| 864023
|
|
ASAN builds crashing on startup
|
Core
|
General
|
nobody
|
REOP
|
---
|
2022-10-10
|
| 880193
|
|
ASan: alloc-dealloc-mismatch (malloc vs operator delete) in gfx/skia vs. gfx/2d
|
Core
|
Graphics
|
nobody
|
REOP
|
---
|
2022-10-10
|
| 1018358
|
|
UAF [@ mozilla::WebGLContext::UpdateContextLossStatus] with webgl.disabled
|
Core
|
Graphics: CanvasWebG
|
demo99
|
RESO
|
WORK
|
2023-06-25
|
| 810626
|
|
WebRTC use-after-free crash [@ mozilla::TransportLayer::SetState]
|
Core
|
WebRTC
|
ekr
|
RESO
|
FIXE
|
2016-12-01
|
| 820990
|
|
WebRTC use-after-free crash [@mozilla::NrIceCtx::EmitAllCandidates]
|
Core
|
WebRTC: Networking
|
ekr
|
RESO
|
FIXE
|
2013-11-25
|
| 824893
|
|
Heap-use-after-free in nr_ice_peer_ctx_fire_done
|
Core
|
WebRTC: Networking
|
ekr
|
RESO
|
WORK
|
2017-10-26
|
| 933582
|
|
Heap-buffer-overflow WRITE in nsSVGTextFrame2::ResolvePositions
|
Core
|
SVG
|
nobody
|
RESO
|
DUPL
|
2016-10-11
|
| 808546
|
|
WebRTC crash [@nsDOMMediaStream::GetStream]
|
Core
|
WebRTC: Audio/Video
|
rjesup
|
RESO
|
FIXE
|
2014-11-19
|
| 866525
|
|
ASan: Several tests cause use-after-poison [@ port_ArenaZeroAfterMark] through ASN1 decoder in NSS
|
NSS
|
Libraries
|
wtc
|
RESO
|
FIXE
|
2013-11-04
|
| 793863
|
|
Signaling code: crash in fsmdef_release
|
Core
|
WebRTC: Signaling
|
ethanhugg
|
RESO
|
FIXE
|
2012-12-08
|
| 801227
|
|
WebRTC crash [@mozilla::MediaManager::GetUserMedia]
|
Core
|
WebRTC
|
rjesup
|
RESO
|
FIXE
|
2014-11-19
|
| 834761
|
|
ASan Nightly builds failing "sendchange"
|
Release Engineering
|
General
|
catlee
|
RESO
|
FIXE
|
2018-05-08
|
| 748423
|
|
LDFLAGS should be honored when building NSS dylibs on Mac
|
NSS
|
Build
|
nobody
|
RESO
|
FIXE
|
2023-11-06
|
| 942794
|
|
global buffer overflow (read) at nsFloatManager::GetFlowArea, preceded by ###!!! ABORT: bad state: 'floatCount <= mFloats.Length()
|
Core
|
Layout: Floats
|
nobody
|
RESO
|
WORK
|
2022-11-05
|
| 798802
|
|
mixing webgl and 2d context causes crashes
|
Core
|
Graphics: Canvas2D
|
ajones
|
RESO
|
FIXE
|
2013-04-18
|
| 885539
|
|
Heap-use-after-free in nsTArray_base<nsTArrayInfallibleAllocator, nsTArray_CopyElements<mozilla::dom::HTMLImageElement*> >::Hdr()
|
Core
|
DOM: Core & HTML
|
amarchesini
|
RESO
|
FIXE
|
2014-07-24
|
| 1140804
|
|
Use After Free in WorkerPrivate::NotifyFeatures()
|
Core
|
DOM: Workers
|
amarchesini
|
RESO
|
FIXE
|
2017-03-29
|
| 1166924
|
|
Use After Free in CanonicalizeXPCOMParticipant
|
Core
|
DOM: Workers
|
amarchesini
|
RESO
|
FIXE
|
2017-03-29
|
| 1360992
|
|
AddressSanitizer: attempting double-free on 0x603000211990 in thread T33 (DOM Worker)
|
Core
|
DOM: Workers
|
amarchesini
|
RESO
|
FIXE
|
2017-05-09
|
| 788950
|
|
Heap-use-after-free in nsTextEditRules::WillInsert
|
Core
|
DOM: Editor
|
ayg
|
RESO
|
FIXE
|
2014-07-24
|
| 795708
|
|
Heap-use-after-free in nsEditor::FindNextLeafNode
|
Core
|
DOM: Editor
|
ayg
|
RESO
|
FIXE
|
2014-07-24
|
| 795804
|
|
Heap-use-after-free in nsTextEditorState::PrepareEditor
|
Core
|
DOM: Editor
|
ayg
|
RESO
|
FIXE
|
2014-07-24
|
| 805287
|
|
Heap-use-after-free in nsTextEditorState::PrepareEditor
|
Core
|
DOM: Editor
|
ayg
|
RESO
|
FIXE
|
2014-07-24
|
| 999274
|
|
Heap-use-after-free in mozilla::dom::workers::WorkerPrivateParent
|
Core
|
DOM: Workers
|
bent.mozilla
|
RESO
|
FIXE
|
2015-08-30
|
| 752221
|
|
Crash in XPCNativeScriptableInfo::GetFlags()
|
Core
|
DOM: Core & HTML
|
bholley
|
RESO
|
WORK
|
2019-03-13
|
| 786142
|
|
Heap-use-after-free in XPCWrappedNative::Mark
|
Core
|
XPConnect
|
bholley
|
RESO
|
FIXE
|
2014-07-24
|
| 789766
|
|
Heap-use-after-free in XPCWrappedNativeProto::GetScope
|
Core
|
XPConnect
|
bholley
|
RESO
|
WORK
|
2015-08-07
|
| 832646
|
|
Crash on invalid address in CalculateUTF8Size::write
|
Core
|
DOM: Core & HTML
|
bholley
|
RESO
|
FIXE
|
2019-03-13
|
| 832986
|
|
SEGV in CalculateUTF8Size::write
|
Core
|
DOM: Core & HTML
|
bholley
|
RESO
|
FIXE
|
2019-03-13
|
| 843923
|
|
ASAN: js/xpconnect/tests/unit/test_bug608142.js triggers heap-use-after-free error
|
Core
|
XPConnect
|
bholley
|
RESO
|
FIXE
|
2014-11-19
|
| 883301
|
|
ASAN use-after-free in JS_GetGlobalForScopeChain #2
|
Core
|
DOM: Core & HTML
|
bholley
|
RESO
|
DUPL
|
2019-03-13
|
| 886174
|
|
ASAN use-after-free in JS_GetGlobalForScopeChain #3
|
Core
|
DOM: Core & HTML
|
bholley
|
RESO
|
DUPL
|
2019-03-13
|
| 752902
|
|
Heap-use-after-free in nsSMILTimeValueSpec::IsEventBased
|
Core
|
SVG
|
brian
|
RESO
|
FIXE
|
2016-12-01
|
| 775852
|
|
use after free, webgl fragment shader deleted by accessor
|
Core
|
DOM: Core & HTML
|
bzbarsky
|
RESO
|
FIXE
|
2019-03-13
|
| 851781
|
|
Heap-use-after-free in nsContentUtils::RemoveScriptBlocker
|
Core
|
DOM: Core & HTML
|
bzbarsky
|
RESO
|
FIXE
|
2019-03-13
|
| 1191492
|
|
AddressSanitizer: heap-buffer-overflow during incremental GC
|
Core
|
JavaScript: GC
|
bzbarsky
|
RESO
|
FIXE
|
2020-02-28
|
| 1092363
|
|
Heap-buffer-overflow in nsTransformedTextRun::SetCapitalization
|
Core
|
CSS Parsing and Comp
|
cam
|
RESO
|
FIXE
|
2016-06-04
|
| 709483
|
|
Off-by-one in dom/base/nsDOMClassInfo.cpp
|
Core
|
DOM: Core & HTML
|
choller
|
RESO
|
FIXE
|
2019-03-13
|
| 709580
|
|
Out of bounds access in GfxInfoBase::GetFeatureStatusImpl
|
Core
|
Graphics
|
choller
|
RESO
|
DUPL
|
2011-12-28
|
| 741258
|
|
ASAN: unresolved symbols in libnssutil3.dylib
|
Core
|
Security
|
choller
|
RESO
|
FIXE
|
2012-04-30
|
| 746951
|
|
Avoid inlining js::MarkRangeConservatively with AddressSanitizer builds
|
Core
|
JavaScript Engine
|
choller
|
RESO
|
FIXE
|
2012-04-21
|
| 748727
|
|
Include AddressSanitizer blacklist file into the tree
|
Firefox Build System
|
General
|
choller
|
RESO
|
FIXE
|
2020-02-28
|
| 749588
|
|
jit_test.py address space limiting is incompatible to AddressSanitizer
|
Core
|
JavaScript Engine
|
choller
|
RESO
|
FIXE
|
2012-05-08
|
| 751412
|
|
Invalid stack memory access in double_conversion::StringBuilder::AddSubstring
|
Core
|
MFBT
|
choller
|
RESO
|
FIXE
|
2012-05-05
|
| 776556
|
|
Code Signing breaks ASan OSX builds
|
Firefox Build System
|
General
|
choller
|
RESO
|
FIXE
|
2018-03-02
|
| 782336
|
|
use after free in gfxTextRun::GetAdvanceWidth
|
Core
|
Graphics: Text
|
choller
|
RESO
|
WORK
|
2017-10-26
|
| 787916
|
|
ASan: mochitest-1 is extremely slow on try but not locally
|
Release Engineering
|
General
|
choller
|
RESO
|
FIXE
|
2013-08-12
|
| 797900
|
|
Disable certain crashtests under AddressSanitizer
|
Testing
|
Reftest
|
choller
|
RESO
|
FIXE
|
2013-01-22
|
| 832989
|
|
