| 1890954
|
|
Applocker is preventing instances of firefox even when whitelisted
|
Core
|
Security: Process Sa
|
bobowencode
|
UNCO
|
---
|
09:58:15
|
| 1657849
|
|
media plugin seccomp sandbox should allow __NR_sched_setscheduler
|
Core
|
Security: Process Sa
|
jld
|
UNCO
|
---
|
2024-03-11
|
| 1783163
|
|
Sandbox: attempt to open unexpected file /sys/devices/system/cpu/cpu0/cache/index2/size
|
Core
|
Security: Process Sa
|
jld
|
UNCO
|
---
|
2024-04-06
|
| 1889045
|
|
Update security/sandbox/* components to handle new syscalls
|
Core
|
Security: Process Sa
|
jld
|
UNCO
|
---
|
Mon 09:28
|
| 1673188
|
|
GTK theme parser in content processes violates seccomp sandbox
|
Core
|
Security: Process Sa
|
nobody
|
UNCO
|
---
|
2021-01-14
|
| 1434928
|
|
Getting Binary Symbols in Navbar, Bookmarks, and Menu Text
|
Core
|
Security: Process Sa
|
nobody
|
UNCO
|
---
|
2022-10-11
|
| 1505868
|
|
userContent.css not applied to webpages when chrome folder is a symlink
|
Core
|
Security: Process Sa
|
nobody
|
UNCO
|
---
|
2022-10-11
|
| 1749249
|
|
Diagnostics in child processes don't present (Windows)
|
Core
|
Security: Process Sa
|
nobody
|
UNCO
|
---
|
2023-07-19
|
| 1756236
|
|
Figure out how to chroot/use namespace isolation in flatpak
|
Core
|
Security: Process Sa
|
nobody
|
UNCO
|
---
|
2024-03-07
|
| 1782336
|
|
Use AppContainer (Low Box token) to remove network access in the sandbox
|
Core
|
Security: Process Sa
|
nobody
|
UNCO
|
---
|
2022-08-08
|
| 1797438
|
|
Firefox hang with seccomp enabled on OpenShift
|
Core
|
Security: Process Sa
|
nobody
|
UNCO
|
---
|
2022-11-03
|
| 1803754
|
|
Kubuntu 14.04 with self-built libraries: Log/console spam "failed to open /dev/dri/renderD1xx: Permission denied"
|
Core
|
Security: Process Sa
|
nobody
|
UNCO
|
---
|
2024-02-27
|
| 1808408
|
|
Add Guix driver paths for RDD Sandbox
|
Core
|
Security: Process Sa
|
nobody
|
UNCO
|
---
|
2023-01-12
|
| 1852930
|
|
Runaway process "plugin-container.app" is usurping system resources
|
Core
|
Security: Process Sa
|
nobody
|
UNCO
|
---
|
2023-12-04
|
| 1875622
|
|
Increase the number of content processes
|
GeckoView
|
Sandboxing
|
nobody
|
UNCO
|
---
|
2024-02-12
|
| 1601731
|
|
ctrl-c in a GDB session causes chroot server of sandbox of Linux dead.
|
Core
|
Security: Process Sa
|
nobody
|
UNCO
|
---
|
2022-10-11
|
| 1661214
|
|
Some html pages can't be rendered properly after recent update
|
Core
|
Security: Process Sa
|
nobody
|
UNCO
|
---
|
2020-09-23
|
| 1504554
|
|
[Mac] Remove access to launchservicesd from the content sandbox
|
Core
|
Security: Process Sa
|
haftandilian
|
NEW
|
---
|
2022-10-11
|
| 1749841
|
|
The sandbox rule for thread clocks should be limited to negative numbers
|
Core
|
Security: Process Sa
|
jld
|
NEW
|
---
|
2022-02-09
|
| 1884334
|
|
[gv-junit-nofis-ship] Timeouts in junit tests that use session history in parent
|
GeckoView
|
Sandboxing
|
kkaya
|
NEW
|
---
|
2024-03-08
|
| 1643174
|
|
Remove "whitelist" from sandboxing preferences
|
Core
|
Security: Process Sa
|
nobody
|
NEW
|
---
|
2020-06-05
|
| 1772857
|
|
Add telemetry for win32k lockdown being enabled in policy but not in process.
