage] | assertion, csectype-priv-escalation, csectype-sandbox-escape, sec-high, testcase |
1470921 | Core | JavaScript Engine | RESO |
Crash [@ Assert |
--- | --- | --- | [jsbugmon:][post-cristsmash-triage] | bugmon, crash, regression, sec-high, testcase |
1487167 | Core | DOM: Core & HTML | RESO | Rooting hazards, Aug 2018 edition | --- | --- | --- | [post-critsmash-triage][adv-main63+] | csectype-uaf, sec-high |
1556430 | Core | JavaScript: GC | RESO |
Intermittent SUMMARY: Address |
--- | --- | --- | [post-critsmash-triage] | csectype-uaf, intermittent-failure, regression, sec-high |
1583684 | Core | DOM: Core & HTML | RESO | Rooting hazards revealed by fixing JS::Value problem | --- | --- | --- | [adv-main70+][adv-main70+r][adv-esr68.2+][adv-esr68.2+r][post-critsmash-triage] | csectype-uaf, sec-critical |
1645415 | Core | JavaScript: GC | RESO |
SUMMARY: Address |
--- | --- | --- | [sec-survey][post-critsmash-triage] | csectype-uaf, intermittent-failure, regression, sec-high |
1667912 | Core | JavaScript: GC | RESO | Nonincremental weakmap marking incorrectly splits up Zones | --- | --- | --- | [sec-survey][adv-main83+r][adv-esr78.5+r] | csectype-uaf, regression, sec-high |
1715471 | Core | JavaScript: GC | RESO |
Assertion failure: !detail::Cell |
--- | --- | --- | [sec-survey] | assertion, regression, sec-high, testcase |
1736046 | Core | DOM: postMessage | RESO |
Assertion failure: data |
--- | --- | --- | [sec-survey][adv-main95+r][adv-ESR91.4.0+r] | assertion, sec-high, testcase |
1739366 | Core | IPC | RESO |
Assertion failure: token |
--- | --- | --- | [sec-survey][post-critsmash-triage][adv-main96+r][adv-ESR91.5+r] | assertion, csectype-bounds, csectype-sandbox-escape, sec-high, testcase |
1375146 | Core | DOM: Events | RESO |
heap-use-after-free in [@ mozilla::dom::Tab |
--- | --- | --- | [no-nag][adv-main57+][adv-esr52.5+][post-critsmash-triage] | crash, csectype-uaf, sec-high, testcase-wanted |
1408157 | Core | DOM: Events | RESO |
Crash in xul |
--- | --- | --- | [post-critsmash-triage] | crash, csectype-wildptr, regression, sec-critical |
1811637 | Core | Widget: Gtk | RESO |
Use-after-free crash in [@ g |
--- | --- | --- | [adv-main111+r][adv-esr102.9+r] | crash, csectype-uaf, regression, sec-high |
1259473 | Core | Audio/Video: Playbac | RESO |
[e10s] new crash with e10s enabled in Media |
--- | --- | --- | [post-critsmash-triage] | csectype-uaf, sec-high |
1315631 | Core | Audio/Video: Playbac | RESO |
xul |
--- | --- | --- | [adv-main50.1+][adv-esr45.6+] | assertion, crash, csectype-uaf, regression, sec-high |
1329403 | Core | Audio/Video: Playbac | RESO |
Base |
--- | --- | --- | [adv-main51+][adv-esr45.7+] | crash, csectype-uaf, sec-high, testcase |
1333576 | Core | Audio/Video: Playbac | RESO |
Crash in mozilla::Media |
--- | --- | --- | [post-critsmash-triage] | crash, csectype-uaf, sec-high |
1371982 | Core | XPCOM | RESO |
Intermittent Address |
--- | --- | --- | [adv-main55+][post-critsmash-triage] | csectype-uaf, intermittent-failure, regression, sec-critical |
1415441 | Core | Audio/Video: Playbac | RESO |
Crash in mozilla::detail::log |
--- | --- | --- | crash, csectype-uaf, csectype-wildptr, sec-high | |
1415788 | Core | Audio/Video: Playbac | RESO |
Crash in mozilla::dom::HTMLMedia |
--- | --- | --- | [clouseau][adv-main58+][post-critsmash-triage] | crash, csectype-wildptr, regression, sec-critical |
