| r3035) | modules/zlib/src/gzio.c:80 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3036) | modules/zlib/src/gzio.c:81 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3037) | modules/zlib/src/gzio.c:83 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3038) | modules/zlib/src/gzio.c:198 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3039) | modules/zlib/src/gzio.c:527 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3040) | modules/zlib/src/gzio.c:552 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3047) | modules/zlib/src/minigzip.c:873 High: strcat: Check to be sure that argument 2 passed to this function call will not copy more data than can be handled, resulting in a buffer overflow.
|
| r3048) | modules/zlib/src/minigzip.c:104 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3049) | modules/zlib/src/minigzip.c:172 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3050) | modules/zlib/src/minigzip.c:199 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3051) | modules/zlib/src/minigzip.c:228 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3052) | modules/zlib/src/minigzip.c:276 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3055) | netwerk/base/public/nsReadLine.h:204 High: strcat: Check to be sure that argument 2 passed to this function call will not copy more data than can be handled, resulting in a buffer overflow.
|
| r3056) | netwerk/base/public/nsReadLine.h:243 High: strcat: Check to be sure that argument 2 passed to this function call will not copy more data than can be handled, resulting in a buffer overflow.
|
| r3057) | netwerk/base/src/nsAsyncStreamListener.cpp:39 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3058) | netwerk/base/src/nsAutodialWin.cpp:242 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3059) | netwerk/base/src/nsBufferedStreams.cpp:693 High: LoadLibrary: LoadLibrary will search several places for a library if no path is specified, allowing trojan DLL's to be inserted elsewhere even if the intended DLL is correctly protected from overwriting. Make sure to specify the full path.
|
| r3060) | netwerk/base/src/nsBufferedStreams.cpp:742 High: LoadLibrary: LoadLibrary will search several places for a library if no path is specified, allowing trojan DLL's to be inserted elsewhere even if the intended DLL is correctly protected from overwriting. Make sure to specify the full path.
|
| r3061) | netwerk/base/src/nsDirectoryIndexStream.cpp:97 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3062) | netwerk/base/src/nsNetModRegEntry.cpp:408 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3063) | netwerk/base/src/nsNetModRegEntry.cpp:160 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3064) | netwerk/base/src/nsSocketTransport.cpp:161 High: PL_strcpy: Check to be sure that argument 2 passed to this function call will not copy more data than can be handled, resulting in a buffer overflow.
|
| r3065) | netwerk/base/src/nsStandardURL.cpp:655 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3066) | netwerk/base/src/nsStandardURL.cpp:788 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3067) | netwerk/base/src/nsStandardURL.cpp:1651 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3068) | netwerk/base/src/nsAutodialWin.h:97 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3070) | netwerk/cache/src/nsANSIFileStreams.cpp:175 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3071) | netwerk/cache/src/nsANSIFileStreams.cpp:212 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3072) | netwerk/cache/src/nsANSIFileStreams.cpp:290 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3073) | netwerk/cache/src/nsDiskCacheEntry.cpp:163 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3074) | netwerk/cache/src/nsDiskCacheEntry.cpp:313 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3075) | netwerk/cache/src/nsDiskCacheMap.cpp:112 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3076) | netwerk/cache/src/nsDiskCacheStreams.cpp:596 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3077) | netwerk/cache/src/nsDiskCacheStreams.cpp:614 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3078) | netwerk/cache/src/nsDiskCacheStreams.cpp:852 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3079) | netwerk/cache/src/nsDiskCacheStreams.cpp:888 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3080) | netwerk/cache/src/nsDiskCacheEntry.h:763 Medium: realloc: Don't use on memory intended to be secure, because the old structure will not be zeroed out.
|
| r3081) | netwerk/dns/daemon/nsDnsAsyncLookup.cpp:53 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3083) | netwerk/dns/daemon/nsDnsAsyncLookup.cpp:126 High: gethostbyname: DNS results can easily be forged by an attacker (or arbitrarily set to large values, etc), and should not be trusted.
