| Commit message (Collapse) | Author | Age | Lines |
| |
|
|
|
|
|
|
| |
This is CVE-2020-15999.
* src/sfnt/pngshim.c (Load_SBit_Png): Test bitmap size earlier.
|
|
|
|
| |
This avoids a number of problems with incomplete sanitation.
|
|
|
|
|
|
|
| |
The root cause in this bug is that the connection info used by
'SpdyConnectTransaction' is the same instance as the connection info in
'nsHttpTransaction', so we should clone it and let 'SpdyConnectTransaction' use
the cloned one.
|
|
|
|
|
|
|
|
|
| |
The original patch handled the grow case but not the shrink case. When the
current and new allocation sizes are in different size classes, jemalloc's
realloc will move the allocation when shrinking, not just truncate the existing
one.
Based on work by Jon Coppeard.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
This fix is included in NSPR 4.27 and Mozilla bug 1652330.
Also put a main thread check in the cocoa draw callback.
|
|
|
|
|
|
|
| |
This involves refactoring the vibrancy and OpenGL/Pixel rendering changes contained
in the following Mozilla meta bugs: 1496823 and 1491445
Also add Big Sur to the features tests and update popup menu look and feel based
on Mozilla bug 1656301.
|
|
|
|
| |
jemalloc
|
|
|
|
|
| |
Since several entities have started to ban .9 versions, even if they are valid
ESR versions.
|
|
|
|
| |
Also adds options for new functionality in #1683
|
| |
|
| |
|
| |
|
|
|
|
|
| |
This has been broken for 11 years. About time it's fixed.
Tag #1683
|
| |
|
|
|
|
|
| |
There don't seem to be any drawbacks to this; tested for the past month disabled
and there have been no issues with any sites visited. Adoption seems very low.
|
|
|
|
|
|
| |
This was a leftover from HPKP removal.
Also remove a couple of unused variables from security/manager/ssl/nsSiteSecurityService.cpp.
|
|
|
|
|
|
|
|
| |
This is required for UniquePtr to accept <void>,
which is required for PseudoHandle = mozilla::UniquePtr<T, JS::FreePolicy>;
in turn for mozilla::SegmentedVector<PseudoHandle<void>> uniquePtrArena_;
Tag #1679
|
|
|
|
| |
Tag #1679
|
| |
|
|
|
|
| |
While we do fail a couple of tests, the other mainstream browsers also fail them and I think our implementation of tab-size is good enough to be unprefixed at this point. Having this patch also makes testing easier.
|
|
|
|
| |
This provides a clearer rule for the minimum tab advance that brings us to alignment with the spec and both major browsers.
|
|
|
|
| |
There were a few typos in the previous patch and this patch also makes tab-size animatable which didn't really require much of a change at all.
|
|
|
|
| |
Currently -moz-tab-size only accepts <number> values, and both Chrome and Firefox currently support <length> values and have for some time now. So with this you would be able to support sizes in px or em, for instance. This was implemented in Firefox 53 and was trivial to backport.
|
| |
|
|
|
|
| |
Rename MCP back to MoonchildProductions.
|
| |
|
|
|
|
| |
This logic was missing for tfoot. See existing code in second hunk.
|
| |
|
| |
|
|
|
|
|
|
|
| |
This prevents a potential race and simplifies the code a bit by keeping the
bytes read separate instead of using mData, which is modified from another
thread from OnDataAvailable.
Relaxed atomics are fine for these, since they don't guard any memory.
|
|
|
|
|
|
|
| |
the image blocking status appropriately.
This is the same status as we do for known no-data protocols and ensures we
treat these two cases the same.
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
This actually keeps both pseudo-elements for now, since the prefixed version is
still used internally, but we need the unprefixed version for web compat.
Note: while unprefixing a non-spec-compliant pseudo here, it's exactly in line
with what other browsers do. Nobody is following the spec here and at least
we'll be doing what everyone else is with our unprefixed version.
|
|
|
|
| |
Mozilla's original implementation of this failed a couple of tests, but this seems to solve all the problems. Basically, the caret-color wasn't able to be set differently based on whether a link was visited, and the auto value implementation was incomplete. The only test we fail now is the one where you have grey text on a grey background and the caret is supposed to be visible, but I think that may have been removed from the spec. Even if it wasn't, no other browser supports it anyway.
|
|
|
|
|
|
| |
This CSS property allows input carets (that blinking input cursor you see in text fields), to be given a custom color. This was implemented in Firefox 53, and it was such a minor feature that no one ever missed it, but I don't see any harm in implementing this.
https://bugzilla.mozilla.org/show_bug.cgi?id=1063162
|
|
|
|
| |
Presentation of a document is destroyed.
|
| |
|
|
|
|
| |
Tag #1666
|
|
|
|
|
|
|
| |
This aligns with the current spec regarding overflow-wrap: break-word and
overflow-wrap: anywhere in if it affects intrinsic sized due to considering
soft-wrap opportunities or not.
See CSS Text Module Level 3, Editor’s Draft, 1 October 2020, Section 5.5
|
|
|
|
| |
intrinsic size.
|
|
|
| |
Revise Commit message style and add Follow-up form
|
|
|
|
|
|
|
|
| |
I got very anxious about making sure I included VARIANT_OPACITY in all the places VARIANT_NUMBER was included to make sure it couldn't possibly break unexpectedly, and that led to me accidentally breaking a mechanism that prevented percentages from serializing as numbers in other parts of the code. It was a total accident, and these additions were unnecessary. Basically, the situation is that there was one part of the code where it determines what's allowed for the flex statement (and possibly other statements) by checking whether it got stored as a "number", and basically only disallows percentages if it attempted to store/serialize them as percentages.
However, it only got to that part of the code because I accidentally allowed VARIANT_OPACITY as a valid way for certain tokens to parse where it wasn't necessary. If it tries to parse it that way under very specific circumstances... percentages will be marked valid and fed through the system as numbers rather than being rejected and not serialized at all, because the check to disallow percentages there relied on them being stored as percentages.
It's a really weird thing to have a problem with in a lot of ways, because if percentages aren't allowed in a field, you would think people wouldn't try to use them there, much less depend on the broken behavior that results from them not parsing as a related value.
|
|
|
|
| |
This fixes some crashing scenarios.
|
|
|
|
|
|
|
| |
ResizeObserverNotificationHelper::Unregister
A race condition seemed to exist between tab destruction and un-registering a ResizeObserver resulting in a null deref crash.
The original reporter in Forum Topic 25311 experienced this on msn.com so that was the functional test reference.
|