Disable TestPoisonArea test under ASan due to incompatibility
|
Core
|
Layout
|
choller
|
RESO
|
FIXE
|
2013-01-22
|
| 833018
|
|
ASan: Enable memory-saving options for tests when running on test slaves
|
Release Engineering
|
General
|
choller
|
RESO
|
FIXE
|
2013-08-12
|
| 857189
|
|
AddressSanitizer's SIGSEGV handler is incompatible with asm.js
|
Core
|
JavaScript Engine
|
choller
|
RESO
|
FIXE
|
2013-05-15
|
| 874527
|
|
Disable certain XUL crashtests under AddressSanitizer
|
Testing
|
Reftest
|
choller
|
RESO
|
WONT
|
2014-06-04
|
| 898484
|
|
ASan build bustage due to libstdc++ problems (GLIBCXX_3.4.14/15 referenced)
|
Firefox Build System
|
General
|
choller
|
RESO
|
FIXE
|
2018-03-02
|
| 902132
|
|
Disable some WebGL tests under ASan
|
Core
|
Graphics: CanvasWebG
|
choller
|
RESO
|
FIXE
|
2013-08-15
|
| 902157
|
|
ASAN: Add another memory-saving option for test slaves with 2-4 GB memory
|
Release Engineering
|
General
|
choller
|
RESO
|
FIXE
|
2018-05-08
|
| 905636
|
|
ASAN: Mark test_multipart_streamconv_missing_lead_boundary.js as failing
|
Core
|
Networking
|
choller
|
RESO
|
FIXE
|
2013-08-17
|
| 784600
|
|
Heap-use-after-free in nsIFrame::GetStyleContext
|
Core
|
Layout
|
chris
|
RESO
|
FIXE
|
2016-12-01
|
| 750820
|
|
Use-after-free in nsGlobalWindow::PageHidden
|
Core
|
DOM: Core & HTML
|
continuation
|
RESO
|
FIXE
|
2019-03-13
|
| 757023
|
|
Heap-use-after-free in XPCNativeScriptableInfo::Mark()
|
Core
|
XPConnect
|
continuation
|
RESO
|
DUPL
|
2012-09-23
|
| 765011
|
|
Global-buffer-overflow in XPCWrappedNativeProto::GetScriptableInfo
|
Core
|
XPConnect
|
continuation
|
RESO
|
DUPL
|
2012-09-23
|
| 776213
|
|
Heap-use-after-free in nsHTMLSelectElement::SubmitNamesValues
|
Core
|
DOM: Core & HTML
|
continuation
|
RESO
|
FIXE
|
2016-12-01
|
| 780979
|
|
Out-of-bounds-read in CharDistributionAnalysis::HandleOneChar
|
Core
|
Internationalization
|
continuation
|
RESO
|
FIXE
|
2013-04-30
|
| 801957
|
|
Heap-use-after-free in XPCNativeSet::Mark
|
Core
|
JavaScript Engine
|
continuation
|
RESO
|
FIXE
|
2014-07-24
|
| 827687
|
|
Out of bounds read [@ ElementAnimations::EnsureStyleRuleFor] with CSS animation
|
Core
|
CSS Parsing and Comp
|
dbaron
|
RESO
|
FIXE
|
2014-11-19
|
| 893308
|
|
Heap-use-after-free in nsAnimationManager::BuildAnimations
|
Core
|
Layout
|
dbaron
|
RESO
|
FIXE
|
2014-11-19
|
| 719779
|
|
AddressSanitizer heap-use-after-free READ of size 4
|
Core
|
SVG
|
dholbert
|
RESO
|
DUPL
|
2013-02-21
|
| 824862
|
|
Heap-use-after-free in nsCounterList::RecalcAll and "ASSERTION: Bit should never be set on generated content: '!frame || !frame->IsGeneratedContentFrame()", with display:flex, "overflow", and generated content
|
Core
|
Layout
|
dholbert
|
RESO
|
FIXE
|
2016-12-01
|
| 857841
|
|
SEGV crash in nsFrame::BoxReflow
|
Core
|
Layout
|
dholbert
|
RESO
|
DUPL
|
2015-06-17
|
| 883514
|
|
Global buffer overflow (read 4) at nsFloatManager::GetFlowArea() with multicol, list, floats
|
Core
|
Layout: Floats
|
dholbert
|
RESO
|
FIXE
|
2017-03-14
|
| 892017
|
|
ASan: xpcshell test security/manager/ssl/tests/unit/test_ocsp_stapling.js triggers stack-buffer-overflow
|
Core
|
Security: PSM
|
dkeeler
|
RESO
|
FIXE
|
2013-07-22
|
| 790503
|
|
On Mac Mini, defaultCalibration reads outside of sensors[]
|
Core
|
Hardware Abstraction
|
doug.turner
|
RESO
|
FIXE
|
2012-10-02
|
| 830132
|
|
Heap-use-after-free in nsINode::ReplaceOrInsertBefore
|
Core
|
DOM: Editor
|
dzbarsky
|
RESO
|
FIXE
|
2014-07-24
|
| 771976
|
|
Heap-use-after-free in mozSpellChecker::SetCurrentDictionary
|
Core
|
Spelling checker
|
ehsan.akhgari
|
RESO
|
FIXE
|
2016-12-01
|
| 772346
|
|
Heap-use-after-free in nsHTMLEditRules::DeleteNonTableElements
|
Core
|
DOM: Editor
|
ehsan.akhgari
|
RESO
|
FIXE
|
2014-07-24
|
| 785574
|
|
Heap-use-after-free in nsHTMLCSSUtils::CreateCSSPropertyTxn
|
Core
|
DOM: Editor
|
ehsan.akhgari
|
RESO
|
FIXE
|
2016-12-01
|
| 785720
|
|
Heap-buffer-overflow in nsHTMLEditor::IsPrevCharInNodeWhitespace
|
Core
|
MathML
|
ehsan.akhgari
|
RESO
|
FIXE
|
2016-12-01
|
| 874915
|
|
Heap-buffer-overflow READ in mozilla::dom::AudioBufferSourceNodeEngine::CopyFromInputBuffer
|
Core
|
Web Audio
|
ehsan.akhgari
|
RESO
|
FIXE
|
2016-12-01
|
| 876118
|
|
Heap-buffer-overflow WRITE in mozilla::AudioNodeStream::ObtainInputBlock
|
Core
|
Web Audio
|
ehsan.akhgari
|
RESO
|
FIXE
|
2014-07-24
|
| 876252
|
|
Heap-buffer-overflow READ in speex_resampler_process_float
|
Core
|
Web Audio
|
ehsan.akhgari
|
RESO
|
FIXE
|
2014-07-24
|
| 877125
|
|
Heap-buffer-overflow in mozilla::dom::OfflineDestinationNodeEngine::ProduceAudioBlock
|
Core
|
Web Audio
|
ehsan.akhgari
|
RESO
|
FIXE
|
2014-07-24
|
| 1158651
|
|
Global-buffer-overflow in nsTArray_Impl<mozilla::dom::OwningNonNull<nsINode>, nsTArrayInfallibleAllocator>::RemoveElementAt
|
Core
|
DOM: Editor
|
ehsan.akhgari
|
RESO
|
FIXE
|
2020-03-10
|
| 790929
|
|
WebRTC crash [@sdp_build_attr_from_str]
|
Core
|
WebRTC: Signaling
|
ethanhugg
|
RESO
|
FIXE
|
2013-04-18
|
| 790949
|
|
WebRTC crash [@sdp_getnextstrtok]
|
Core
|
WebRTC: Signaling
|
ethanhugg
|
RESO
|
FIXE
|
2013-04-18
|
| 791702
|
|
WebRTC crash [@sipsdp_write_to_buf]
|
Core
|
WebRTC: Signaling
|
ethanhugg
|
RESO
|
FIXE
|
2013-04-18
|
| 824960
|
|
WebRTC use-after-free crash [@mozilla::DataChannelConnection::SendOpenAckMessage]
|
Core
|
WebRTC: Audio/Video
|
ethanhugg
|
RESO
|
DUPL
|
2015-06-17
|
| 749620
|
|
Invalid stack memory access in CompareLexicographicInt32
|
Core
|
JavaScript Engine
|
evilpies
|
RESO
|
FIXE
|
2012-05-04
|
| 833127
|
|
TestStartupCache fails under ASan
|
Core
|
XPCOM
|
froydnj+bz
|
RESO
|
FIXE
|
2013-07-10
|
| 961394
|
|
MOZ_ASAN_BLACKLIST does not work with GCC ASAN
|
Core
|
MFBT
|
froydnj+bz
|
RESO
|
FIXE
|
2014-01-22
|
| 710688
|
|
ASan reports heap-use-after-free in JS::Value::isMarkable
|
Core
|
JavaScript Engine
|
general
|
RESO
|
DUPL
|
2014-02-12
|
| 732791
|
|
Use-after-free [@ js::mjit::Compiler::bytecodeInChunk] or Crash [@ js::GetBytecodeLength]
|
Core
|
JavaScript Engine
|
general
|
RESO
|
DUPL
|
2012-04-19
|
| 784368
|
|
"make package" broken in ASan builds (GC related ASan failure)
|
Core
|
JavaScript Engine
|
general
|
RESO
|
FIXE
|
2012-09-01
|
| 799438
|
|
IonMonkey: AddressSanitizer heap-use-after-free in [@ js::StackSegment::popCall] or Assertion failure: !used(), at ../ion/shared/Assembler-shared.h:234
|
Core
|
JavaScript Engine
|
general
|
RESO
|
WORK
|
2014-02-12
|
| 872565
|
|
ASM.js tests orange on AddressSanitizer TBPL builds
|
Core
|
JavaScript Engine
|
general
|
RESO
|