|
| r3084) | netwerk/dns/daemon/nsDnsAsyncLookup.cpp:414 High: gethostbyname: DNS results can easily be forged by an attacker (or arbitrarily set to large values, etc), and should not be trusted.
|
| r3087) | netwerk/dns/daemon/nsDnsAsyncLookup.cpp:412 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3088) | netwerk/dns/daemon/nsDnsAsyncLookup.cpp:522 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3089) | netwerk/dns/daemon/nsDnsAsyncLookup.cpp:574 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3090) | netwerk/dns/daemon/nsDnsAsyncLookup.cpp:608 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3091) | netwerk/dns/daemon/nsDnsAsyncLookup.cpp:511 Medium: signal: When setting signal handlers, do not use the same function to handle multiple signals. There exists the possibility a race condition will result if 2 or more different signals are sent to the process at nearly the same time. Also, when writing signal handlers, it is best to do as little as possible in them. The best strategy is to use the signal handler to set a flag, that another part of the program tests and performs the appropriate action(s) when it is set. See also: http://razor.bindview.com/publish/papers/signals.txt
|
| r3092) | netwerk/dns/src/nsDnsService.cpp:631 Medium: read: Check buffer boundaries if calling this function in a loop and make sure you are not in danger of writing past the allocated space.
|
| r3093) | netwerk/dns/src/nsDnsService.cpp:825 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3094) | netwerk/dns/src/nsDnsService.cpp:963 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3095) | netwerk/dns/src/nsDnsService.cpp:1698 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3096) | netwerk/dns/src/nsDnsService.cpp:1719 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3097) | netwerk/dns/src/nsDnsService.cpp:1744 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3098) | netwerk/dns/src/nsDnsService.cpp:1772 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3100) | netwerk/mime/src/nsXMLMIMEDataSource.cpp:387 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3101) | netwerk/mime/src/nsXMLMIMEDataSource.cpp:756 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3102) | netwerk/mime/src/nsXMLMIMEDataSource.cpp:768 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3103) | netwerk/protocol/about/src/nsAboutBloat.cpp:668 High: smprintf: Check to be sure that the non-constant format string passed as argument 1 to this function call does not come from an untrusted source that could have added formatting characters that the code is not prepared to handle.
|
| r3104) | netwerk/protocol/about/src/nsAboutCache.cpp:132 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3105) | netwerk/protocol/about/src/nsAboutCacheEntry.cpp:284 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3106) | netwerk/protocol/http/src/nsHttpAuthCache.cpp:429 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3107) | netwerk/protocol/http/src/nsHttpBasicAuth.cpp:166 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3108) | netwerk/protocol/http/src/nsHttpChannel.cpp:109 High: PL_strcpy: Check to be sure that argument 2 passed to this function call will not copy more data than can be handled, resulting in a buffer overflow.
|
| r3109) | netwerk/protocol/http/src/nsHttpDigestAuth.cpp:707 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3110) | netwerk/protocol/http/src/nsHttpDigestAuth.cpp:961 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3111) | netwerk/protocol/http/src/nsHttpHandler.cpp:80 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3112) | netwerk/protocol/http/src/nsHttpHandler.cpp:143 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3113) | netwerk/protocol/http/src/nsHttpHandler.cpp:144 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3114) | netwerk/protocol/http/src/nsHttpHandler.cpp:145 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3115) | netwerk/protocol/http/src/nsHttpHandler.cpp:146 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3116) | netwerk/protocol/http/src/nsHttpHandler.cpp:193 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3117) | netwerk/protocol/http/src/nsHttpHandler.cpp:406 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3118) | netwerk/protocol/http/src/nsHttpResponseHead.cpp:1598 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3119) | netwerk/protocol/http/src/nsHttpResponseHead.cpp:1696 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3120) | netwerk/protocol/http/src/nsHttpDigestAuth.h:73 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3121) | netwerk/socket/base/nsSOCKSIOLayer.cpp:96 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3122) | netwerk/streamconv/converters/nsFTPDirListingConv.cpp:242 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3123) | netwerk/streamconv/converters/nsFTPDirListingConv.cpp:244 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3124) | netwerk/streamconv/converters/nsFTPDirListingConv.cpp:469 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3125) | netwerk/streamconv/converters/nsFTPDirListingConv.cpp:471 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3126) | netwerk/streamconv/converters/nsFTPDirListingConv.cpp:566 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3127) | netwerk/streamconv/converters/nsGopherDirListingConv.cpp:376 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3128) | netwerk/streamconv/converters/nsMultiMixedConv.cpp:62 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3129) | netwerk/streamconv/converters/nsUnknownDecoder.cpp:500 Medium: realloc: Don't use on memory intended to be secure, because the old structure will not be zeroed out.
