416628
|
|
O(n^2) blowup due to overlong cx->tempPool arena list
|
Core
|
JavaScript Engine
|
brendan
|
RESO
|
FIXE
|
2008-05-07
|
306534
|
|
[FIX]###!!! ASSERTION: Float frame has wrong parent: 'floatFrame->GetParent() == mBlock', file nsBlockReflowState.cpp, line 835
|
Core
|
Layout: Block and In
|
bzbarsky
|
RESO
|
FIXE
|
2008-03-12
|
413250
|
|
chrome directory traversal (local disk access via "flat" addons)
|
Core
|
General
|
dveditz
|
RESO
|
FIXE
|
2009-06-16
|
406686
|
|
I can still steal your bank login (spoofing using <xul:popup>, take 2)
|
Core
|
General
|
enndeakin
|
RESO
|
FIXE
|
2008-03-28
|
411092
|
|
XPCNativeWrapper pollution using setTimeout()
|
Core
|
XPConnect
|
mrbkap
|
RESO
|
FIXE
|
2008-03-25
|
411093
|
|
XPCNativeWrapper pollution using Function constructor
|
Core
|
XPConnect
|
mrbkap
|
RESO
|
FIXE
|
2008-03-26
|
390813
|
|
Overlay scripts compiled using principal of first document sourcing overlay
|
Core
|
XUL
|
smaug
|
RESO
|
FIXE
|
2008-07-31
|
336303
|
|
[FIX]nsPrincipal::GetOrigin should dig into nested URIs
|
Core
|
Security
|
bzbarsky
|
RESO
|
FIXE
|
2008-03-25
|
295922
|
|
Client Auth "select cert automatically" is considered a privacy issue
|
Core Graveyard
|
Security: UI
|
dveditz
|
RESO
|
FIXE
|
2016-09-27
|
402995
|
|
jar: protocol content can use LiveConnect to connect to arbitrary ports on localhost
|
Core
|
Security
|
dveditz
|
RESO
|
FIXE
|
2008-10-22
|
415034
|
|
Referer spoofing by including '@' in URL
|
Core
|
Networking: HTTP
|
dveditz
|
RESO
|
FIXE
|
2008-04-16
|
415496
|
|
bad userpass URL parsing leads to addon install spoofing
|
Core
|
Networking
|
dveditz
|
RESO
|
FIXE
|
2008-03-25
|
417086
|
|
Use of colon (:) in hash/anchor part of chrome URL when using window.open results in an error.
|
Firefox
|
General
|
dveditz
|
RESO
|
FIXE
|
2008-03-22
|
411025
|
|
GC hazard in JS_CompileUCFunctionForPrincipals
|
Core
|
JavaScript Engine
|
igor
|
RESO
|
FIXE
|
2008-04-17
|
403078
|
|
Upgrade NSIS on the 1.8 Win32 tinderboxen to version 2.22
|
Webtools Graveyard
|
Tinderbox
|
john+bugzilla
|
RESO
|
FIXE
|
2014-06-16
|
390261
|
|
document.adoptNode() throws NOT_IMPLEMENTED in Gecko 1.8
|
Core
|
DOM: Core & HTML
|
peterv
|
RESO
|
FIXE
|
2008-07-31
|
415700
|
|
Search engine aliases can "take over" the location bar
|
Firefox
|
Search
|
rflint
|
RESO
|
FIXE
|
2008-05-07
|
403167
|
|
XSS by using XMLDocument.load() and event handler
|
Core
|
DOM: Core & HTML
|
smaug
|
RESO
|
FIXE
|
2019-03-13
|
403168
|
|
XSS by using XMLHttpRequest and event handler
|
Core
|
DOM: Core & HTML
|
smaug
|
RESO
|
FIXE
|
2019-03-13
|
416896
|
|
[FIX]2.0.0.12 causes <a> elements not to be recognised when inspected in firebug
|
Core
|
CSS Parsing and Comp
|
bzbarsky
|
RESO
|
FIXE
|
2008-03-17
|
409349
|
|
Can get globalStorage objects for partial IP addresses
|
Core
|
DOM: Core & HTML
|
honzab.moz
|
RESO
|
FIXE
|
2019-03-13
|
381081
|
|
include en-US in shipped-locales
|
Firefox Build System
|
General
|
nrthomas
|
RESO
|
FIXE
|
2018-11-26
|
416282
|
|
Seamonkey/xpfe needs patch for bug 376473
|
SeaMonkey
|
General
|
bugzilla
|
RESO
|
FIXE
|
2008-03-14
|
375745
|
|
Unsubscribing from feeds still shows in list until manager is closed
|
MailNews Core
|
Feed Reader
|
bugzilla.mozilla.org-3
|
RESO
|
FIXE
|
2009-05-05
|
332807
|
|
document.open() in a xbl constructor
|
Core
|
XBL
|
bzbarsky
|
RESO
|
FIXE
|
2008-09-29
|
386376
|
|
Impossible to implement a content sniffer in JS due to recursive GetService calls (nsIContentSniffer, JavaScript)
|