|
Core
|
Security: Process Sa
|
nobody
|
NEW
|
---
|
2022-06-16
|
| 1678232
|
|
Intermittent runner.py | application crashed [@ 0xffff9f011198bc90] | [@ NS_DebugBreak]
|
Core
|
Security: Process Sa
|
bobowencode
|
NEW
|
---
|
2023-03-09
|
| 1699637
|
|
Windows sandbox log stacktraces don't have useful symbols
|
Core
|
Security: Process Sa
|
bobowencode
|
NEW
|
---
|
2021-03-25
|
| 1790957
|
|
Crash in [@ gfxWindowsPlatform::EnsureDevicesInitialized]
|
Core
|
Security: Process Sa
|
bobowencode
|
NEW
|
---
|
2022-09-15
|
| 1884469
|
|
Crash in [@ __delayLoadHelper2 | <unknown in firefox.pdb>]
|
Core
|
Security: Process Sa
|
bobowencode
|
NEW
|
---
|
2024-03-18
|
| 1506198
|
|
Re-investigate per-content process tempdirs
|
Core
|
Security: Process Sa
|
gpascutto
|
NEW
|
---
|
2022-10-11
|
| 1446549
|
|
nsIMIMEService implementations are not compatible with content sandboxing
|
Core
|
Security: Process Sa
|
haftandilian
|
NEW
|
---
|
2022-10-11
|
| 1854722
|
|
Use a new executable for the macOS Utility process
|
Core
|
Security: Process Sa
|
haftandilian
|
NEW
|
---
|
2023-10-02
|
| 1887689
|
|
Re-enable the PoisonIOInterposer on Mac Nightly
|
Core
|
Security: Process Sa
|
haftandilian
|
NEW
|
---
|
2024-03-25
|
| 1433288
|
|
Coverity is concerned about what we're doing between chroot() and chdir("/")
|
Core
|
Security: Process Sa
|
jld
|
NEW
|
---
|
2022-10-10
|
| 1461541
|
|
Remove unnecessary X11 includes from SandboxHooks.cpp
|
Core
|
Security: Process Sa
|
jld
|
NEW
|
---
|
2022-10-11
|
| 1474787
|
|
Remove Linux sandboxing workarounds for the MIME service once it's remoted
|
Core
|
Security: Process Sa
|
jld
|
NEW
|
---
|
2022-10-11
|
| 1481689
|
|
Heap-allocate path buffers in SandboxBroker
|
Core
|
Security: Process Sa
|
jld
|
NEW
|
---
|
2022-10-11
|
| 1677190
|
|
(SHIP) Enable Session Restore and Session History In Parent in GeckoView
|
GeckoView
|
Sandboxing
|
kkaya
|
NEW
|
---
|
08:54:05
|
| 1776284
|
|
Fission session restore page zoom level, scroll position, and form data
|
GeckoView
|
Sandboxing
|
kkaya
|
NEW
|
---
|
2023-09-07
|
| 1806129
|
|
GeckoViewExample is broken in isolated process - instanceName parameter includes unacceptable characters
|
GeckoView
|
Sandboxing
|
kkaya
|
NEW
|
---
|
2024-03-15
|
| 1837551
|
|
[gv-junit-fis] Timeouts in junit tests that use session history
|
GeckoView
|
Sandboxing
|
kkaya
|
NEW
|
---
|
2024-03-08
|
| 1855525
|
|
Failures in dom/tests/mochitest/sessionstorage/test_sessionStorageClone_alwaysPartitioned.html in M-xorig
|
GeckoView
|
Sandboxing
|
kkaya
|
NEW
|
---
|
2023-11-17
|
| 1722272
|
|
Maybe implement GetSpecialSystemDirectory(Unix_XDG_ConfigHome)
|
Core
|
Security: Process Sa
|
lissyx+mozillians
|
NEW
|
---
|
2022-07-25
|
| 1749295
|
|
Switch all processes to set the mSandbox kind
|
Core
|
Security: Process Sa
|
lissyx+mozillians
|
NEW
|
---
|
2022-07-25
|
| 1771196
|
|
Move AAC to Utility Process and avoid extra layers of IPC for Android
|
Core
|
Security: Process Sa
|
lissyx+mozillians
|
NEW
|
---
|
2023-07-21
|
| 1771702
|
|
Provide MOZ_LOG for Utility Process
|
Core
|
Security: Process Sa
|
lissyx+mozillians
|
NEW
|
---
|
2023-04-20
|
| 1839574
|
|
utility processes crash reporting duplicated actor names
|
Core
|
Security: Process Sa
|
lissyx+mozillians
|
NEW
|
---
|
2023-07-21
|
| 1884378
|
|
Record sandbox violations in the profiler for debugging
|
Core
|
Security: Process Sa
|
lissyx+mozillians
|
NEW
|
---
|
06:21:04
|
| 1673953
|
|
[gv-junit-fis] Run GeckoSessionTestRuleTest on Fission
