Issues - project-zero - Project Zero

ListGrid

1 - 56 of 56

ID ▼	Type ▼	Status ▼	Priority ▼	Milestone ▼	Owner ▼	Summary + Labels ▼
445	----	WontFix	----	----	cevans@google.com	Placeholder: PoC for high-entropy ASLR bypass via MemoryProtector CCProjectZeroMembers
994	----	Fixed	----	----	ifratric@google.com	Google Chrome: Type confusion in HTMLKeygenElement::shadowSelect() CCProjectZeroMembers
999	----	Fixed	----	----	ifratric@google.com	Apple WebKit: Type confusion in HTMLKeygenElement CCProjectZeroMembers
1011	----	Fixed	----	----	ifratric@google.com	Microsoft Edge and IE: Type confusion in HandleColumnBreakOnColumnSpanningElement CCProjectZeroMembers
1024	----	Fixed	----	----	ifratric@google.com	Google Chrome: out-of-bound read in layout CCProjectZeroMembers
1038	----	Fixed	----	----	ifratric@google.com	Apple WebKit: Type confusion in RenderBox with accessibility enabled CCProjectZeroMembers
1044	----	Fixed	----	----	ifratric@google.com	Apple WebKit: HTMLFormElement::reset() use-after free. CCProjectZeroMembers
1076	----	Fixed	----	----	ifratric@google.com	Microsoft IE: textarea.defaultValue memory disclosure CCProjectZeroMembers
1080	----	Fixed	----	----	ifratric@google.com	WebKit: HTMLInputElement use-after-free CCProjectZeroMembers
1082	----	Fixed	----	----	ifratric@google.com	WebKit: use-after-free in RenderLayer CCProjectZeroMembers
1087	----	Fixed	----	----	ifratric@google.com	WebKit: Negative-size memmove in HTMLFormElement CCProjectZeroMembers
1090	----	Fixed	----	----	ifratric@google.com	WebKit: use-after-free in FormSubmission::create CCProjectZeroMembers
1097	----	Fixed	----	----	ifratric@google.com	WebKit: ComposedTreeIterator::traverseNextInShadowTree use-after-free CCProjectZeroMembers
1105	----	Fixed	----	----	ifratric@google.com	WebKit: table use-after-free CCProjectZeroMembers
1106	----	Duplicate	----	----	ifratric@google.com	WebKit: RenderMultiColumnFlowThread use-after-free CCProjectZeroMembers
1113	----	Duplicate	----	----	ifratric@google.com	WebKit: RenderStyle::NonInheritedFlags::getValue use-after-free CCProjectZeroMembers
1114	----	Fixed	----	----	ifratric@google.com	WebKit: WebCore::toJS use-after-free CCProjectZeroMembers
1118	----	Fixed	----	----	ifratric@google.com	Microsoft IE: Memory corruption in CStyleSheetArray::BuildListOfMatchedRules CCProjectZeroMembers
1130	----	Fixed	----	----	ifratric@google.com	Mozilla Firefox: table use-after-free CCProjectZeroMembers
1135	----	Invalid	----	----	ifratric@google.com	Mozilla Firefox: use-after-poison in nsStylePadding::GetPadding CCProjectZeroMembers
1155	----	Fixed	----	----	ifratric@google.com	Skia Graphics Library: heap overflow due to rounding error in SkEdge::setLine CCProjectZeroMembers
1160	----	Fixed	----	----	ifratric@google.com	Mozilla Firefox: out-of-bounds read in gfxTextRun CCProjectZeroMembers
1185	----	Fixed	----	----	ifratric@google.com	Mozilla Firefox: Memory disclosure in ConvolvePixel CCProjectZeroMembers
1233	----	Fixed	----	----	ifratric@google.com	Microsoft IE: Memory curruption in CMarkup::DestroySplayTree CCProjectZeroMembers
1237	----	Fixed	----	----	ifratric@google.com	Microsoft IE: Type confusion in VBScript arithmetic functions CCProjectZeroMembers
1241	----	Fixed	----	----	ifratric@google.com	WebKit: use-after-free in WebCore::Node::nextSibling CCProjectZeroMembers
1242	----	Fixed	----	----	ifratric@google.com	WebKit: use-after-free in WebCore::getCachedWrapper CCProjectZeroMembers
1243	----	Fixed	----	----	ifratric@google.com	WebKit: use-after-free in WebCore::Node::getFlag CCProjectZeroMembers
1244	----	Fixed	----	----	ifratric@google.com	WebKit: use-after-free in WebCore::InputType::element CCProjectZeroMembers
1245	----	Fixed	----	----	ifratric@google.com	WebKit: use-after-free in WebCore::AccessibilityRenderObject::handleAriaExpandedChanged CCProjectZeroMembers