FIXE
|
2013-08-05
|
| 893739
|
|
OdinMonkey: Use-after-free [@ strlen] through [@ js::ScriptSource::setFilename]
|
Core
|
JavaScript Engine
|
general
|
RESO
|
DUPL
|
2016-10-11
|
| 957716
|
|
ASan use-after-free [@ js::Binding::name()] with setObjectMetadataCallback
|
Core
|
JavaScript Engine
|
general
|
RESO
|
DUPL
|
2014-01-14
|
| 853589
|
|
WebVTT crash [@parse_cueparams]
|
Core
|
Audio/Video
|
giles
|
RESO
|
FIXE
|
2016-06-04
|
| 879924
|
|
Non-null crash at nsCString::CharAt
|
Core
|
Audio/Video
|
giles
|
RESO
|
FIXE
|
2014-11-19
|
| 881066
|
|
heap-buffer-overflow (read) at mozilla::(anonymous namespace)::ReadUint8
|
Core
|
Audio/Video
|
giles
|
RESO
|
FIXE
|
2016-06-04
|
| 815795
|
|
stack buffer overflow with canvas
|
Core
|
Graphics: Canvas2D
|
gw
|
RESO
|
FIXE
|
2014-07-24
|
| 961859
|
|
Out of bounds read(4) in SelectionIterator::GetNextSegment
|
Core
|
Layout: Text and Fon
|
inferno
|
RESO
|
WORK
|
2015-02-22
|
| 765198
|
|
WebGL crash [@mozilla::WebGLContext::ReadPixels]
|
Core
|
Graphics: CanvasWebG
|
jacob.benoit.1
|
RESO
|
FIXE
|
2012-06-22
|
| 775234
|
|
out of bounds read when compiling webgl vertex shader with long identifier name
|
Core
|
Graphics: CanvasWebG
|
jacob.benoit.1
|
RESO
|
FIXE
|
2014-07-14
|
| 787827
|
|
use-after-free in webgl with resource overflow thing, llvmpipe atleast
|
Core
|
Graphics: CanvasWebG
|
jacob.benoit.1
|
RESO
|
DUPL
|
2019-09-06
|
| 790879
|
|
integer overflow, invalid write w/webgl bufferdata
|
Core
|
Graphics: CanvasWebG
|
jacob.benoit.1
|
RESO
|
FIXE
|
2016-12-01
|
| 802778
|
|
crash in copyTexImage2D with image dimensions too large for given level
|
Core
|
Graphics: CanvasWebG
|
jacob.benoit.1
|
RESO
|
FIXE
|
2014-07-24
|
| 816695
|
|
Blocklist LLvmpipe graphics driver
|
Core
|
Graphics
|
jacob.benoit.1
|
RESO
|
FIXE
|
2012-12-21
|
| 827106
|
|
freeing unallocated address with webgl
|
Core
|
Graphics: CanvasWebG
|
jacob.benoit.1
|
RESO
|
FIXE
|
2013-11-25
|
| 950390
|
|
AddressSanitizer Errors: attempting to call malloc_usable_size() for pointer which is not owned, and memory address is located 2032 bytes to the left of 0-byte region
|
Core
|
Graphics: ImageLib
|
jacob.benoit.1
|
RESO
|
WORK
|
2014-07-16
|
| 771318
|
|
Heap-use-after-free in nsWSAdmissionManager::OnStopSession
|
Core
|
Networking
|
jduell.mcbugs
|
RESO
|
FIXE
|
2016-12-01
|
| 729626
|
|
ASAN: heap-buffer-overflow in harfbuzz indic cluster machine
|
Core
|
Graphics
|
jfkthame
|
RESO
|
FIXE
|
2013-02-20
|
| 780959
|
|
Heap-buffer-overflow in BuildTextRunsScanner::FindBoundaries
|
Core
|
Layout: Text and Fon
|
jfkthame
|
RESO
|
FIXE
|
2016-12-01
|
| 804927
|
|
heap-buffer-overflow in gfxShapedWord::CompressedGlyph::IsClusterStart
|
Core
|
Graphics
|
jfkthame
|
RESO
|
FIXE
|
2014-07-24
|
| 823925
|
|
Out of bounds read in BuildTextRunsScanner::FindBoundaries
|
Core
|
Layout: Text and Fon
|
jfkthame
|
RESO
|
WORK
|
2017-10-26
|
| 774207
|
|
Heap-buffer-overflow in mozilla::gfx::BoxBlurVertical
|
Core
|
Graphics
|
jmuizelaar
|
RESO
|
FIXE
|
2016-06-04
|
| 794471
|
|
Heap-use-after-free in mozilla::image::nsPNGDecoder::row_callback during WebGL conformance suite
|
Core
|
Graphics
|
joe
|
RESO
|
WORK
|
2022-06-01
|
| 840353
|
|
Heap-use-after-free in nsAsyncDOMEvent::Run
|
Core
|
DOM: Core & HTML
|
joe
|
RESO
|
FIXE
|
2019-03-13
|
| 890179
|
|
heap-buffer-overflow (write) at mozilla::image::nsPNGDecoder::row_callback
|
Core
|
Graphics: ImageLib
|
joe
|
RESO
|
FIXE
|
2014-07-24
|
| 773207
|
|
Heap-use-after-free in nsObjectLoadingContent::LoadObject
|
Core
|
DOM: Core & HTML
|
john
|
RESO
|
FIXE
|
2019-03-13
|
| 710479
|
|
ASan reports invalid read in PopOffPrec
|
Core
|
JavaScript Engine
|
jorendorff
|
RESO
|
FIXE
|
2012-05-16
|
| 788959
|
|
Heap-use-after-free in imgRequest::OnStopFrame
|
Core
|
Graphics: ImageLib
|
josh
|
RESO
|
FIXE
|
2016-12-01
|
| 801366
|
|
out-of-bounds-read in mozilla::image::RasterImage::DrawFrameTo
|
Core
|
Graphics: ImageLib
|
josh
|
RESO
|
FIXE
|
2014-11-19
|
| 819843
|
|
Heap-use-after-free in nsHttpConnection::SetSecurityCallbacks
|
Core
|
Networking: HTTP
|
josh
|
RESO
|
WORK
|
2014-11-19
|
| 783502
|
|
xpcshell test netwerk/test/unit/test_MIME_params.js fails on AddressSanitizer
|
Core
|
Networking
|
julian.reschke
|
RESO
|
FIXE
|
2013-01-10
|
| 804041
|
|
Heap-use-after-free in mozilla::image::DiscardTracker::DiscardNow
|
Core
|
Graphics: ImageLib
|
justin.lebar+bug
|
RESO
|
DUPL
|
2015-06-17
|
| 827689
|
|
Heap-buffer-overflow in LossyConvertEncoding8to16::write_sse2
|
Core
|
XPCOM
|
justin.lebar+bug
|
RESO
|
DUPL
|
2015-06-17
|
| 831090
|
|
crash @Worker::SetEventListener with Worker and __proto__
|
Core
|
JavaScript Engine
|
jwalden
|
RESO
|
DUPL
|
2016-10-11
|
| 926401
|
|
ASan heap-buffer-overflow with BinaryData
|
Core
|
JavaScript Engine
|
jwalden
|
RESO
|
FIXE
|
2015-02-25
|
| 780963
|
|
invalid cast with svg feImage
|
Core
|
SVG
|
jwatt
|
RESO
|
FIXE
|
2014-07-24
|
| 787722
|
|
Heap-buffer-overflow in Convolve3x3
|
Core
|
SVG
|
jwatt
|
RESO
|
FIXE
|
2014-07-24
|
| 795592
|
|
invalid cast leading to out of bounds read in nsSVGUtils::GetCanvasTM
|
Core
|
SVG
|
jwatt
|
RESO
|
FIXE
|
2014-07-24
|
| 795734
|
|
Out of bounds READ in nsRegion::Or
|
Core
|
SVG
|
jwatt
|
RESO
|
FIXE
|
2014-07-24
|
| 795740
|
|
Heap-buffer-overflow in nsMappedAttributes::GetAttr
|
Core
|
SVG
|
jwatt
|
RESO
|
DUPL
|
2014-07-14
|
| 798010
|
|
segfault with svg and markers
|
Core
|
SVG
|
jwatt
|
RESO
|
DUPL
|
2014-07-14
|
| 745548
|
|
Nickname race in PK11_ImportCert (potential heap-use-after-free in nssUTF8_Duplicate)
|
NSS
|
Libraries
|
kaie
|
RESO
|
FIXE
|
2014-06-27
|
| 792305
|
|
Heap-buffer-overflow in nsWindow::OnExposeEvent
|
Core
|
Widget: Gtk
|
karlt
|
RESO
|
FIXE
|
2016-12-01
|
| 803762
|
|
Invalid write in MakeBigReq memmove XRenderCompositeTrapezoids
|
Core
|
Graphics
|
karlt
|
RESO
|
WORK
|
2016-11-02
|
| 831095
|
|
Use-After-Free crash @xul!nsImageLoadingContent::OnStopContainer
|
Core
|
DOM: Core & HTML
|
khuey
|
RESO
|
FIXE
|
2019-03-13
|
| 826104
|
|
Crash in MediaDecoder::UpdatePlaybackOffset
|
Core
|
Audio/Video
|
kinetik
|
RESO
|
FIXE
|
2020-05-27
|
| 711653
|
|
SVGFilter out of bounds read (Address Sanitizer)
|
Core
|
SVG
|
longsonr
|
RESO
|
FIXE
|
2016-02-21
|
| 786895
|
|
Heap-use-after-free in DOMSVGTests::GetRequiredFeatures
|
Core
|
SVG
|
longsonr
|
RESO
|
FIXE
|
2014-07-24
|
| 760975
|
|
Heap-buffer-overflow in nsAutoCompleteController::ProcessResult
|
Toolkit
|
Autocomplete
|
mak
|
RESO
|
WORK
|
2015-10-16
|
| 764541
|
|