|
GeckoView
|
Sandboxing
|
m_kato
|
NEW
|
---
|
Tue 00:21
|
| 1738752
|
|
Write tests for getAllLoginsAsync
|
GeckoView
|
Sandboxing
|
m_kato
|
NEW
|
---
|
2024-01-24
|
| 1470288
|
|
Enable SANDBOX_FAILED_LAUNCH_KEYED out on release population
|
Core
|
Security: Process Sa
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1473381
|
|
2MB of heap-unclassified related to sandboxing on Windows
|
Core
|
Security: Process Sa
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1476101
|
|
Optimize Windows sandbox policy construction
|
Core
|
Security: Process Sa
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1476811
|
|
Investigate Windows child process launch failures
|
Core
|
Security: Process Sa
|
nobody
|
NEW
|
---
|
2022-10-17
|
| 1498388
|
|
Enable PROCESS_CREATION_MITIGATION_POLICY_IMAGE_LOAD_NO_LOW_LABEL for the parent process
|
Core
|
Security: Process Sa
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1508841
|
|
[Mac] Remove com.apple.CoreServices.coreservicesd from the content process sandbox
|
Core
|
Security: Process Sa
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1524694
|
|
[Mac] Fix gfx.color_management.display_profile for arbitrary profile paths
|
Core
|
Security: Process Sa
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1568850
|
|
Fix regressions when removing the application dir from the DLL search paths with MITIGATION_DLL_SEARCH_ORDER.
|
Core
|
Security: Process Sa
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1601079
|
|
Intermittent Return code: 3221225477
|
Core
|
Security: Process Sa
|
nobody
|
NEW
|
---
|
2022-10-16
|
| 1611468
|
|
JUnit test failures due to content process crash are misreported
|
GeckoView
|
Sandboxing
|
nobody
|
NEW
|
---
|
2022-12-22
|
| 1664249
|
|
library preload crash when navigating with a pending update
|
Core
|
Security: Process Sa
|
nobody
|
NEW
|
---
|
2021-01-05
|
| 1671667
|
|
Investigate 32-bit RDD process sandbox issue requiring dynamic code.
|
Core
|
Security: Process Sa
|
nobody
|
NEW
|
---
|
2021-12-08
|
| 1671672
|
|
Investigate improving RDD process sandbox.
|
Core
|
Security: Process Sa
|
nobody
|
NEW
|
---
|
2021-12-08
|
| 1698178
|
|
Ensure crash reports from isolated content processes work correctly.
|
GeckoView
|
Sandboxing
|
nobody
|
NEW
|
---
|
2023-01-26
|
| 1698214
|
|
Getting media permissions fails with Isolated Process
|
GeckoView
|
Sandboxing
|
nobody
|
NEW
|
---
|
2023-11-19
|
| 1698216
|
|
MediaSessionDelegate is not compatible with Isolated Process
|
GeckoView
|
Sandboxing
|
nobody
|
NEW
|
---
|
2023-01-26
|
| 1698230
|
|
MediaSession is not compatible with Isolated Process
|
GeckoView
|
Sandboxing
|
nobody
|
NEW
|
---
|
2024-02-23
|
| 1709923
|
|
Fix reftests for isolated process
|
GeckoView
|
Sandboxing
|
nobody
|
NEW
|
---
|
2023-09-26
|
| 1709948
|
|
Fix mochitests for isolated process
|
GeckoView
|
Sandboxing
|
nobody
|
NEW
|
---
|
2024-03-03
|
| 1709960
|
|
Fix web platform tests for isolated process
|
GeckoView
|
Sandboxing
|
nobody
|
NEW
|
---
|
2023-01-26
|
| 1709961
|
|
Fix xpcshell tests for isolated process
|
GeckoView
|
Sandboxing
|
nobody
|
NEW
|
---
|
2023-01-26
|
| 1710940
|
|
Crash event is not sent in isolated process
|
GeckoView
|
Sandboxing
|
nobody
|
NEW
|
---
|
2023-09-26
|
| 1719140
|
|
Crash in [@ mozilla::ContentProcessSandboxParams::ForThisProcess]
|
Core
|
Security: Process Sa
|
nobody
|
NEW
|
---
|
2024-02-27
|
| 1748460
|
|
Allow more syscalls for nvidia-vaapi-driver, possibly behind a pref