|
| r3130) | netwerk/streamconv/converters/ParseFTPList.cpp:220 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3131) | netwerk/streamconv/converters/ParseFTPList.cpp:86 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3132) | netwerk/streamconv/converters/ParseFTPList.cpp:91 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3133) | netwerk/streamconv/converters/ParseFTPList.cpp:1743 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3134) | netwerk/streamconv/converters/nsBinHexDecoder.h:1657 Medium: realloc: Don't use on memory intended to be secure, because the old structure will not be zeroed out.
|
| r3135) | netwerk/streamconv/converters/ParseFTPList.h:78 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3136) | netwerk/streamconv/converters/ParseFTPList.h:137 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3137) | netwerk/streamconv/test/Converters.cpp:103 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3138) | netwerk/streamconv/test/Converters.cpp:115 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3139) | netwerk/test/PropertiesTest.cpp:25 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3140) | netwerk/test/TestCacheBlockFiles.cpp:110 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3141) | netwerk/test/TestCacheBlockFiles.cpp:66 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3142) | netwerk/test/TestCacheBlockFiles.cpp:67 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3143) | netwerk/test/TestCacheBlockFiles.cpp:72 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3144) | netwerk/test/TestCacheBlockFiles.cpp:710 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3145) | netwerk/test/TestCacheBlockFiles.cpp:711 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3146) | netwerk/test/TestCacheBlockFiles.cpp:712 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3147) | netwerk/test/TestCacheBlockFiles.cpp:713 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3148) | netwerk/test/TestCacheMgr.cpp:209 Medium: srand: Standard random number generators should not be used to generate randomness used for security reasons. For security sensitive randomness a crytographic randomness generator that provides sufficient entropy should be used.
|
| r3149) | netwerk/test/TestDNSDaemon.cpp:208 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3150) | netwerk/test/TestDNSDaemon.cpp:335 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3151) | netwerk/test/TestDNSDaemon.cpp:336 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3152) | netwerk/test/TestDNSDaemon.cpp:429 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3153) | netwerk/test/TestDNSDaemon.cpp:431 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3154) | netwerk/test/TestDNSDaemon.cpp:432 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3155) | netwerk/test/TestDNSDaemon.cpp:433 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3158) | netwerk/test/TestDNSDaemon.cpp:87 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3159) | netwerk/test/TestDNSDaemon.cpp:130 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3160) | netwerk/test/TestDNSDaemon.cpp:211 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3161) | netwerk/test/TestFileInput.cpp:260 Medium: read: Check buffer boundaries if calling this function in a loop and make sure you are not in danger of writing past the allocated space.
|
| r3162) | netwerk/test/TestFileInput.cpp:142 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3163) | netwerk/test/TestFileInput2.cpp:148 High: printf: Check to be sure that the non-constant format string passed as argument 1 to this function call does not come from an untrusted source that could have added formatting characters that the code is not prepared to handle.
|
| r3164) | netwerk/test/TestFileTransport.cpp:217 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3165) | netwerk/test/TestFileTransport.cpp:310 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3166) | netwerk/test/TestHttp.cpp:133 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3167) | netwerk/test/TestMCTransport.cpp:62 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3168) | netwerk/test/TestOverlappedIO.cpp:137 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3169) | netwerk/test/TestOverlappedIO.cpp:205 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3170) | netwerk/test/TestOverlappedIO.cpp:115 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3171) | netwerk/test/TestOverlappedIO.cpp:236 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3172) | netwerk/test/TestOverlappedIO.cpp:311 High: PR_smprintf: Check to be sure that the non-constant format string passed as argument 1 to this function call does not come from an untrusted source that could have added formatting characters that the code is not prepared to handle.