Crash in BidiParagraphData::PushBidiControl
|
Core
|
Layout: Text and Fon
|
MatsPalmgren_bugz
|
RESO
|
FIXE
|
2012-07-19
|
| 765621
|
|
Out of bounds read in IsCSSWordSpacingSpace
|
Core
|
Layout: Block and In
|
MatsPalmgren_bugz
|
RESO
|
FIXE
|
2014-07-22
|
| 774548
|
|
Heap-buffer-overflow in nsBlockFrame::MarkLineDirty
|
Core
|
Layout: Block and In
|
MatsPalmgren_bugz
|
RESO
|
FIXE
|
2016-12-01
|
| 777578
|
|
Heap-use-after-free in PresShell::CompleteMove
|
Core
|
DOM: Selection
|
MatsPalmgren_bugz
|
RESO
|
FIXE
|
2016-12-01
|
| 783041
|
|
out-of-bounds read when blurring
|
Core
|
Graphics
|
MatsPalmgren_bugz
|
RESO
|
FIXE
|
2014-07-14
|
| 785555
|
|
Heap-buffer-overflow in gfxTextRun::ShrinkToLigatureBoundaries
|
Core
|
Layout: Text and Fon
|
MatsPalmgren_bugz
|
RESO
|
FIXE
|
2014-07-18
|
| 785753
|
|
Global-buffer-overflow in nsCharTraits::length
|
Core
|
Networking
|
MatsPalmgren_bugz
|
RESO
|
FIXE
|
2014-07-24
|
| 798691
|
|
Heap-use-after-free in nsDisplayBoxShadowOuter::Paint
|
Core
|
Layout
|
MatsPalmgren_bugz
|
RESO
|
FIXE
|
2018-08-29
|
| 798853
|
|
Heap-use-after-free in gfxFont::GetFontEntry
|
Core
|
Graphics: Text
|
MatsPalmgren_bugz
|
RESO
|
FIXE
|
2014-07-24
|
| 801330
|
|
out-of-bounds-read in nsCodingStateMachine::NextState
|
Core
|
Internationalization
|
MatsPalmgren_bugz
|
RESO
|
FIXE
|
2014-11-19
|
| 802902
|
|
Heap-use-after-free in nsViewManager::ProcessPendingUpdates
|
Core
|
Layout
|
MatsPalmgren_bugz
|
RESO
|
FIXE
|
2014-07-24
|
| 806483
|
|
Heap-use-after-free (read) nsIFrame::GetStyleContext
|
Core
|
Layout
|
MatsPalmgren_bugz
|
RESO
|
FIXE
|
2016-12-01
|
| 812893
|
|
Heap-use-after-free in nsOverflowContinuationTracker::Finish, with -moz-columns
|
Core
|
Layout
|
MatsPalmgren_bugz
|
RESO
|
FIXE
|
2016-12-01
|
| 814713
|
|
Heap-use-after-free in TableBackgroundPainter::TableBackgroundData::Destroy
|
Core
|
Layout: Tables
|
MatsPalmgren_bugz
|
RESO
|
FIXE
|
2016-12-01
|
| 815489
|
|
OOB write relating to mozilla::gfx::AlphaBoxBlur::Blur
|
Core
|
Graphics
|
MatsPalmgren_bugz
|
RESO
|
FIXE
|
2014-07-24
|
| 821126
|
|
Heap-use-after-free in nsFrameList::InsertFrames
|
Core
|
Layout
|
MatsPalmgren_bugz
|
RESO
|
DUPL
|
2014-11-19
|
| 821479
|
|
Out-of-bounds read crash in PropertyProvider::GetSpacingInternal
|
Core
|
Layout: Text and Fon
|
MatsPalmgren_bugz
|
RESO
|
FIXE
|
2014-11-19
|
| 827070
|
|
Heap-buffer-overflow WRITE in nsSaveAsCharset::DoCharsetConversion
|
Core
|
Internationalization
|
MatsPalmgren_bugz
|
RESO
|
FIXE
|
2014-07-16
|
| 850931
|
|
Heap-use-after-free in nsFrameList::FirstChild
|
Core
|
Layout
|
MatsPalmgren_bugz
|
RESO
|
FIXE
|
2014-07-24
|
| 898871
|
|
ASAN heap-use-after-free in mozilla::layout::ScrollbarActivity
|
Core
|
Layout: Images, Vide
|
MatsPalmgren_bugz
|
RESO
|
FIXE
|
2019-12-09
|
| 938341
|
|
heap-use-after-free in libxul.so!nsEventListenerManager::HandleEventSubType
|
Core
|
DOM: UI Events & Foc
|
MatsPalmgren_bugz
|
RESO
|
FIXE
|
2019-03-13
|
| 947158
|
|
Use-after-poison in nsLineLayout::RelativePositionFrames
|
Core
|
Layout
|
MatsPalmgren_bugz
|
RESO
|
FIXE
|
2015-10-16
|
| 964078
|
|
global-buffer-overflow (read) at CJKIdeographicToText
|
Core
|
Layout
|
MatsPalmgren_bugz
|
RESO
|
FIXE
|
2015-11-25
|
| 1105938
|
|
Global-buffer-overflow in CSSParserImpl::ParseDeclaration
|
Core
|
CSS Parsing and Comp
|
MatsPalmgren_bugz
|
RESO
|
FIXE
|
2016-06-04
|
| 1143299
|
|
Heap-use-after-free in UnhookTextRunFromFrames
|
Core
|
Layout
|
MatsPalmgren_bugz
|
RESO
|
FIXE
|
2016-12-01
|
| 1153478
|
|
heap-use-after-free in SetBreaks
|
Core
|
Layout: Text and Fon
|
MatsPalmgren_bugz
|
RESO
|
FIXE
|
2017-03-29
|
| 1161393
|
|
heap-use-after-free in GetDocument
|
Core
|
Layout
|
MatsPalmgren_bugz
|
RESO
|
WORK
|
2017-01-23
|
| 1239917
|
|
Global-buffer-overflow in nsComputedDOMStyle::AppendGridLineNames
|
Core
|
CSS Parsing and Comp
|
MatsPalmgren_bugz
|
RESO
|
DUPL
|
2016-02-22
|
| 775228
|
|
use-after-free when loading html file on osx
|
Core
|
Graphics
|
matt.woodrow
|
RESO
|
FIXE
|
2016-12-01
|
| 795899
|
|
Heap-use-after-free in mozilla::layers::ContainerLayer::ComputeEffectiveTransformsForChildren
|
Core
|
Layout
|
matt.woodrow
|
RESO
|
FIXE
|
2017-05-09
|
| 850672
|
|
use-after-poison with tables, -moz-perspective and transform [@ OverflowChangedTracker::Flush]
|
Core
|
Layout
|
matt.woodrow
|
RESO
|
FIXE
|
2014-07-16
|
| 750932
|
|
ASAN: Test test_multipart_streamconv_missing_lead_boundary.js triggers error
|
Core
|
Networking
|
mcmanus
|
RESO
|
FIXE
|
2014-11-19
|
| 777838
|
|
use-after-free with columns, first-letter and first-line
|
Core
|
Layout: Text and Fon
|
miaubiz
|
RESO
|
DUPL
|
2013-11-12
|
| 845125
|
|
Mac: Crash when printing csptesting.herokuapp.com to PDF w/ heap-use-after-free
|
Core
|
Graphics
|
milaninbugzilla
|
RESO
|
FIXE
|
2016-12-01
|
| 787717
|
|
ASAN: Test netwerk/test/unit/test_permmgr.js triggers error
|
Core
|
Networking: Cookies
|
mounir
|
RESO
|
FIXE
|
2012-11-07
|
| 851353
|
|
compartment mismatch in nsXBLBinding::DoInitJSClass
|
Core
|
XBL
|
mrbkap
|
RESO
|
FIXE
|
2014-11-19
|
| 916404
|
|
Heap-use-after-free in nsContentUtils::ContentIsHostIncludingDescendantOf
|
Core
|
DOM: Core & HTML
|
mrbkap
|
RESO
|
FIXE
|
2019-03-13
|
| 961517
|
|
Heap-use-after-free in mozilla::gfx::(anonymous namespace)::PowCache::Pow
|
Core
|
Graphics
|
mstange.moz
|
RESO
|
DUPL
|
2016-10-14
|
| 963086
|
|
heap-use-after-free (read) at mozilla::PodCopy
|
Core
|
Graphics
|
mstange.moz
|
RESO
|
FIXE
|
2015-02-25
|
| 828903
|
|
UAF in xul!mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap
|
Core
|
Layout
|
mwobensmith
|
RESO
|
DUPL
|
2014-10-24
|
| 906100
|
|
Intermittent failures in tests that list sources, but don't call gc() after adding test globals
|
DevTools
|
Debugger
|
nfitzgerald
|
RESO
|
FIXE
|
2018-06-13
|
| 833604
|
|
UAF with transform and fixed position
|
Core
|
Layout: Block and In
|
nils
|
RESO
|
DUPL
|
2014-07-16
|
| 949198
|
|
ASan use-after-free [@ JSContext::runtime()] with TypedObject
|
Core
|
JavaScript Engine
|
nmatsakis
|
RESO
|
DUPL
|
2016-10-11
|
| 718227
|
|
Crash [@ js::ctypes::ConvertToJS] with test dom/ipc/tests/test_process_error.xul under Valgrind
|
Core
|
js-ctypes
|
nobody
|
RESO
|
INVA
|
2012-01-15
|
| 724587
|
|
svg files report out of bound reads with asan:
|
Core
|
SVG
|
nobody
|
RESO
|
DUPL
|
2014-05-05
|
| 736585
|
|
ASAN: nsCSSRendering::DrawTableBorderSegment
|
Core
|
Layout: Tables
|
nobody
|
RESO
|
WORK
|
2017-10-26
|
| 737987
|
|
ASAN: use-after-free during startup.