|
Core
|
Security: Process Sa
|
nobody
|
NEW
|
---
|
2023-06-26
|
| 1755777
|
|
resource://gre wont show some icons on Mac OS due to sandbox
|
Core
|
Security: Process Sa
|
nobody
|
NEW
|
---
|
2022-02-16
|
| 1756207
|
|
Enable more robust CSM protections where available
|
Core
|
Security: Process Sa
|
nobody
|
NEW
|
---
|
2022-02-18
|
| 1768102
|
|
PriorityHint test fails on Fission
|
GeckoView
|
Sandboxing
|
nobody
|
NEW
|
---
|
2024-02-01
|
| 1771965
|
|
Add GeckoRuntimeSetting API to enable Fission
|
GeckoView
|
Sandboxing
|
nobody
|
NEW
|
---
|
2024-02-01
|
| 1776924
|
|
[Fission] about:addons redirects to about:blank from about:about page
|
GeckoView
|
Sandboxing
|
nobody
|
NEW
|
---
|
2024-02-01
|
| 1776925
|
|
[Fission] Changing the device orientation makes tabs tray go into a wrong position
|
GeckoView
|
Sandboxing
|
nobody
|
NEW
|
---
|
2024-02-01
|
| 1776926
|
|
[Fission] Media Notification is not displayed in Android Notification bar
|
GeckoView
|
Sandboxing
|
nobody
|
NEW
|
---
|
2024-02-01
|
| 1776927
|
|
[Fission] Tabs View Media State is not shown when the tab is opened for the first time
|
GeckoView
|
Sandboxing
|
nobody
|
NEW
|
---
|
2024-02-01
|
| 1860950
|
|
Drop the disable-library-validation entitlement from the parent process executable
|
Core
|
Security: Process Sa
|
nobody
|
NEW
|
---
|
2023-11-16
|
| 1884449
|
|
We allow some socket calls in RDD "for X11" but we don't allow X11
|
Core
|
Security: Process Sa
|
nobody
|
NEW
|
---
|
2024-03-14
|
| 1888989
|
|
Linux Sandbox features (AppArmor user namespaces) silently disabled for some installation methods without any warning
|
Core
|
Security: Process Sa
|
nobody
|
NEW
|
---
|
2024-04-04
|
| 1758653
|
|
Crash in [@ wups.dll | LdrGetDllHandleEx]
|
Core
|
Security: Process Sa
|
bobowencode
|
NEW
|
---
|
2022-03-24
|
| 1445824
|
|
Tests for Linux sandbox connect() brokering
|
Core
|
Security: Process Sa
|
jld
|
NEW
|
---
|
2022-10-11
|
| 1744849
|
|
PR_GET_SECCOMP doesn't need to be allowed
|
Core
|
Security: Process Sa
|
jld
|
NEW
|
---
|
2021-12-16
|
| 1756857
|
|
Make the sandbox not crash inside of libsanitizer's crash handler on UBSan builds
|
Core
|
Security: Process Sa
|
jld
|
NEW
|
---
|
2022-02-24
|
| 1754193
|
|
Reusing Surface handles after GPU process crash can lead to the wrong SurfaceTexture being used
|
GeckoView
|
Sandboxing
|
jnicol
|
NEW
|
---
|
2022-07-07
|
| 1768062
|
|
GMP In Utility
|
Core
|
Security: Process Sa
|
lissyx+mozillians
|
NEW
|
---
|
2023-09-26
|
| 1277597
|
|
COM security hardening in sandboxed content
|
Core
|
Security: Process Sa
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1307960
|
|
Service based child processes crash when android:isolatedProcess="true"
|
GeckoView
|
Sandboxing
|
nobody
|
NEW
|
---
|
2023-01-22
|
| 1409569
|
|
Enabling MITIGATION_FORCE_MS_SIGNED_BINS for content processes
|
Core
|
Security: Process Sa
|
nobody
|
NEW
|
---
|
2023-03-16
|
| 1436509
|
|
Bring back sandboxed Address Sanitizer builds on Linux
|
Core
|
Security: Process Sa
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1439680
|
|
Stop using the sandbox levels prefs on macOS
|
Core
|
Security: Process Sa
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1441993
|
|
Block priority-inheriting futexes in sandboxed processes if possible
|
Core
|
Security: Process Sa
|
nobody
|
NEW
|
---
|
2022-10-10
|
| 1451270
|
|
Investigate intermittent Windows 10 x64 debug GMP test failures when win32k is disabled.