Core
|
Networking: HTTP
|
cbiesinger
|
RESO
|
FIXE
|
2008-03-14
|
415116
|
|
Chrome urls not "skin" or "locale" are assumed to be "content"
|
Core
|
General
|
dveditz
|
RESO
|
FIXE
|
2008-03-24
|
415401
|
|
Arbitrary Referer Spoofing with Empty Username
|
Core
|
Networking: HTTP
|
dveditz
|
RESO
|
FIXE
|
2010-06-08
|
415500
|
|
bad userpass URL parsing leads to HelperApp dialog spoofing
|
Firefox
|
File Handling
|
dveditz
|
RESO
|
FIXE
|
2008-04-01
|
421840
|
|
land attachment 308078 on trunk to fix regressions from 415034
|
Core
|
Networking
|
dveditz
|
RESO
|
FIXE
|
2008-03-17
|
417377
|
|
Missed SAVE_SP_AND_PC in JSOP_YIELD
|
Core
|
JavaScript Engine
|
igor
|
RESO
|
FIXE
|
2008-03-25
|
409796
|
|
No pictures shown in saved file (file name and folder name, containing that file, is in cyrillic)
|
Core Graveyard
|
File Handling
|
ivanov
|
RESO
|
FIXE
|
2016-06-22
|
399589
|
|
PSM + tip of NSS, error ‘SECAlgorithmIDTemplate’ not declared
|
Core
|
Security: PSM
|
kaie
|
RESO
|
FIXE
|
2008-02-28
|
416202
|
|
1.8 branch only: Upgrade to NSS_3_11_5_WITH_CKBI_1_65_RTM
|
Core
|
Security: PSM
|
kaie
|
RESO
|
FIXE
|
2023-12-11
|
422411
|
|
Update SeaMonkey version number on GECKO181_20080311_RELBRANCH
|
SeaMonkey
|
Build Config
|
kairo
|
RESO
|
FIXE
|
2008-03-13
|
415135
|
|
Slow/Hang/lock-up on long From lines in header with high cpu
|
MailNews Core
|
MIME
|
mnyromyr
|
RESO
|
FIXE
|
2008-07-31
|
363891
|
|
Indirect use of eval can run code with the wrong principal.
|
Core
|
JavaScript Engine
|
mrbkap
|
RESO
|
FIXE
|
2013-03-26
|
390859
|
|
AJAX site does not work properly, works in IE
|
Core
|
General
|
mrbkap
|
RESO
|
FIXE
|
2008-03-14
|
397188
|
|
FCK Editor no longer working on Firefox trunk
|
Core
|
JavaScript Engine
|
mrbkap
|
RESO
|
FIXE
|
2008-03-14
|
414749
|
|
nsJSUtils::GetCallingLocation doesn't deal with null principals well
|
Core
|
DOM: Core & HTML
|
mrbkap
|
RESO
|
FIXE
|
2019-03-13
|
415030
|
|
Security check in js_ValueToFunctionObject uses the wrong principal
|
Core
|
JavaScript Engine
|
mrbkap
|
RESO
|
FIXE
|
2013-03-26
|
411572
|
|
Unnamed attachments reveal full local paths when forwarded inline or edited as new
|
MailNews Core
|
Attachments
|
rsx11m.pub
|
RESO
|
FIXE
|
2008-07-31
|
405783
|
|
Midas crashes [@ GetNearestCapturingView] when iframe style is changed during editing
|
Core
|
DOM: UI Events & Foc
|
smaug
|
RESO
|
FIXE
|
2019-03-13
|
419116
|
|
Sending mail through SMTP server that doesn't require user:pass fails
|
MailNews Core
|
Composition
|
standard8
|
RESO
|
FIXE
|
2014-01-01
|
416354
|
|
Missing SAVE_SP_AND_PC in JSOP_NEG
|
Core
|
JavaScript Engine
|
igor
|
VERI
|
FIXE
|
2008-03-29
|
416705
|
|
throw from xml filter leaves pending block objects unput
|
Core
|
JavaScript Engine
|
igor
|
VERI
|
FIXE
|
2008-04-21
|
387390
|
|
The fix for bug 384750 can be circumvented
|
Core
|
Security
|
mrbkap
|
VERI
|
FIXE
|
2008-03-26
|
345529
|
|
crash removing an observer during an nsPref:changed notification [@ pref_DoCallback] (node is 0xdddddddd)
|
Core
|
Preferences: Backend
|
asqueella
|
VERI
|
FIXE
|
2008-03-26
|
417780
|
|
content-disposition with filename containing "./" attempts to create temporary file called "/tmp"
|
Firefox
|
File Handling
|
dveditz
|
VERI
|
FIXE
|
2008-04-16
|
412926
|
|
JS_ValueToId(cx, JSVAL_NULL) should return atom for 'null' string
|
Core
|
JavaScript Engine
|
igor
|
VERI
|
FIXE
|
2008-03-29
|
417617
|
|
DOMParser.parseFromString in Greasemonkey script causes "ASSERTION: Should have inner window here!"