|
Core
|
XPConnect
|
nobody
|
RESO
|
INAC
|
2018-05-24
|
| 745679
|
|
Heap-use-after-free in indexedDB::IDBKeyRange::cycleCollection::Trace
|
Firefox
|
Untriaged
|
nobody
|
RESO
|
DUPL
|
2012-05-18
|
| 750988
|
|
ASAN: Several xpcshell tests in url-classifier triggers error
|
Core
|
XPConnect
|
nobody
|
RESO
|
DUPL
|
2012-11-04
|
| 752316
|
|
Heap-buffer-overflow in nsClipboard::GetData
|
Core
|
Widget: Gtk
|
nobody
|
RESO
|
INCO
|
2012-07-12
|
| 757905
|
|
segfault in DeadlockDetector from cubeb_alsa
|
Core
|
XPCOM
|
nobody
|
RESO
|
WORK
|
2012-07-05
|
| 765161
|
|
WebGL crash when empty string is passed to getUniformLocation, getAttribLocation or bindAttribLocation [@mozilla::WebGLProgram::MapIdentifier] (dupe)
|
Core
|
Graphics: CanvasWebG
|
nobody
|
RESO
|
DUPL
|
2012-07-31
|
| 765585
|
|
Heap-use-after-free in js::GCThingIsMarkedGray involving DOM events
|
Core
|
DOM: Events
|
nobody
|
RESO
|
INCO
|
2016-06-04
|
| 765711
|
|
Heap-use-after-free in nsFrameList::RemoveFirstChild
|
Core
|
Layout: Block and In
|
nobody
|
RESO
|
DUPL
|
2014-05-05
|
| 766255
|
|
Stack-buffer-overflow when doing XMLHttpRequest
|
Core
|
DOM: Core & HTML
|
nobody
|
RESO
|
WORK
|
2019-03-13
|
| 784918
|
|
Heap-use-after-free in nsHTMLMediaElement::CaptureStreamInternal
|
Core
|
Audio/Video
|
nobody
|
RESO
|
FIXE
|
2016-12-01
|
| 787715
|
|
ASAN: Crashtest content/xul/templates/src/crashtests/329335-1.xul triggers error
|
Core
|
XUL
|
nobody
|
RESO
|
WORK
|
2017-10-26
|
| 790252
|
|
out of bounds read in gfxTextRun::ShrinkToLigatureBoundaries
|
Core
|
Layout: Text and Fon
|
nobody
|
RESO
|
WORK
|
2018-07-02
|
| 790502
|
|
Heap-use-after-free in gfxSkipCharsIterator::SetOffsets
|
Core
|
Layout: Text and Fon
|
nobody
|
RESO
|
WORK
|
2017-10-26
|
| 791534
|
|
Heap-use-after-free in DocumentViewerImpl::SetBounds
|
Firefox
|
General
|
nobody
|
RESO
|
DUPL
|
2014-05-05
|
| 791905
|
|
Heap-use-after-free in Mesa, triggerable by resizing a WebGL canvas
|
Core
|
Graphics: CanvasWebG
|
nobody
|
RESO
|
FIXE
|
2014-07-24
|
| 794139
|
|
WebRTC crash [@definite_length_decoder]
|
Core
|
WebRTC: Signaling
|
nobody
|
RESO
|
DUPL
|
2014-05-05
|
| 795750
|
|
Heap-use-after-free in HttpBaseChannel::SetNotificationCallbacks
|
Core
|
Audio/Video
|
nobody
|
RESO
|
FIXE
|
2014-07-24
|
| 798293
|
|
ASan builds broken by WebRTC (error: visibility does not match previous declaration)
|
Core
|
WebRTC
|
nobody
|
RESO
|
DUPL
|
2012-10-05
|
| 802599
|
|
Assertion failure: false, at toolkit/components/places/AsyncFaviconHelpers.cpp:527 Crash [@ AsyncFetchAndSetIconForPage] or use-after-free across threads
|
Toolkit
|
Places
|
nobody
|
RESO
|
WORK
|
2014-02-12
|
| 805279
|
|
WebRTC crash [@webrtc::Trace::Add]
|
Core
|
WebRTC
|
nobody
|
RESO
|
FIXE
|
2013-11-25
|
| 807891
|
|
Out-of-bounds read in PropertyProvider::GetSpacingInternal
|
Core
|
Layout: Text and Fon
|
nobody
|
RESO
|
WORK
|
2017-11-15
|
| 813435
|
|
Heap-use-after-free in mozilla::MediaDecoderStateMachine::StopAudioThread
|
Core
|
Audio/Video
|
nobody
|
RESO
|
FIXE
|
2016-12-01
|
| 824536
|
|
Out of bound read in MOZ_PNG_combine_row
|
Core
|
Graphics: ImageLib
|
nobody
|
RESO
|
FIXE
|
2016-06-04
|
| 833895
|
|
UAF with backfaceVisibility='hidden' and position=fixed
|
Core
|
Layout
|
nobody
|
RESO
|
DUPL
|
2013-05-12
|
| 850951
|
|
Heap-use-after-free in imgStatusTracker::OnStopRequest
|
Core
|
Graphics: ImageLib
|
nobody
|
RESO
|
FIXE
|
2014-07-16
|
| 851553
|
|
Crash when deleting multiple profiles
|
Core
|
General
|
nobody
|
RESO
|
DUPL
|
2015-02-13
|
| 854086
|
|
WebVTT crash [@mozilla::dom::WebVTTLoadListener::ConvertNodeToCueTextContent]
|
Core
|
Audio/Video
|
nobody
|
RESO
|
WORK
|
2013-09-30
|
| 864008
|
|
ASan: conformance/textures/gl-teximage.html fails with "attempting to call malloc_usable_size() for pointer which is not owned"
|
Core
|
Graphics: ImageLib
|
nobody
|
RESO
|
FIXE
|
2013-06-10
|
| 865921
|
|
use-after-poison during launch while initializing NSS
|
NSS
|
Libraries
|
nobody
|
RESO
|
FIXE
|
2013-05-02
|
| 883938
|
|
ASAN heap-use-after-free in mozilla::StreamBuffer::FindTrack
|
Core
|
Web Audio
|
nobody
|
RESO
|
DUPL
|
2013-08-27
|
| 888700
|
|
heap-use-after-free at nsTArray_Impl::IndexOf
|
Core
|
DOM: Core & HTML
|
nobody
|
RESO
|
DUPL
|
2019-03-13
|
| 899802
|
|
Heap-use-after-free in Mesa swrast_dri.so, in test_webgl_conformance_test_suite.html
|
Core
|
Graphics: CanvasWebG
|
nobody
|
RESO
|
INCO
|
2018-11-27
|
| 903450
|
|
heap-buffer-overflow on startup
|
Core
|
General
|
nobody
|
RESO
|
WORK
|
2013-08-28
|
| 931368
|
|
ASAN "heap-buffer-overflow" in BufferUnrotate (out of bounds read)
|
Core
|
Graphics: Layers
|
nobody
|
RESO
|
INCO
|
2016-06-04
|
| 960160
|
|
AddressSanitizer: attempting to call malloc_usable_size() for pointer which is not owned (content/media/test/test_playback_rate.html)
|
Core
|
Graphics: ImageLib
|
nobody
|
RESO
|
INVA
|
2014-03-24
|
| 988380
|
|
AddressSanitizer: heap-buffer-overflow via [@ GetImapHostName]
|
MailNews Core
|
Networking: IMAP
|
nobody
|
RESO
|
INCO
|
2020-01-09
|
| 995636
|
|
SEGV in in HasProperty
|
Core
|
CSS Parsing and Comp
|
nobody
|
RESO
|
DUPL
|
2016-10-14
|
| 1018700
|
|
AddressSanitizer: stack-buffer-overflow [@ JSScript::code]
|
Core
|
JavaScript Engine
|
nobody
|
RESO
|
WORK
|
2017-11-15
|
| 1021928
|
|
Intermittent use-after-free in IsClosed
|
Core
|
WebRTC: Signaling
|
nobody
|
RESO
|
WORK
|
2015-08-07
|
| 1064519
|
|
Intermittent AddressSanitizer: heap-use-after-free content/media/../../dist/include/nsAutoPtr.h:1017 in test_mediaDecoding.html
|
Core
|
Audio/Video
|
nobody
|
RESO
|
DUPL
|
2015-08-07
|
| 1155060
|
|
use-after-poison at StyleDisplay
|
Core
|
Layout: Floats
|
nobody
|
RESO
|
DUPL
|
2023-05-22
|
| 1168276
|
|
Intermittent browser_bug703210.js | AddressSanitizer: SEGV on unknown address 0x000000000008 in js::ctypes::ConvertToJS
|
Core
|
js-ctypes
|
nobody
|
RESO
|
DUPL
|
2015-06-25
|
| 1196400
|
|
Mozilla Firefox Use-After-Free (ASAN included)
|
Core
|
Graphics
|
nobody
|
RESO
|
DUPL
|
2016-11-02
|
| 821737
|
|
Heap-use-after-free in nsThread::PutEvent