|
Core
|
Security: Process Sa
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1460885
|
|
Re-enable SANDBOX_EXPORTS for MinGW
|
Core
|
Security: Process Sa
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1463202
|
|
Windows Audio over RDP does not resume when reconnecting
|
Core
|
Security: Process Sa
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1474293
|
|
content sandbox doesn't let libavcodec load on OpenSuse
|
Core
|
Security: Process Sa
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1476816
|
|
Investigate Android child process launch failures
|
GeckoView
|
Sandboxing
|
nobody
|
NEW
|
---
|
2023-01-26
|
| 1480122
|
|
Sandbox breaks with developer build and non-canonical objdir path
|
Core
|
Security: Process Sa
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1504559
|
|
[Mac] Investigate removing access to cfprefsd
|
Core
|
Security: Process Sa
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1510861
|
|
Restrict madvise in Linux content processes
|
Core
|
Security: Process Sa
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1511437
|
|
add image load mitigations to Win RDD sandbox
|
Core
|
Security: Process Sa
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1513348
|
|
Investigate CrashReporter assert when HANDLES_DUP_BROKER removed from RDD process Win sandbox
|
Core
|
Security: Process Sa
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1513773
|
|
Try to reduce code duplication in Set*Sandbox functions
|
Core
|
Security: Process Sa
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1528227
|
|
Add test to ensure that the use of LoaderThreads field in _RTL_USER_PROCESS_PARAMETERS remains viable.
|
Core
|
Security: Process Sa
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1529390
|
|
[Mac] Rename content process executable to something user friendly for Activity Monitor listing
|
Core
|
Security: Process Sa
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1539670
|
|
Assert that our Linux CI environment allows unprivileged user namespaces
|
Core
|
Security: Process Sa
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1539841
|
|
Stop allowing temp dir access for Windows content process under webrender
|
Core
|
Security: Process Sa
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1541246
|
|
SandboxBroker is eagerly stat'ing various directories during start-up before opening the first window
|
Core
|
Security: Process Sa
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1542413
|
|
Fenix's about:telemetry says e10sEnabled is false
|
GeckoView
|
Sandboxing
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1544620
|
|
Crash reporter integration for the SIGSYS handler doesn't follow runtime disabling of crash reporter
|
Core
|
Security: Process Sa
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1553542
|
|
[linux] Don't put sandboxing state stuff on system-info (or only collect it lazily)
|
Core
|
Security: Process Sa
|
nobody
|
NEW
|
---
|
2023-06-14
|
| 1553888
|
|
Lazily construct SandboxInfo singleton
|
Core
|
Security: Process Sa
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1560204
|
|
wininet.dll loaded in content process by webrtc to detect web proxy
|
Core
|
Security: Process Sa
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1561402
|
|
Add about:contentkill in order to simulate OS killing content process
|
GeckoView
|
Sandboxing
|
nobody
|
NEW
|
---
|
2022-12-22
|
| 1597408
|
|
enabling Vorbis decoding on RDD causing sandboxing failure on MinGW-clang
|
Core
|
Security: Process Sa
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1603706
|
|
Implement work round for DirectWrite font cache service sandbox issues
|
Core
|
Security: Process Sa
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1638823
|
|
Remove BrokerDuplicateHandle and AddTargetPeer from the windows sandbox
|
Core
|
Security: Process Sa
|
nobody
|
NEW
|
---
|
2020-05-18
|
| 1673173
|
|
PR_GetNumberOfProcessors probably still hits fallback cases
|
Core
|
