project issue bugzilla form? fix(es) inducer(s) memory safety valid count notes css 827591 da1c0a3d9e951b3a5f4cfa9f763304014958524d 6adcd0523ceceff6b609201bcfa44cac3ef920fb 1 1 css 955913 f46f8c14366bbcf507bd3656fe1c9fe73249dfeb a8cf86e4b78c83844db3af3982a3df662c0327c0 1 1 css 1025267 7b5cb65169005f6967ac39b64b58534e2ece6ba7 4db79cc0f9d8e38b30c8d00238baf53da67b0e36 0 no VCC predates security bug tracking css 1041512 yes 9e08b4d2488e4b86959c18645643f830a0e0ad60 8174f98f222d09734a870a7797e7a434afac9372 1 no VCC was introduced in a file that was not deleted as part of oxidation, and was later moved to a file that was css 1077687 yes 1aceb17cf63a9b317abb3310d5d276471e4bb392 c011970f03885bda3ab81cf5af35201b56b3f406 1 1 css 1092363 yes 301463dc2087ffeb3a76d9c34f906b5945acf4b6 99097814d60268b4e707abb46b501cb3d1a501ed 1 1 css 1127198 yes 635933d3f87fa2b076eace741e4df207c41f6043 a60c564803f80b1f456ad6cd7014723a5a3914d7 1 1 css 1146101 yes 5ed02337c87c3d07c7f4b8dc6c20b23560deb8f5 99097814d60268b4e707abb46b501cb3d1a501ed 1 1 css 1181011 3585bedd89bc8a96ce921b76990d3e5a4ed313be 225f3dd70d8a89a1d87ea8a631e6c859fb17457b 1 1 css 1230639 yes 8eff629f46edf8095e4abe17d0e4ae6458fb4c5e 82ee685e15e57711c652bb1682a71330741707b3 1 1 css 1353312 yes db8e759c6654a09aa851384768d580fb632b7274 a1dea9b4fc8568e83db4fc71132be54ea227e272 1 1 cubeb-macos 1614971 210f8ccbc5968c5765699020746bf42fecff8548 b2ea3d02939d7951a9c1bb788f1c5763b9cdbdfb 1 1 fix is from version import even though macos portion of C++ was already unused by then (see Rust analysis) japanese-encoding 780979 c987a78b883b2fc328b5113e7bde64ec95473f2 4322faf5044b966380fab44fad57801264b72345 1 no VCC predates security bug tracking japanese-encoding 801330 a1592dc47c8e72c30103ad21d72f45a79c628e5d 4322faf5044b966380fab44fad57801264b72345 1 no VCC predates security bug tracking hyphenation 1390550 bd606d11904d4c62fe4cac0a80da0df9e8f4a2d1 62ced97631409332ffe5a5b9b32794316f141a9b 1 1 upstream commit is 5a60cb75a9dd9034331df216c2d3f59e1a08fc9a hyphenation 1448771 9ff23d9c3af0e58b2b16fca7b3c04642ebee9f2a 62ced97631409332ffe5a5b9b32794316f141a9b 1 1 upstream commit is 5a60cb75a9dd9034331df216c2d3f59e1a08fc9a layers 793065 ed5ba29431970bbbc6ee0184f4a03f145769c598 368f4de891c58dae46a25de9c8e789a20c868fcc 1 no VCC predates security bug tracking layers 963974 fc6b63874da4a24440d6fad4f8c6314545255e83 6c5bb2cc06966fa16bc180c45f4f07169ccb2011 1 1 layers 1072877 yes (incorrect for our purposes) e381d1456da7626ee710e73a081964ec7a47fddd d301df5d459b7ccec7c5fd99149b3645aa667a2a 1 1 layers 1074280 yes 391dd9ad59b71afa76919f80b8f8a019318e2e45 b951f3597d034341473c2b17df3e7dea68d2c5b9 1 no VCC predates security bug tracking layers 1082986 yes 11b001307a623cd4222e65a387b8aa9055546cfa 41fa2ab6fd1e8df907fff0905078c11efa81e4b1 1 1 layers 1107009 421e78dd674dccca2009fde198722dd9459816f7 2949a9f18bd68bf06170da90821b61b5ad5bf5f5 1 1 VCC is a best guess (it added the code that should only be called from the main thread and that was causing the bug but it is unclear if the other threads started using it immediately