|
Core
|
Audio/Video
|
padenot
|
RESO
|
FIXE
|
2016-12-01
|
| 846612
|
|
Heap-buffer-overflow in soundtouch::TDStretchSSE::calcCrossCorr
|
Core
|
Audio/Video
|
padenot
|
RESO
|
FIXE
|
2016-12-01
|
| 871577
|
|
Stack buffer overflow in mozilla::AudioChannelsDownMix(nsTArray<void const*> const&, float**, unsigned int, unsigned int)
|
Core
|
Web Audio
|
padenot
|
RESO
|
DUPL
|
2016-10-11
|
| 901265
|
|
Out of bounds read due to misalignment in resampler_basic_direct_single
|
Core
|
Web Audio
|
padenot
|
RESO
|
WONT
|
2017-05-19
|
| 1064117
|
|
intermittent AddressSanitizer: heap-use-after-free content/media/../../dist/include/nsAutoPtr.h:1017 get
|
Core
|
WebRTC: Audio/Video
|
padenot
|
RESO
|
FIXE
|
2020-02-28
|
| 762280
|
|
use after free in js::gc::MapAllocToTraceKind
|
Core
|
DOM: Core & HTML
|
peterv
|
RESO
|
FIXE
|
2019-03-13
|
| 876316
|
|
Heap-use-after-free in GetPropertyDescriptorById
|
Core
|
DOM: Core & HTML
|
peterv
|
RESO
|
DUPL
|
2019-03-13
|
| 883313
|
|
ASAN heap-use-after-free in nsINode::GetParentNode
|
Core
|
DOM: Core & HTML
|
peterv
|
RESO
|
FIXE
|
2014-11-19
|
| 914017
|
|
Stack-buffer-overflow in txXPathNodeUtils::getBaseURI
|
Core
|
XSLT
|
peterv
|
RESO
|
FIXE
|
2015-02-25
|
| 886842
|
|
Add clang trunk builds for ASan
|
Release Engineering
|
General
|
rail
|
RESO
|
FIXE
|
2018-05-08
|
| 772046
|
|
ASan builds broken by WebRTC (Linker relocation error)
|
Core
|
WebRTC
|
respindola
|
RESO
|
FIXE
|
2012-07-27
|
| 839338
|
|
ASan alloc/dealloc mismatch in _M_create_nodes/_M_destroy_nodes
|
Core
|
MFBT
|
respindola
|
RESO
|
FIXE
|
2013-04-17
|
| 792068
|
|
WebRTC crash [@sctp_getopt]
|
Core
|
WebRTC: Signaling
|
rjesup
|
RESO
|
FIXE
|
2013-04-18
|
| 774597
|
|
Heap-use-after-free in MediaStreamGraphThreadRunnable::Run()
|
Core
|
Audio/Video
|
roc
|
RESO
|
FIXE
|
2016-12-01
|
| 780534
|
|
Heap-use-after-free in MediaStream::Init
|
Core
|
Audio/Video
|
roc
|
RESO
|
WORK
|
2017-10-26
|
| 787831
|
|
Heap-use-after-free in mozilla::TrackUnionStream::EndTrack
|
Core
|
Audio/Video
|
roc
|
RESO
|
FIXE
|
2020-05-24
|
| 790854
|
|
Invalid write [@ mozilla::MediaStream::Destroy] with mozCaptureStream, onloadedmetadata
|
Core
|
Audio/Video
|
roc
|
RESO
|
FIXE
|
2013-01-16
|
| 816359
|
|
Heap-use-after-free in nsFrameSelection::cycleCollection::TraverseImpl
|
Core
|
Layout
|
roc
|
RESO
|
FIXE
|
2014-07-24
|
| 824453
|
|
Heap-use-after-free in mozilla::MediaStreamGraphImpl::FinishStream
|
Core
|
Audio/Video
|
roc
|
RESO
|
WORK
|
2017-10-26
|
| 824971
|
|
Heap-use-after-free in mozilla::MediaInputPort::Disconnect
|
Core
|
Audio/Video
|
roc
|
RESO
|
WORK
|
2017-10-26
|
| 830138
|
|
Heap-use-after-free in nsFrameSelection::cycleCollection::TraverseImpl
|
Core
|
Layout
|
roc
|
RESO
|
DUPL
|
2014-07-16
|
| 830192
|
|
Out of bounds read in nsCellMap::GetRowSpanForNewCell
|
Core
|
Layout: Tables
|
roc
|
RESO
|
FIXE
|
2014-07-24
|
| 876092
|
|
out of bounds stack read in mozilla::DisplayItemClip::IntersectWith
|
Core
|
Layout
|
roc
|
RESO
|
FIXE
|
2014-07-18
|
| 876221
|
|
ASAN stack-buffer-overflow in mozilla::DisplayItemClip::IntersectWith
|
Core
|
Layout
|
roc
|
RESO
|
FIXE
|
2014-11-03
|
| 794025
|
|
AddressSanitizer heap-use-after-free in [@ js::mjit::CallCompiler::generateNativeStub]
|
Core
|
JavaScript Engine
|
sean.stangl
|
RESO
|
FIXE
|
2020-02-28
|
| 771961
|
|
Heap-use-after-free in nsEditor::RemoveContainer
|
Core
|
DOM: Editor
|
smaug
|
RESO
|
FIXE
|
2016-12-01
|
| 787704
|
|
use-after-free in nsIContent::GetNameSpaceID
|
Core
|
XUL
|
smaug
|
RESO
|
FIXE
|
2019-01-16
|
| 790856
|
|
Window resize accessed a dangling DocumentViewerImpl
|
Core
|
DOM: Navigation
|
smaug
|
RESO
|
FIXE
|
2013-01-10
|
| 798677
|
|
Heap-use-after-free in nsPlaintextEditor::FireClipboardEvent
|
Core
|
DOM: Editor
|
smaug
|
RESO
|
FIXE
|
2014-07-24
|
| 821991
|
|
[FIX] Heap-use-after-free in nsPrintEngine::CommonPrint
|
Core
|
Printing: Setup
|
smaug
|
RESO
|
FIXE
|
2017-05-09
|
| 865076
|
|
Heap-use-after-free in nsAttrAndChildArray::GetAttr
|
Core
|
DOM: Core & HTML
|
smaug
|
RESO
|
FIXE
|
2019-03-13
|
| 906301
|
|
Memory corruption in nsGfxScrollFrameInner::IsLTR()
|
Core
|
DOM: Core & HTML
|
smaug
|
RESO
|
FIXE
|
2019-03-13
|
| 915210
|
|
ASAN heap-use-after-free in nsIPresShell::GetPresContext() with canvas, onresize and mozTextStyle
|
Core
|
Graphics: Canvas2D
|
smaug
|
RESO
|
FIXE
|
2015-02-25
|
| 916576
|
|
[FIX] ASAN use-after-free in nsIOService::NewChannelFromURIWithProxyFlags with Blob URL
|
Core
|
DOM: Core & HTML
|
smaug
|
RESO
|
FIXE
|
2019-03-13
|
| 916685
|
|
ASAN use-after free in GC allocation in nsEventListenerManager::SetEventHandler
|
Core
|
DOM: Events
|
smaug
|
RESO
|
FIXE
|
2015-02-25
|
| 918864
|
|
[FIX] Heap-use-after-free in nsDocLoader::doStopDocumentLoad()
|
Core
|
DOM: Core & HTML
|
smaug
|
RESO
|
FIXE
|
2019-03-13
|
| 926361
|
|
ASAN use-after-free in nsNodeUtils::LastRelease on anonymous node from ShowInlineTableEditingUI
|
Core
|
DOM: Editor
|
smaug
|
RESO
|
FIXE
|
2015-02-25
|
| 767765
|
|
Heap-use-after-free BuildTextRunsScanner::BreakSink::SetBreaks
|
Core
|
Layout: Text and Fon
|
smontagu
|
RESO
|
FIXE
|
2016-12-01
|
| 815477
|
|
Heap-use-after-free in mozilla::WalkAncestorsResetAutoDirection
|
Core
|
Layout: Text and Fon
|
smontagu
|
RESO
|
FIXE
|
2013-11-26
|
| 815500
|
|
Heap-use-after-free in mozilla::RecomputeDirectionality
|
Core
|
Layout: Text and Fon
|
smontagu
|
RESO
|
FIXE
|
2014-07-24
|
| 816253
|
|
Heap-use-after-free in nsINode::GetBoolFlag
|
Core
|
Layout: Text and Fon
|
smontagu
|
RESO
|
FIXE
|
2014-07-24
|
| 818454
|
|
Out of Bounds Read in SelectionIterator::GetNextSegment
|
Core
|
Layout: Text and Fon
|
smontagu
|
RESO
|
FIXE
|
2014-11-20
|
| 819014
|
|
Use-after-free in nsINode::GetBoolFlag
|
Core
|
Layout: Text and Fon
|
smontagu
|
RESO
|
FIXE
|
2014-07-24
|
| 826163
|
|
Out-of-bound read in gfxSkipCharsIterator::SetOffsets
|
Core
|
Layout: Text and Fon
|
smontagu
|
RESO
|
FIXE
|
2013-11-26
|
| 827190
|
|
Heap-use-after-free in mozilla::ResetDir
|
Core
|
Layout: Text and Fon
|