Security: Process Sa
|
nobody
|
NEW
|
---
|
2021-12-20
|
| 1677208
|
|
Add GV/Fenix support for Fission subframe process crashes
|
GeckoView
|
Sandboxing
|
nobody
|
NEW
|
---
|
2022-07-07
|
| 1709698
|
|
Clean up fds in child process startup code
|
GeckoView
|
Sandboxing
|
nobody
|
NEW
|
---
|
2023-01-26
|
| 1724172
|
|
Eliminate duplicate inclusion of rlbox wasm sandboxed code in Firefox builds
|
Core
|
Security: Process Sa
|
nobody
|
NEW
|
---
|
2021-10-26
|
| 1725252
|
|
Support BrowserContextGroup in GeckoView
|
GeckoView
|
Sandboxing
|
nobody
|
NEW
|
---
|
2023-01-26
|
| 1725258
|
|
Fission: Partition GeckoView content processes into separate pools
|
GeckoView
|
Sandboxing
|
nobody
|
NEW
|
---
|
2023-01-26
|
| 1725480
|
|
Enable use of the importance heuristic for content processes
|
GeckoView
|
Sandboxing
|
nobody
|
NEW
|
---
|
2024-01-12
|
| 1737092
|
|
Reduce the sandbox policy for non-Clearkey EME plugins
|
Core
|
Security: Process Sa
|
nobody
|
NEW
|
---
|
2021-10-21
|
| 1737207
|
|
Audit RLBox register callbacks for sandboxes
|
Core
|
Security: Process Sa
|
nobody
|
NEW
|
---
|
2022-10-24
|
| 1737467
|
|
Startup Crash in [@ logging::LogMessage::~LogMessage] via mozilla::SandboxBroker::LaunchApp
|
Core
|
Security: Process Sa
|
nobody
|
NEW
|
---
|
2024-03-07
|
| 1738146
|
|
Linux sandbox file broker hardening
|
Core
|
Security: Process Sa
|
nobody
|
NEW
|
---
|
2021-11-04
|
| 1738547
|
|
Fail at compile/build time when noop sandbox not properly configured
|
Core
|
Security: Process Sa
|
nobody
|
NEW
|
---
|
2021-11-04
|
| 1739831
|
|
Fail Fast Exception crash with security.sandbox.content.level 20
|
Core
|
Security: Process Sa
|
nobody
|
NEW
|
---
|
2022-01-07
|
| 1744751
|
|
Allow socket process to create MOZ_LOG_FILE and write logs
|
Core
|
Security: Process Sa
|
nobody
|
NEW
|
---
|
2022-01-13
|
| 1746932
|
|
Crash in [@ MitLibTriggerFailFast]
|
Core
|
Security: Process Sa
|
nobody
|
NEW
|
---
|
2022-01-13
|
| 1754959
|
|
--enable-sandbox support for more cpu architectures
|
Core
|
Security: Process Sa
|
nobody
|
NEW
|
---
|
2022-02-21
|
| 1761134
|
|
Consider filtering getsockopt/setsockopt in content process sandbox
|
Core
|
Security: Process Sa
|
nobody
|
NEW
|
---
|
2022-03-24
|
| 1768017
|
|
Crash in [@ RtlpWaitOnCriticalSection | RtlpEnterCriticalSectionContended | RtlEnterCriticalSection | bMakePathNameW]
|
Core
|
Security: Process Sa
|
nobody
|
NEW
|
---
|
2023-08-08
|
| 1769785
|
|
Enforce minimum sandbox level in preferences
|
Core
|
Security: Process Sa
|
nobody
|
NEW
|
---
|
2022-05-17
|
| 1772021
|
|
MOZ_LOG seems not working in GPU process
|
Core
|
Security: Process Sa
|
nobody
|
NEW
|
---
|
2022-12-15
|
| 1776917
|
|
[Fission] Fenix tab crashes when attempting to access an unsecure page with HTTPS-Only Mode enabled
|
GeckoView
|
Sandboxing
|
nobody
|
NEW
|
---
|
2024-02-01
|
| 1782131
|
|
Implement something like Arbitrary Code Guard using seccomp-bpf
|
Core
|
Security: Process Sa
|
nobody
|
NEW
|
---
|
2022-08-04
|
| 1783669
|
|
Use Less Privileged App Container (LPAC) for sandboxing
|
Core
|
Security: Process Sa
|
nobody
|
NEW
|
---
|
2023-06-08
|
| 1786466
|
|
11.31 - 5.44% wikipedia ContentfulSpeedIndex / nytimes LastVisualChange + 2 more (Android, Linux) regression on Wed August 17 2022
|
GeckoView
|
Sandboxing
|
nobody
|
NEW
|
---
|
2024-02-01
|
| 1795810
|
|
Crash in mozilla::InstallSyscallFilter
|
Core
|
Security: Process Sa
|
nobody
|
NEW
|
---
|
2023-07-04
|
| 1810736
|
|
Media decoding is not compatible with isolated process
|
GeckoView
|
Sandboxing
|
nobody
|
NEW
|
---
|
2024-03-18
|
| 1814214
|
|
[Windows] Add tests to verify that important files/folders **can't** be accessed
|
Core
|
Security: Process Sa
|
nobody
|
NEW
|
---
|
2023-01-31
|
| 1816095
|
|
Perform OS/Env specific checks for win32k lockdown for processes other than content.
|
Core
|
Security: Process Sa
|
nobody
|
NEW
|
---
|
2023-02-10
|
| 1821081
|
|
Fix tests that don't call GeckoDependentInitialize, but should require it.