or in some later commit). In any case the commit could have prevented or detected the bug via assertions. layers 1122722 yes bad8bf235d06b3592a6b858afcb1ddea67ee5932 8baed26d9b7b9f02fa63ec3c0397b8da4ed99141 0 1 layers 1167356 101316199629532508a83c130893c1e88c8a9c40 b605651fddd381523feaa11bef0026d3da6d3b96,fdb4be9e33f50503d3a75ea815f99528da32a5bf 1 yes,no 1 actually fixes a good-sized list of vulnerabilities all of the same form (forgetting to check the return value of a Map method before using memory it was responsible for allocating). Two VCCs are for the files removed by Oxidation. layers 1191463 991ab71c3494c5d2b22700ede3e96212f74487b5 6624d1aefe3368807d498df3759c2a2a0b1d2588 1 1 layers 1283826 yes 85a734ff8d13149a6b1468e6162d0a4075d02bec 733dca91239848758542adf4489bb06172efe7f4 1 1 layers 1307458 yes 2df50d5706d74b5601b2ec6a234bfdd074ad2e39 5b3ab326b6956c181338a1b39c3e6f9a17d24d13 1 1 layers 1363280 yes 9825a21a174d8cf9aba12d911c209bee8e57ece8 afdf8e01dd69dc75c88acebafd773508f97f91e4 1 1 layers 1369560 yes 9df1db2e879a1b8d8496bd03dea15a064274beb8 95a17ea52c6c4d614adf2aebf4dc4d873b52c897 0 1 layers 1382829 33346c4c1b93009ae9c2a7f6e2620041fd14ec65 6376e2c6bb8b771dd6513156d84ac13b0f15c7f0 1 1 layers 1387659 yes 9ec076488969b9083ed934904aac753a99691b71 504484a45696d5d089e3781af3e4595295be9eda 1 1 layers 1388020 yes 679c14a9c452896516541efaf20bcacbfee07ea9 8592c4c12d6d5a87c5e14e0268ca5e78af2291e0 1 1 layers 1395138 7417b9b0d4140286cbf485b6ac010f7db95b940f 4f8f5212b2407a12a4611eb1711ce5d57799faa4 1 1 Mozilla never identified cause but this seems like the most likely origin even if something else ultimately exposed it layers 1452375 yes fc530ca3167058f975212a75c0524f50d0321f24 a5fc6a819fb89b6b587fc92d82f592eef3dc5bd5 1 1 layers 1496413 yes d511b3b696392984359ae7957a8ed1ac1388eef9 7e8f4657993e913c8ed6707db170142d51e2b289 1 1 layers 1538736 546c396de9a999d1994fb861fb08dee2e47bb0e0 1a997e96bc34f00d04e7f42fdb8dd7d9f80bd471 1 1 Actual cause never established but this introduced the code that could have prevented it layers 1613009 4795d60bd927118475ecae0a5db8c6002c4f3317 8f2c88cbf670912edcd70596f387e941cdc434c1 1 1 qcms 761014 5885617fc0ee6e15cb15192c77febd69e27e3cb8 e6e07e47b00c0c7765c0c5a1f4b6e1001a55d70f 1 no Fixed via 764181 to avoid attention on vuln, VCC predates security bug tracking qcms 839621 8dbfb840d9a2410455b61688d5c5067a8ece17e4 d60517eb9d826a54b80d6d7d25022bae0585e24e 1 no qcms 969226 8fcbd56508d6fd1c37add850d4f5728a7ec73a5a 52c97edf1ed8b51f5cac4b2e7d824cd7e5f29c0a 1 no Not actually exploitable qcms 1132467 509337a1a0b16cbc5c364ed6b5b2b596b0d1c728 52c97edf1ed8b51f5cac4b2e7d824cd7e5f29c0a 1 no qcms 1132468 27b42e9142414650884354d0087070c6220d8718 e6e07e47b00c0c7765c0c5a1f4b6e1001a55d70f,52c97edf1ed8b51f5cac4b2e7d824cd7e5f29c0a 1 no,no multiple vulns over two commits qcms 1166252 58bb8fc72f9e3021efd9874d39dcf63d27a1afb1 52c97edf1ed8b51f5cac4b2e7d824cd7e5f29c0a 1 no qcms 1464039 fdf1d9bbb2518dc4f17d79d0d10b48b33ab3376d e6e07e47b00c0c7765c0c5a1f4b6e1001a55d70f 1 no This could arguably be blamed on 