1669945 - Sanitizer bypass if the sanitized markup is assigned to srcdoc
I've found a bug in Firefox sanitizer that can be exploited if the result of sanitizeToString is used in a sink that doesn't parse the HTML using fragment parsing algorithm (examples being: iframe.srcdoc, data:text/html,markup etc.) Proof of concept Here's the proof-of-concept: <iframe id=ifr></iframe> <script> const bypass = `<svg><font color><title><u rel="</title><img src onerror=alert(document
1567114 - MITM on all HTTPS traffic in Kazakhstan
User Agent: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0 Steps to reproduce: Since today all Internet providers in Kazakhstan started MITM on all encrypted HTTPS traffic. They asked end-users to install government-issued certificate authority on all devices in every browser: http://qca.kz/ Actual results: MITM attack: https://i.imgur.com/rFEjXKw.jpg Message from Int
1215061 - [META] Better keyboard shortcut support
Another Vimperator-like extension is VimFx[1]. (I'm the main developer of VimFx.) The idea of VimFx is to provide the vanilla Firefox experience, with a bunch of Vim-like keyboard shortcuts on top. The biggest problems with chrome.commands for both extensions are: 1. chrome.commands only support keyboard shortcuts with modifiers (ctrl, alt, ctrl+alt), while Vimperator’s and VimFx’s shortcuts are m
![1215061 - [META] Better keyboard shortcut support](https://cdn-ak-scissors.b.st-hatena.com/image/square/94e68033a33a368f97324bf314b4b8b9099309f2/height=288;version=1;width=512/https%3A%2F%2Fbugzilla.mozilla.org%2Fextensions%2FOpenGraph%2Fweb%2Fmoz-social-bw-rgb-1200x1200.png)
1338004 - [meta] Headless browsing mode
For bugs in Firefox Desktop, the Mozilla Foundation's web browser. For Firefox user interface issues in menus, bookmarks, location bar, and preferences. Many Firefox bugs will either be filed here or in the Core product. Bugs for developer tools (F12) should be filed in the DevTools product. (more info)
1340934 - (flash-async-drawing) Re-enable Flash async drawing
Bugs in core Mozilla code that supports registering and using plug-ins. For bugs in specific plugins, please file those bugs under External Software Affecting Firefox.
リリース、障害情報などのサービスのお知らせ
最新の人気エントリーの配信
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
1750143 - Implement navigator.userAgentData
1342741 - (Menlo) Use Menlo as the default monospace font on macOS
1679929 - Cap the User-Agent string's reported macOS version at 10.15
1492002 - Permission denied, With Web Components in Firefox Extension Content Scripts
1512386 - Case-sensitive attribute selectors (from Selectors level 4)
1492036 - Considering implementing the Reporting API
1434137 - Implement websockets over http/2
1472540 - (FastBlock) [meta] FastBlock MVP
1460069 - enable Shadow DOM in Nightly
1428002 - Enable <script type="module"> in nightly builds
568953 - (harmony:modules) [meta] ES6 modules
792108 - Use a class flag to allow objects of that class to act like |undefined| in the == and ToBoolean contexts, and remove JSRESOLVE_DETECTING
1222633 - Add support for <link rel=preload>
1342060 - wasm: enable by default
471020 - Add X-Content-Type-Options: nosniff support to Firefox