|
Core
|
Security: Process Sa
|
nobody
|
NEW
|
---
|
2023-03-08
|
| 1830300
|
|
force-enabled VAAPI/X11/Nvidia driver: libva-drm.so crash in [@ __socket]
|
Core
|
Security: Process Sa
|
nobody
|
NEW
|
---
|
2024-02-26
|
| 1833222
|
|
Test different preallocated content process strategies for Android Fission
|
GeckoView
|
Sandboxing
|
nobody
|
NEW
|
---
|
2023-05-16
|
| 1835586
|
|
Enable MITIGATION_DYNAMIC_CODE_DISABLE (Arbitrary Code Guard, ACG) in GPU process on Windows
|
Core
|
Security: Process Sa
|
nobody
|
NEW
|
---
|
2023-06-05
|
| 1848701
|
|
[gv-junit-fis] Improve process switch handling when loading error pages in Fission
|
GeckoView
|
Sandboxing
|
nobody
|
NEW
|
---
|
2023-11-14
|
| 1858573
|
|
Adopt macOS Launch Environment and Library Constraints
|
Core
|
Security: Process Sa
|
nobody
|
NEW
|
---
|
2023-10-25
|
| 1864622
|
|
PDF content uri cannot be used in an isolated process
|
GeckoView
|
Sandboxing
|
nobody
|
NEW
|
---
|
2023-11-14
|
| 1869336
|
|
Investigate win32k and dynamic code warning events
|
Core
|
Security: Process Sa
|
nobody
|
NEW
|
---
|
2023-12-11
|
| 1875620
|
|
[Fission] Tab history isn't displayed
|
GeckoView
|
Sandboxing
|
nobody
|
NEW
|
---
|
2024-04-12
|
| 1878187
|
|
Crash in [@ mozilla::EnterChroot]
|
Core
|
Security: Process Sa
|
nobody
|
NEW
|
---
|
2024-02-22
|
| 1725308
|
|
Update rlbox update.sh to new moz.yaml format
|
Core
|
Security: Process Sa
|
shravanrn
|
NEW
|
---
|
2022-11-23
|
| 1622486
|
|
[macOS] Dedupe Mac sandbox policy files
|
Core
|
Security: Process Sa
|
haftandilian
|
NEW
|
---
|
2022-10-10
|
| 1577246
|
|
Devtools on Linux has various issues due to sandboxing on current mozilla-central
|
Core
|
Security: Process Sa
|
gpascutto
|
NEW
|
---
|
2022-10-11
|
| 1656096
|
|
Test browser_content_sandbox_syscalls.js Doesn't call execv() due to missing argument
|
Core
|
Security: Process Sa
|
haftandilian
|
NEW
|
---
|
2021-12-09
|
| 1603307
|
|
Migrate from SECCOMP_RET_TRAP to SECCOMP_RET_USER_NOTIF
|
Core
|
Security: Process Sa
|
jld
|
NEW
|
---
|
2022-10-11
|
| 1679863
|
|
HTMLCanvasElement.getContext is slow
|
Core
|
Security: Process Sa
|
jld
|
NEW
|
---
|
2022-03-02
|
| 1696958
|
|
[regression] File downloads failing with sandboxing
|
Core
|
Security: Process Sa
|
landry
|
NEW
|
---
|
2022-09-15
|
| 1433440
|
|
Assertion failure: lastSlash == 0, at /home/user/firefox/security/sandbox/linux/broker/SandboxBroker.cpp:294 for non-absolute cache path
|
Core
|
Security: Process Sa
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1576331
|
|
Investigate using syscall filtering in macOS Sandboxes
|
Core
|
Security: Process Sa
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1580654
|
|
Linux sandbox code does mainthread IO to check if all the allowed directories are directories
|
Core
|
Security: Process Sa
|
nobody
|
NEW
|
---
|
2023-08-04
|
| 1600189
|
|
Cache linux sandbox read/write whitelists and `security.sandbox.content.force-namespace`
|
Core
|
Security: Process Sa
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1604269
|
|
Re-disallow recvmmsg (two 'm's) when PulseAudio is remoted
|
Core
|
Security: Process Sa
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1607980
|
|
Implement sandboxing on FreeBSD with Capsicum
|
Core
|
Security: Process Sa
|
nobody
|
NEW
|
---
|
2023-10-19
|
| 1639494
|
|
Cache Windows sandbox read whitelist and `security.sandbox.logging.enabled` preferences
|
Core
|
Security: Process Sa
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1641401