smontagu
|
RESO
|
FIXE
|
2014-07-24
|
| 830098
|
|
Heap-use-after-free in mozilla::WalkAncestorsResetAutoDirection
|
Core
|
Layout: Text and Fon
|
smontagu
|
RESO
|
FIXE
|
2013-11-26
|
| 831287
|
|
Heap-use-after-free in mozilla::WalkAncestorsResetAutoDirection
|
Core
|
Layout
|
smontagu
|
RESO
|
FIXE
|
2014-07-24
|
| 832644
|
|
Heap-use-after-free in mozilla::ResetDir
|
Core
|
Layout
|
smontagu
|
RESO
|
FIXE
|
2013-11-26
|
| 838489
|
|
Remaining dir=auto use after frees
|
Core
|
Layout: Text and Fon
|
smontagu
|
RESO
|
FIXE
|
2014-07-24
|
| 845093
|
|
Remaining dir=auto use after frees: the sequel
|
Core
|
Layout: Text and Fon
|
smontagu
|
RESO
|
FIXE
|
2014-07-24
|
| 849727
|
|
Heap-use-after-free in mozilla::ResetDir
|
Core
|
Layout: Text and Fon
|
smontagu
|
RESO
|
FIXE
|
2016-12-01
|
| 849732
|
|
Heap-use-after-free in mozilla::WalkAncestorsResetAutoDirection
|
Core
|
Layout: Text and Fon
|
smontagu
|
RESO
|
FIXE
|
2016-12-01
|
| 859014
|
|
Remaining dir=auto issues (1): Heap-use-after-free in mozilla::ResetDir
|
Core
|
Layout: Text and Fon
|
smontagu
|
RESO
|
FIXE
|
2014-07-24
|
| 859016
|
|
Remaining dir=auto issues (2): Heap-use-after-free in mozilla::WalkAncestorsResetAutoDirection
|
Core
|
Layout: Text and Fon
|
smontagu
|
RESO
|
FIXE
|
2014-07-24
|
| 876155
|
|
Heap-use-after-free in mozilla::ResetDir
|
Core
|
Layout: Text and Fon
|
smontagu
|
RESO
|
FIXE
|
2016-12-01
|
| 1120655
|
|
Make the analysis detect compartment iterator invalidation
|
Core
|
JavaScript: GC
|
sphink
|
RESO
|
FIXE
|
2016-07-02
|
| 874486
|
|
ASAN: Crashtest layout/xul/tree/crashtests/409807-1.xul triggers error
|
Core
|
XUL
|
spohl.mozilla.bugs
|
RESO
|
FIXE
|
2014-05-05
|
| 827426
|
|
ASan: Out-of-bounds read [@ LossyConvertEncoding8to16::write_sse2] with test_undoManager.html
|
Core
|
DOM: Core & HTML
|
william
|
RESO
|
FIXE
|
2013-11-25
|
| 1135534
|
|
Heap-use-after-free in UnlockEnumerator
|
Core
|
CSS Parsing and Comp
|
xidorn+moz
|
RESO
|
FIXE
|
2017-03-29
|
| 1141919
|
|
Heap-use-after-free in UnhookTextRunFromFrames
|
Core
|
Layout: Text and Fon
|
xidorn+moz
|
RESO
|
FIXE
|
2017-03-29
|
| 1143535
|
|
Stack-buffer-overflow in nsCSSFrameConstructor::InterpretRubyWhitespace
|
Core
|
Layout
|
xidorn+moz
|
RESO
|
FIXE
|
2017-03-29
|
| 792811
|
|
Crash in ASan-ized unit tests in ssl_ConfigSecureServer
|
Core
|
WebRTC: Networking
|
ekr
|
VERI
|
FIXE
|
2013-04-18
|
| 828147
|
|
WebRTC use-after-free crash [@nr_ice_candidate_pair_set_state]
|
Core
|
WebRTC: Networking
|
jib
|
VERI
|
FIXE
|
2013-11-25
|
| 771873
|
|
Heap-use-after-free in RangeData::~RangeData
|
Core
|
DOM: Selection
|
ayg
|
VERI
|
FIXE
|
2016-12-01
|
| 771994
|
|
Heap-use-after-free in nsRangeUpdater::SelAdjDeleteNode
|
Core
|
DOM: Editor
|
ayg
|
VERI
|
FIXE
|
2016-12-01
|
| 778428
|
|
Heap-use-after-free in nsHTMLEditor::CollapseAdjacentTextNodes
|
Core
|
DOM: Editor
|
ayg
|
VERI
|
FIXE
|
2016-12-01
|
| 861841
|
|
Assertion failure: !done(), at ../jsscript.h:1045 or Use-after-free [@ js::BindingIter::operator->()] or Crash [@ getSlotAddressUnchecked]
|
Core
|
JavaScript Engine
|
bhackett1024
|
VERI
|
FIXE
|
2014-05-05
|
| 882897
|
|
ASAN use-after-free in JS_GetGlobalForScopeChain
|
Core
|
DOM: Core & HTML
|
bholley
|
VERI
|
FIXE
|
2019-03-13
|
| 720103
|
|
ASAN: heap-use-after-free READ of size 8 at nsSMILTimeValueSpec::ConvertBetweenTimeContainers
|
Core
|
SVG
|
brian
|
VERI
|
FIXE
|
2017-05-09
|
| 928798
|
|
Heap-buffer-overflow in nsSVGTextFrame2::ResolvePositions
|
Core
|
SVG
|
cam
|
VERI
|
FIXE
|
2015-02-25
|
| 1046534
|
|
Heap-use-after-free in mozilla::css::SheetLoadData::ScheduleLoadEventIfNeeded
|
Core
|
CSS Parsing and Comp
|
cam
|
VERI
|
FIXE
|
2015-05-07
|
| 728674
|
|
Use-after-free [@ js::mjit::Compiler::bytecodeInChunk]
|
Core
|
JavaScript Engine
|
choller
|
VERI
|
FIXE
|
2017-05-09
|
| 749860
|
|
Heap-use-after-free in nsBorderColors
|
Core
|
CSS Parsing and Comp
|
dbaron
|
VERI
|
FIXE
|
2017-05-09
|
| 765218
|
|
Out of bounds read in ElementAnimations::EnsureStyleRuleFor
|
Core
|
CSS Parsing and Comp
|
dbaron
|
VERI
|
FIXE
|
2012-07-20
|
| 734288
|
|
ASAN: Heap-buffer-overflow WRITE of size 1 at nsSVGFEDiffuseLightingElement::LightPixel
|
Core
|
SVG
|
dholbert
|
VERI
|
FIXE
|
2014-06-27
|
| 760996
|
|
Heap-use-after-free in nsTArray_base<nsTArrayDefaultAllocator>::Length()
|
Core
|
SVG
|
dholbert
|
VERI
|
FIXE
|
2016-12-01
|
| 786111
|
|
Heap-use-after-free in nsSMILAnimationController::DoSample
|
Core
|
SVG
|
dholbert
|
VERI
|
FIXE
|
2016-12-01
|
| 1000185
|
|
ASAN heap-use-after-free in RefreshDriverTimer::TickDriver
|
Core
|
SVG
|
dholbert
|
VERI
|
FIXE
|
2015-08-30
|
| 951354
|
|
ASan: Crash with heap-use-after-free when running xpcshell test getHSTSPreloadList.js
|
Core
|
Security: PSM
|
dkeeler
|
VERI
|
FIXE
|
2015-02-25
|
| 1224100
|
|
"Conditional jump or move depends on uninitialised value(s)" at imgFrame::Optimize
|
Core
|
Graphics: ImageLib
|
edwin.bugs
|
VERI
|
FIXE
|
2016-07-02
|
| 750146
|
|
Heap-use-after-free in RestoreSelectionState::Run
|
Core
|
DOM: Core & HTML
|
ehsan.akhgari
|
VERI
|
FIXE
|
2017-05-09
|
| 874952
|
|
Heap-buffer-overflow in nsTArray_Impl<mozilla::AudioChunk, nsTArrayInfallibleAllocator>::ElementAt
|
Core
|
Web Audio
|
ehsan.akhgari
|
VERI
|
FIXE
|
2014-07-24
|
| 750327
|
|
Opus crash invalid write [@quant_band]
|
Core
|
Audio/Video
|
giles
|
VERI
|
FIXE
|
2012-09-23
|
| 957452
|
|
MediaRecorder: use-after-free crash [@mozilla::dom::MediaRecorder::Session::GetEncodedData]
|
Core
|
Audio/Video: Recordi
|
globelinmoz
|
VERI
|
FIXE
|
2015-08-30
|
| 937582
|
|
nsPrefetchNode use-after-free
|
Core
|
Networking
|
honzab.moz
|
VERI
|
FIXE
|
2015-02-25
|
| 886266
|
|
Stack out-of-bounds read [@ js::ion::IonFrameIterator::prevType]
|
Core
|
JavaScript Engine
|
hv1989
|
VERI
|
FIXE
|
2014-05-05
|
| 765179
|
|
WebGL crash when empty string is passed to getUniformLocation, getAttribLocation or bindAttribLocation [@mozilla::WebGLProgram::MapIdentifier]
|
Core
|
Graphics: CanvasWebG
|
jacob.benoit.1
|
VERI
|
FIXE
|
2012-07-20
|
| 777028
|
|