1367727 | Core | JavaScript Engine | RESO |
Crash in js::gc::Atom |
--- | --- | --- | [adv-main60+] | crash, csectype-uaf, regression, sec-high |
1384544 | Core | JavaScript Engine | RESO |
Crash in New |
--- | --- | --- | [adv-main58+][post-critsmash-triage] | crash, csectype-wildptr, leave-open, regression, sec-critical |
1409179 | Core | JavaScript Engine | RESO |
Crash in js::Interpreter |
--- | --- | --- | [adv-main58+][post-critsmash-triage] | crash, csectype-uaf, regression, sec-high |
1415748 | Core | JavaScript Engine | RESO |
Crash in js::Interpreter |
--- | --- | --- | [adv-main58+][post-critsmash-triage] | crash, csectype-uaf, sec-high |
1480521 | Core | JavaScript: GC | RESO | js::Shape is not Compacting-GC-safe (32-bit builds) | --- | --- | --- | [adv-main62+][adv-esr60.2+][post-cristsmash-triage] | regression, sec-critical |
1514682 | Core | JavaScript Engine: J | RESO |
Assertion failure: obj->is<Plain |
--- | --- | --- | [jsbugmon:update,origRev=edf1f05e9d00,testComment=2][post-critsmash-triage][adv-main66+][adv-esr60.6+] | sec-high |
1541580 | Core | JavaScript Engine | RESO |
OOM during Proxy |
--- | --- | --- | [adv-main67+][adv-esr60.7+] | csectype-uninitialized, regression, sec-high |
1548044 | Core | JavaScript Engine: J | RESO |
OOM in Auto |
--- | --- | --- | [post-critsmash-triage][adv-main70+][adv-main70+r][adv-esr68.2+][adv-esr68.2+r] | sec-high |
1631508 | Core | JavaScript Engine: J | RESO |
Fix Ion |
--- | --- | --- | [post-critsmash-triage][adv-main76+r][adv-ESR68.8+r] | csectype-jit, sec-critical |
1673567 | Core | JavaScript Engine | RESO |
UAF Crash in [@ js::Global |
--- | --- | --- | [adv-main84+r][sec-survey] | crash, csectype-uaf, regression, sec-high |
1821959 | Core | JavaScript Engine | RESO |
MOZ |
--- | --- | --- | [reporter-external] [client-bounty-form] [verif?][post-critsmash-triage][adv-main112+][adv-esr102.10+] | csectype-uaf, sec-high |
1305208 | Firefox for iOS | Reader View | RESO |
Background application can steal arbitrary web contents t |
--- | --- | --- | [MobileAS] | csectype-sop, sec-high |
1318897 | Focus-iOS | General | RESO | Address bar shows userinfo field of URI | --- | --- | --- | [MobileAS] | csectype-spoof, sec-high |
1538008 | Firefox | Sync | RESO |
[ ZDI-CAN-8375] UXSS priv-esc via sync (install arbitrary |
--- | --- | --- | [adv-main69+][adv-esr68.1+][adv-esr60.9+][do not publish until Bug 1538015 is shipped.] | csectype-priv-escalation, csectype-sandbox-escape, sec-high |
1315837 | Core | DOM: Core & HTML | RESO |
Crash in mozilla::dom::Element::Update |
--- | --- | --- | crash, csectype-uaf, regression, reproducible, sec-high, topcrash | |
1318998 | Core | DOM: Core & HTML | RESO |
Crash in mozilla::dom::Element::Unregister |
--- | --- | --- | [post-critsmash-triage] | crash, csectype-uaf, sec-high |
1416529 | Core | Networking: HTTP | RESO |
Address |
--- | --- | --- | [necko-triaged][post-critsmash-triage][adv-main59+][adv-esr52.7+] | csectype-uaf, sec-high |
1433609 | Core | Networking | RESO |
IPC: global-buffer-overflow crash [@ns |
--- | --- | --- | [necko-triaged][adv-main60+][adv-esr52.8+] | crash, csectype-bounds, sec-high |
1456975 | Core | Networking | RESO |
Segfault - buffer overflow / arbitrary memory read in IPC |
--- | --- | --- | [necko-triaged][adv-main61+][adv-esr52.9+][adv-esr60.1+][post-critsmash-triage] | csectype-bounds, csectype-sandbox-escape, sec-high |