|
|
Prune the socket process sandbox policy
|
Core
|
Security: Process Sa
|
nobody
|
NEW
|
---
|
2021-12-08
|
| 1662321
|
|
Sandboxing issues with nsSystemInfo
|
Core
|
Security: Process Sa
|
nobody
|
NEW
|
---
|
2020-09-14
|
| 1673771
|
|
Sandboxing will need to support a subset of `statx`
|
Core
|
Security: Process Sa
|
nobody
|
NEW
|
---
|
2020-10-29
|
| 1702919
|
|
fallback to ximage for screensharing on openbsd to prevent a sandboxing violation
|
Core
|
Security: Process Sa
|
nobody
|
NEW
|
---
|
2021-06-06
|
| 1710155
|
|
Chromium sandbox issues successive load/reload of plugin-container.exe
|
Core
|
Security: Process Sa
|
nobody
|
NEW
|
---
|
2022-11-07
|
| 1724098
|
|
seccomp policy should account for umask's infallibility
|
Core
|
Security: Process Sa
|
nobody
|
NEW
|
---
|
2021-08-05
|
| 1885704
|
|
Revive telemetry for SANDBOX_HAS_USER_NAMESPACES
|
Core
|
Security: Process Sa
|
jld
|
NEW
|
---
|
2024-03-15
|
| 1892884
|
|
Run GeckoSessionTestRuleTest#contentCrashIgnored with Fission
|
GeckoView
|
Sandboxing
|
m_kato
|
NEW
|
---
|
Tue 01:25
|
| 1875230
|
|
Investigate how to allow DNS lookups in the socket process
|
Core
|
Security: Process Sa
|
nobody
|
NEW
|
---
|
2024-02-02
|
| 1696387
|
|
DWrite caching can break and not be able to reconnect with a strong sandbox.
|
Core
|
Security: Process Sa
|
bobowencode
|
ASSI
|
---
|
2022-01-07
|
| 1878638
|
|
Remove handle duplication rules for Windows process sandboxes
|
Core
|
Security: Process Sa
|
bobowencode
|
ASSI
|
---
|
2024-02-22
|
| 1892051
|
|
Only call WinUtils::GetPointerExplanation in the parent process.
|
Core
|
Security: Process Sa
|
bobowencode
|
ASSI
|
---
|
2024-04-17
|
| 1884684
|
|
(SHIP) Wpt test suite times out when SHIP (session history in parent) is enabled
|
GeckoView
|
Sandboxing
|
peterv
|
ASSI
|
---
|
2024-03-15
|
| 1732421
|
|
Delay loading should use LOAD_WITH_ALTERED_SEARCH_PATH
|
Core
|
Security: Process Sa
|
bobowencode
|
ASSI
|
---
|
2023-06-22
|
| 1831036
|
|
Ship untrusted integrity on content process and extension process for Windows to release
|
Core
|
Security: Process Sa
|
bobowencode
|
ASSI
|
---
|
2024-04-17
|
| 1879356
|
|
Remove remote sandbox broker
|
Core
|
Security: Process Sa
|
bobowencode
|
ASSI
|
---
|
2024-02-08
|
| 1891986
|
|
Loading font files from %windir%\Fonts via broker causes regressions on some cold performance tests.
|
Core
|
Security: Process Sa
|
bobowencode
|
ASSI
|
---
|
2024-04-18
|
| 1434134
|
|
Remove a few PulseAudio-specific sandboxing rules missed in bug 1386019
|
Core
|
Security: Process Sa
|
lissyx+mozillians
|
ASSI
|
---
|
2024-02-27
|
| 1759167
|
|
Revert the CreatorsUpdate Restriction on Win32k Lockdown
|
Core
|
Security: Process Sa
|
bobowencode
|
REOP
|
---
|
2023-06-06
|
| 1447019
|
|
Use MITIGATION_WIN32K_DISABLE flag for GMP process.
|
Core
|
Security: Process Sa
|
nobody
|
REOP
|
---
|
2023-08-18
|
| 1860062
|
|
Tighten GPU Sandbox Further
|
Core
|
Security: Process Sa
|
cmartin
|
REOP
|
---
|
2024-03-06
|
| 1634178
|
|
JS exception thrown when content process is terminated
|
GeckoView
|
Sandboxing
|
nobody
|
REOP
|
---
|
2024-02-01
|
| 1836257
|
|
Intermittent application crashed [@ sandbox::InterceptionAgent::OnDllLoad] | single tracking bug
|
Core
|
Security: Process Sa
|
nobody
|
REOP
|
---
|
2024-04-14
|
| 1841944
|
|
Intermittent MOZ_CRASH(Plugin file does not exist) [@ mozilla::gmp::GMPChild::GetUTF8LibPath] | single tracking bug
|
Core
|
Security: Process Sa
|
nobody
|
REOP
|
---
|
Wed 06:43
|