stack scribbling with 4-byte values choosable among a few values, when using more than 16 sampler uniforms, on Mesa, with all drivers
|
Core
|
Graphics: CanvasWebG
|
jacob.benoit.1
|
VERI
|
FIXE
|
2019-12-27
|
| 785734
|
|
Mesa crashes on certain texImage2D calls involving level>0
|
Core
|
Graphics: CanvasWebG
|
jacob.benoit.1
|
VERI
|
FIXE
|
2014-07-24
|
| 752176
|
|
out-of-bounds read at nsFontVariantTextRunFactory::RebuildTextRun
|
Core
|
Layout: Text and Fon
|
jfkthame
|
VERI
|
FIXE
|
2012-09-23
|
| 752662
|
|
Graphite 2 use-after-free crash
|
Core
|
Graphics
|
jfkthame
|
VERI
|
FIXE
|
2016-12-01
|
| 753230
|
|
Graphite 2 crash [@graphite2::Silf::readClassMap]
|
Core
|
Graphics
|
jfkthame
|
VERI
|
FIXE
|
2012-10-25
|
| 753623
|
|
Graphite 2 crash [@graphite2::Pass::readPass]
|
Core
|
Graphics
|
jfkthame
|
VERI
|
FIXE
|
2012-10-25
|
| 769303
|
|
Heap-use-after-free in gfxTextRun::CanBreakLineBefore
|
Core
|
Layout: Text and Fon
|
jfkthame
|
VERI
|
FIXE
|
2016-12-01
|
| 758200
|
|
ASAN: Heap-buffer-overflow at image::RasterImage::DrawFrameTo
|
Core
|
Graphics: ImageLib
|
joe
|
VERI
|
FIXE
|
2014-07-02
|
| 789046
|
|
gif with wrong block length crashes asan
|
Core
|
Graphics: ImageLib
|
joe
|
VERI
|
FIXE
|
2016-08-15
|
| 748365
|
|
READ near NULL while parsing XPath in a XSLT style-sheet
|
Core
|
XSLT
|
john
|
VERI
|
FIXE
|
2012-10-25
|
| 779025
|
|
jit-test/tests/collections/Map-iterator-add-remove.js causes AddressSanitizer heap-use-after-free
|
Core
|
JavaScript Engine
|
jorendorff
|
VERI
|
FIXE
|
2020-02-28
|
| 759802
|
|
Null-pointer execution/null out of bounds write at libjpeg/jdmarker.c
|
Core
|
Graphics
|
justin.lebar+bug
|
VERI
|
FIXE
|
2014-07-02
|
| 782141
|
|
Heap-buffer-overflow in nsSVGFEMorphologyElement::Filter
|
Core
|
SVG
|
jwatt
|
VERI
|
FIXE
|
2016-12-01
|
| 738985
|
|
heap-use-after-free at mozilla::dom::indexedDB::IDBKeyRange::cycleCollection::Trace
|
Core
|
Storage: IndexedDB
|
khuey
|
VERI
|
FIXE
|
2017-05-09
|
| 835814
|
|
Heap-use-after-free in nsAsyncDOMEvent::Run
|
Core
|
DOM: Core & HTML
|
khuey
|
VERI
|
FIXE
|
2019-03-13
|
| 936327
|
|
Heap-use-after-free in mozilla::dom::workers::WorkerPrivate::RunExpiredTimeouts
|
Core
|
DOM: Workers
|
khuey
|
VERI
|
FIXE
|
2014-07-24
|
| 785967
|
|
Heap-buffer-overflow in nsWaveReader::DecodeAudioData
|
Core
|
Audio/Video
|
kinetik
|
VERI
|
FIXE
|
2016-12-01
|
| 812161
|
|
Out of bounds read in nsSVGPathElement::GetPathLengthScale
|
Core
|
SVG
|
longsonr
|
VERI
|
FIXE
|
2014-07-24
|
| 747688
|
|
Heap-use-after-free in nsFrameList::FirstChild
|
Core
|
Layout
|
MatsPalmgren_bugz
|
VERI
|
FIXE
|
2016-12-01
|
| 750066
|
|
Out of bounds read in nsHTMLReflowState::CalculateHypotheticalBox, with nested multi-column, relative position, and absolute position
|
Core
|
Layout: Block and In
|
MatsPalmgren_bugz
|
VERI
|
FIXE
|
2014-06-27
|
| 756241
|
|
Heap-use-after-free READ 8 in gfxTextRun::GetUserData
|
Core
|
Layout: Text and Fon
|
MatsPalmgren_bugz
|
VERI
|
FIXE
|
2016-12-01
|
| 769120
|
|
Bad iterator in text runs
|
Core
|
Layout: Text and Fon
|
MatsPalmgren_bugz
|
VERI
|
FIXE
|
2014-07-24
|
| 871099
|
|
Heap-use-after-free in nsIDocument::GetRootElement
|
Core
|
DOM: Core & HTML
|
MatsPalmgren_bugz
|
VERI
|
FIXE
|
2019-03-13
|
| 969756
|
|
Heap-buffer-overflow in AppendValueToString
|
Core
|
CSS Parsing and Comp
|
MatsPalmgren_bugz
|
VERI
|
FIXE
|
2015-02-25
|
| 840480
|
|
use-after-poison in nsIFrame::Properties()
|
Core
|
Layout
|
matt.woodrow
|
VERI
|
FIXE
|
2014-07-18
|
| 914966
|
|
Heap-buffer-overflow in nsPNGEncoder::ConvertHostARGBRow
|
Core
|
Graphics: ImageLib
|
milaninbugzilla
|
VERI
|
FIXE
|
2015-02-25
|
| 888728
|
|
Out of bounds read-2 in BuildTextRunsScanner::ScanFrame
|
Core
|
Layout: Text and Fon
|
mrbkap
|
VERI
|
DUPL
|
2013-11-25
|
| 944579
|
|
heap-buffer-overflow in mozilla::gfx::FilterProcessing::ApplyMorphologyHorizontal_SSE2
|
Core
|
Graphics
|
mstange.moz
|
VERI
|
FIXE
|
2016-12-01
|
| 746577
|
|
ASAN: Opus crash [@nsNativeAudioStream::Write]
|
Core
|
Audio/Video
|
nobody
|
VERI
|
FIXE
|
2012-06-14
|
| 760664
|
|
Opus crash illegal instruction [@ec_dec_normalize]
|
Core
|
Audio/Video
|
nobody
|
VERI
|
FIXE
|
2016-06-04
|
| 760754
|
|
Opus crash illegal instruction [@bits2pulses]
|
Core
|
Audio/Video
|
nobody
|
VERI
|
FIXE
|
2016-06-04
|
| 760814
|
|
Opus crash illegal instruction [@ncwrs_urow]
|
Core
|
Audio/Video
|
nobody
|
VERI
|
FIXE
|
2016-06-04
|
| 760846
|
|
Opus crash illegal instruction [@ec_decode]
|
Core
|
Audio/Video
|
nobody
|
VERI
|
FIXE
|
2016-06-04
|
| 795165
|
|
Assertion failure: (ptrBits & 0x7) == 0, at ../../jsval.h:708 or Crash [@ js::ParallelArrayObject::toStringBufferImpl]
|
Core
|
JavaScript Engine
|
shu
|
VERI
|
FIXE
|
2013-01-10
|
| 750109
|
|
Use-after-free in nsINode::ReplaceOrInsertBefore
|
Core
|
DOM: Core & HTML
|
smaug
|
VERI
|
FIXE
|
2019-03-13
|
| 765139
|
|
Heap-use-after-free in nsDocument::AdoptNode
|
Core
|
DOM: Core & HTML
|
smaug
|
VERI
|
FIXE
|
2019-03-13
|
| 787493
|
|
Crash with ASSERTION: insPos too small
|
Core
|
DOM: Core & HTML
|
smaug
|
VERI
|
FIXE
|
2014-07-24
|
| 987140
|
|
ASAN heap-use-after-free in nsGenericHTMLElement::GetWidthHeightForImage
|
Core
|
DOM: Core & HTML
|
smaug
|
VERI
|
FIXE
|
2015-08-30
|
| 819623
|
|
Heap-use-after-free in mozilla::WalkDescendantsSetDirectionFromText
|
Core
|
Layout: Text and Fon
|
smontagu
|
VERI
|
FIXE
|
2014-07-24
|
| 824719
|
|
Heap-use-after-free in nsINode::GetBoolFlag
|
Core
|
Layout: Text and Fon
|
smontagu
|
VERI
|
FIXE
|
2013-11-25
|
| 989994
|
|
out of bounds read in PropertyProvider::FindJustificationRange
|
Core
|
Layout: Text and Fon
|
smontagu
|
VERI
|
FIXE
|
2018-07-02
|
| 750231
|
|
Opus crash illegal instruction [@quant_band]
|
Core
|
Audio/Video
|
tterribe
|
VERI
|
FIXE
|
2012-06-21
|
| 746855
|
|
[ASan] READ heap-buffer-overflow in format-number()
|
Core
|
XSLT
|
william
|
VERI
|
FIXE
|
2012-10-10
|
| 888820
|
|
Heap-buffer-overflow READ in nsHtml5TreeBuilder::resetTheInsertionMode()
|
Core
|
DOM: HTML Parser
|
william
|
VERI
|
FIXE
|
2014-11-19
|