58bb8fc72f9e3021efd9874d39dcf63d27a1afb1 since it attempted to address this problem and failed to do so completely. The fix commit should also be 7b8229b86bb69152d6720a8df02cc614691eb89c which was added because the initial fix turned valid execution paths into crashes. stagefright 1048517 6a71a89b014d84d884ec79176318588797412bb9 7aa64494dfef6c6b9967f500885e30a03b74c48a 1 1 stagefright 1144107 yes 03d7a25152938863695b54f317cc8fb7bc34ca09 7aa64494dfef6c6b9967f500885e30a03b74c48a 0 1 Actually 3 potential vulns in one part of the code stagefright 1144107 yes 76090b241e15eca718438c73930229594ad6830f f156664cf8f5e355339f39d6e1e64fdb9cae4e91 0 1 stagefright 1144107 yes 95bf127594a4b581fa3d3cd510c06b4b76da85f0 ba9a83adedce80e906f183c317455ba242487417 0 1 stagefright 1149605 yes d51ead79d52511af0e2bb1cb164e5785e6ee5302 7aa64494dfef6c6b9967f500885e30a03b74c48a 1 1 stagefright 1154672 0e46a78213c30262d81ddef4777460d1ebf1b317 7aa64494dfef6c6b9967f500885e30a03b74c48a 1 1 stagefright 1154683 yes 0e46a78213c30262d81ddef4777460d1ebf1b317 7aa64494dfef6c6b9967f500885e30a03b74c48a 1 1 stagefright 1158568 yes (incorrect for our purposes) aa8f8fc0d2151d8fc7bf49573fbb583e655d16d6 7aa64494dfef6c6b9967f500885e30a03b74c48a 1 1 stagefright 1184871 89e5d96fae85abb21170de8456a887650ebce673 7aa64494dfef6c6b9967f500885e30a03b74c48a 1 1 stagefright 1185115 yes fdad9271bf2eab01ef92e344307d0e7583c236c4 469e420982a31ef9d9d33acbf80871ca5dab5692,7aa64494dfef6c6b9967f500885e30a03b74c48a 1 2 many vulns but we’ll count as two stagefright 1186715 03b4683f2cbf360e9f6071ba49a71a8df5f712b2 7aa64494dfef6c6b9967f500885e30a03b74c48a 1 1 actual cause never established (just a guess) stagefright 1186718 yes 89e5d96fae85abb21170de8456a887650ebce673 7aa64494dfef6c6b9967f500885e30a03b74c48a 1 1 stagefright 1204580 1fe648369985406d4fc84ae864cc08796d4c2a4f d66cd54dfd76e11e6be7fd610a02be30345af212 0 1 stagefright 1216748 11139b4935301dfa24e779b1ae4bd000409957aa 7aa64494dfef6c6b9967f500885e30a03b74c48a 1 1 stagefright 1227052 ed2eee2066b0cf9f9ef980ca05e41dd61493965f 7aa64494dfef6c6b9967f500885e30a03b74c48a 1 1 not exploitable in ff but abstractly a security bug stagefright 1254721 yes c2467e583e0d638d1ede5fe88f1a2bfd73f303ee a0d1bf988dc1fc47631c884edd810f5d8ad2c5b8 1 1 uconv 415491 decd558ea256f528f4d3a07d32f10d024c4307a6 44c2409acd437d71e60896c61289a7960db69a39 no VCC predates security bug tracking uconv 814254 51efa01fca4e1c8cd7a6a603950b2e84f24af8a2 c912fce892fd377511d8d77c8fbca6e3a331da17 no VCC predates security bug tracking uconv 1170794 45578e03fa30c4d604c6e78786d02ee32f5e7873 99011ec3ca19e2e3b16e08bb9e6fa572e597a2b6,f6972dcca3d6551ec2e4892cf86bf33db19dce09,9997d13b08d84383be2f58b91c3492660ce2e304,5b4bb14a66a24e433c5a5695ce27710cbb1070c9 no multiple vulns of same form (int overflow) fixed in one patch, VCC predates security bug tracking uconv 1255863 9696b4bdf60c24bd552387e123fd0ac8965f1461 d58e92eb5da3013cdcb77b441312ed3b8e60274f no VCC predates security bug tracking uconv 1336836 26a8c610e53b2f116de8205c701c2a2a90788857 5e143ef9ca98972e12e5a07cd755c0a8b0a15581 1 1