|
Core
|
DOM: Core & HTML
|
smaug
|
VERI
|
FIXE
|
2019-03-13
|
419718
|
|
Crash if <CANVAS> destroyed but drawing context kept
|
Core
|
Graphics: Canvas2D
|
vladimir
|
VERI
|
FIXE
|
2013-08-25
|
417421
|
|
Loss of back forward buttons when switching between 1.8 and 1.9
|
Firefox
|
Toolbars and Customi
|
dao+bmo
|
VERI
|
FIXE
|
2008-05-13
|
416463
|
|
Mozilla 1.8 fails to compile with gcc 4.3
|
Core
|
XPCOM
|
benjamin
|
VERI
|
FIXE
|
2008-05-22
|
357172
|
|
mail invitation text garbled (VCALENDAR not recognized as UTF-8)
|
MailNews Core
|
MIME
|
bugzilla.mozilla.org-3
|
VERI
|
FIXE
|
2008-07-31
|
393432
|
|
Firefox crashes sometimes if you click the back button on www.userfriendly.org [@ DummyParserRequest::Cancel 334d84da]
|
Core
|
DOM: HTML Parser
|
colin
|
VERI
|
FIXE
|
2011-06-09
|
415191
|
|
Check in rdf/chrome version of bug 413250
|
Core
|
General
|
dveditz
|
VERI
|
FIXE
|
2008-03-25
|
384871
|
|
[1.8 branch] Crash [@ DocumentViewerImpl::Destroy] with popup as root element, setting autoPosition and reloading
|
Core
|
Layout
|
enndeakin
|
VERI
|
FIXE
|
2011-06-13
|
416329
|
|
Correct Ria Klaassen's name in "Credits"
|
Firefox
|
General
|
gavin.sharp
|
VERI
|
FIXE
|
2008-03-12
|
414755
|
|
Missing SAVE_SP_AND_PC in STORE_(NUMBER|INT|UINT)
|
Core
|
JavaScript Engine
|
igor
|
VERI
|
FIXE
|
2008-03-29
|
420880
|
|
Assertion failure: fp, in jsobj.c
|
Core
|
JavaScript Engine
|
igor
|
VERI
|
FIXE
|
2008-03-25
|
382509
|
|
Disallow indirect eval
|
Core
|
JavaScript Engine
|
mrbkap
|
VERI
|
FIXE
|
2010-09-01
|
383381
|
|
docs.google.com depends on indirect eval
|
Core
|
JavaScript Engine
|
mrbkap
|
VERI
|
FIXE
|
2008-04-09
|
383682
|
|
eval is too dynamic (js1_5/Regress/regress-68498-003.js)
|
Core
|
JavaScript Engine
|
mrbkap
|
VERI
|
FIXE
|
2016-05-11
|
384750
|
|
Arbitrary code execution by polluting implicit XPCNativeWrapper (without using eval)
|
Core
|
DOM: Core & HTML
|
mrbkap
|
VERI
|
FIXE
|
2019-03-13
|
387084
|
|
"View Page Info" is broken
|
Firefox
|
Page Info Window
|
mrbkap
|
VERI
|
FIXE
|
2008-04-09
|
415827
|
|
Crash when zooming
|
Core
|
Layout
|
roc
|
VERI
|
FIXE
|
2008-04-03
|
414856
|
|
Firefox 2.0.0.12 RC1 breaks Stylish with "TypeError: stylesheet has no properties"
|
Core
|
XML
|
smaug
|
VERI
|
FIXE
|
2008-03-17
|