1586630 | Core | Networking: Cache | RESO | Appcache fallback can be corrupted allowing manifests to ... | --- | --- | --- | [necko-triaged][post-critsmash-triage][sec-survey][adv-main78+] | sec-high |
1625749 | Core | Networking: HTTP | RESO |
Crash in [@ mozilla::Sliced |
--- | --- | --- | [necko-triaged][post-critsmash-triage][adv-main76+r][adv-ESR68.8+r] | crash, csectype-uaf, regression, sec-high |
1665836 | Core | Networking: Cache | RESO | Intermittent PROCESS-CRASH | damp | application crashed [... | --- | --- | --- | [sec-survey][post-critsmash-triage][adv-main90+r] | crash, csectype-uaf, intermittent-failure, sec-high |
1675540 | Core | Networking: HTTP | RESO |
Crash in [@ mozilla::net::ns |
--- | --- | --- | [necko-triaged][sec-survey][adv-main87-] | crash, csectype-uaf, sec-high |
1700895 | Core | Networking: HTTP | RESO |
Crash in [@ mozilla::net::ns |
--- | --- | --- | [necko-triaged][sec-survey][adv-main90+r][adv-esr78.12+r] | crash, csectype-uaf, sec-high |
1742334 | Core | Networking: HTTP | RESO |
Use-after-free of Channel |
--- | --- | --- | [reporter-external] [client-bounty-form][necko-triaged][sec-survey][adv-main96+][adv-ESR91.5+][post-critsmash-triage] | csectype-uaf, sec-high |
1810536 | Core | Networking: HTTP | RESO | Crashes in Http/3 code | --- | --- | --- | [necko-triaged] [necko-priority-queue][adv-main110+r][adv-esr102.8+r] | csectype-uaf, sec-high |
1818357 | Core | Networking | RESO |
heap-use-after-free in [@ mozilla::net::ns |
--- | --- | --- | [necko-triaged] [necko-priority-queue][adv-main112+r][adv-esr102.10+r] | csectype-race, sec-high |
1479656 | Core | Audio/Video: GMP | RESO |
Open |
--- | --- | --- | crash, csectype-bounds, sec-high, testcase | |
1700610 | Core | JavaScript: WebAssem | RESO |
Assertion failure: size |
--- | --- | --- | [sec-survey] | assertion, csectype-bounds, regression, sec-high, testcase |
1766806 | Core | JavaScript: WebAssem | RESO |
Assertion failure: *def->output() == alloc, at jit/Regist |
--- | --- | --- | [post-critsmash-triage][adv-main101+][adv-esr91.10+] | regression, sec-high, testcase |
1866545 | Core | JavaScript: WebAssem | RESO | Crash [@ ??] with wasm module on 32-bit | --- | --- | --- | [bugmon:update,bisect] | crash, regression, sec-high, testcase |
1498784 | Core | DOM: Core & HTML | RESO |
Crash in mozilla::ipc::Optional |
--- | --- | --- | crash, csectype-uaf, regression, sec-high | |
1675097 | Core | DOM: Service Workers | RESO |
heap-use-after-free while running Client |
--- | --- | --- | [sec-survey][adv-main85+r][adv-esr78.7+r] | crash, csectype-uaf, sec-high |
1682928 | Core | DOM: Workers | RESO |
Thread |
--- | --- | --- | [sec-survey][adv-main86+r][adv-esr78.8+r] | csectype-race, sec-high |
1686334 | Core | DOM: Navigation | RESO |
Rejecting page load in on |
--- | --- | --- | [fixed by bug 1735613][sec-survey] | sec-high |
1824803 | Core | DOM: Workers | RESO | Use-after-free crash in [@ mozilla::dom::workerinternals:... | --- | --- | --- | [adv-main113+r] | crash, csectype-uaf, regression, sec-high |
1833503 | Core | DOM: Workers | RESO |
Crash in [@ mozilla::dom::Thread |
--- | --- | --- | [adv-main115+r] | crash, csectype-uaf, regression, sec-high |
1408987 | Core | Audio/Video: Playbac | RESO |
Intermittent SUMMARY: Address |
--- | --- | --- | csectype-race, csectype-uaf, intermittent-failure, regression, sec-high |
REST |
CSV |
Feed |
iCalendar
Change Columns |
Edit Search |