1246	----	Fixed	----	----	ifratric@google.com	WebKit: use-after-free in WebCore::RenderObject with accessibility enabled CCProjectZeroMembers
1249	----	Fixed	----	----	ifratric@google.com	WebKit: use-after-free in WebCore::AccessibilityNodeObject::textUnderElement CCProjectZeroMembers
1250	----	Fixed	----	----	ifratric@google.com	WebKit: heap-buffer-overflow in WebCore::RenderSearchField::addSearchResult CCProjectZeroMembers
1254	----	Fixed	----	----	ifratric@google.com	Microsoft Edge: Type confusion in CssParser::RecordProperty CCProjectZeroMembers
1255	----	Fixed	----	----	ifratric@google.com	Microsoft Edge: textarea.defaultValue memory disclosure CCProjectZeroMembers
1264	----	Fixed	----	----	ifratric@google.com	Microsoft Edge: Out-of-bounds read in CInputDateTimeScrollerElement::_SelectValueInternal CCProjectZeroMembers
1284	----	Fixed	----	----	ifratric@google.com	Microsoft Chakra JIT server integer overflow in IRBuilder::Build CCProjectZeroMembers
1287	----	Fixed	----	----	ifratric@google.com	Microsoft Chakra JIT server out-of-bounds write when processing Js::OpCode::ProfiledLoopStart opcode CCProjectZeroMembers
1299	----	Fixed	----	----	ifratric@google.com	Microsoft Edge: ACG bypass using DuplicateHandle CCProjectZeroMembers
1301	----	Fixed	----	----	ifratric@google.com	Microsoft Edge: out-of-bounds read in COptionsCollectionCacheItem::GetAt CCProjectZeroMembers
1309	----	Fixed	----	----	ifratric@google.com	Microsoft Edge: Memory corruption with partial page loading CCProjectZeroMembers
1340	----	Fixed	----	----	ifratric@google.com	Microsoft IE11: use-after-free in jscript!JsErrorToString CCProjectZeroMembers
1344	----	Fixed	----	----	ifratric@google.com	WebKit: use-after-free in WebCore::TreeScope::documentScope CCProjectZeroMembers
1345	----	Fixed	----	----	ifratric@google.com	WebKit: use-after-free in WebCore::InputType::element CCProjectZeroMembers
1346	----	Fixed	----	----	ifratric@google.com	WebKit: use-after-free in WebCore::PositionIterator::decrement CCProjectZeroMembers
1347	----	Fixed	----	----	ifratric@google.com	WebKit: use-after-free in WebCore::AXObjectCache::performDeferredCacheUpdate CCProjectZeroMembers
1348	----	Fixed	----	----	ifratric@google.com	WebKit: out-of-bounds read in WebCore::RenderText::localCaretRect CCProjectZeroMembers
1349	----	Fixed	----	----	ifratric@google.com	WebKit: out-of-bounds read in WebCore::SimpleLineLayout::RunResolver::runForPoint CCProjectZeroMembers
1350	----	Fixed	----	----	ifratric@google.com	WebKit: out-of-bounds read in WebCore::SVGPatternElement::collectPatternAttributes CCProjectZeroMembers
1351	----	Fixed	----	----	ifratric@google.com	WebKit: use-after-free in WebCore::Style::TreeResolver::styleForElement CCProjectZeroMembers
1353	----	Fixed	----	----	ifratric@google.com	WebKit: use-after-free in WebCore::DocumentLoader::frameLoader CCProjectZeroMembers
1354	----	Fixed	----	----	ifratric@google.com	WebKit: use-after-free in WebCore::RenderObject::previousSibling CCProjectZeroMembers
1355	----	Fixed	----	----	ifratric@google.com	WebKit: use-after-free in WebCore::FormSubmission::create CCProjectZeroMembers
1360	----	WontFix	----	----	ifratric@google.com	Chakra: CFG bypass with leafInterpreterFrame CCProjectZeroMembers
1363	----	Fixed	----	----	ifratric@google.com	Chakra: CFG bypass due to a bug in ServerFreeAllocation CCProjectZeroMembers
1424	----	WontFix	----	----	ifratric@google.com	Chakra: CFG bypass by overwriting JavaScript bytecode CCProjectZeroMembers

1 - 56 of 56

Show columns:
♦ ID
♦ Type
♦ Status
♦ Priority
♦ Milestone
♦ Owner
♦ Summary
AllLabels
Attachments
Blocked
BlockedOn
Blocking
CVE
Cc
Closed
Component
ComponentModified
Deadline
Finder
MSRC
MergedInto
Methodology
Modified
OpSys
Opened
OwnerLastVisit
OwnerModified
Product
Project
Reported
Reporter
Severity
Stars
StatusModified
Vendor
Edit column spec...