|
| r3173) | netwerk/test/TestPageLoad.cpp:271 Medium: signal: When setting signal handlers, do not use the same function to handle multiple signals. There exists the possibility a race condition will result if 2 or more different signals are sent to the process at nearly the same time. Also, when writing signal handlers, it is best to do as little as possible in them. The best strategy is to use the signal handler to set a flag, that another part of the program tests and performs the appropriate action(s) when it is set. See also: http://razor.bindview.com/publish/papers/signals.txt
|
| r3174) | netwerk/test/TestPageLoad.cpp:273 Medium: signal: When setting signal handlers, do not use the same function to handle multiple signals. There exists the possibility a race condition will result if 2 or more different signals are sent to the process at nearly the same time. Also, when writing signal handlers, it is best to do as little as possible in them. The best strategy is to use the signal handler to set a flag, that another part of the program tests and performs the appropriate action(s) when it is set. See also: http://razor.bindview.com/publish/papers/signals.txt
|
| r3175) | netwerk/test/TestPageLoad.cpp:90 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3176) | netwerk/test/TestPageLoad.cpp:201 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3177) | netwerk/test/TestPageLoad.cpp:115 High: strcpy: Check to be sure that argument 2 passed to this function call will not copy more data than can be handled, resulting in a buffer overflow.
|
| r3178) | netwerk/test/TestPageLoad.cpp:144 High: strcpy: Check to be sure that argument 2 passed to this function call will not copy more data than can be handled, resulting in a buffer overflow.
|
| r3179) | netwerk/test/TestPerf.cpp:118 High: sscanf: Check to be sure that the format string passed as argument 2 to this function call does not come from an untrusted source that could have added formatting characters that the code is not prepared to handle. Additionally, the format string could contain `%s' without precision that could result in a buffer overflow.
|
| r3180) | netwerk/test/TestProtocols.cpp:28 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3181) | netwerk/test/TestProtocols.cpp:78 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3182) | netwerk/test/TestProtocols.cpp:185 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3183) | netwerk/test/TestProtocols.cpp:281 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3184) | netwerk/test/TestProtocols.cpp:301 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3185) | netwerk/test/TestProtocols.cpp:525 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3186) | netwerk/test/TestProtocols.cpp:567 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3187) | netwerk/test/TestRawCache.cpp:569 High: scanf: Check to be sure that the format string passed as argument 2 to this function call does not come from an untrusted source that could have added formatting characters that the code is not prepared to handle. Additionally, the format string could contain `%s' without precision that could result in a buffer overflow.
|
| r3188) | netwerk/test/TestRes.cpp:218 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3189) | netwerk/test/TestRes.cpp:323 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3190) | netwerk/test/TestRes.cpp:358 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3191) | netwerk/test/TestRes.cpp:424 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3192) | netwerk/test/TestRes.cpp:482 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3193) | netwerk/test/TestRes.cpp:527 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3194) | netwerk/test/TestRes.cpp:528 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3195) | netwerk/test/TestRes.cpp:586 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3196) | netwerk/test/TestRes.cpp:588 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3197) | netwerk/test/TestRes.cpp:589 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3198) | netwerk/test/TestSocketInput.cpp:102 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3199) | netwerk/test/TestSocketInput.cpp:187 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3200) | netwerk/test/TestSocketInput.cpp:114 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3201) | netwerk/test/TestSocketIO.cpp:120 High: printf: Check to be sure that the non-constant format string passed as argument 1 to this function call does not come from an untrusted source that could have added formatting characters that the code is not prepared to handle.
|
| r3202) | netwerk/test/TestSocketIO.cpp:115 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3203) | netwerk/test/TestSocketIO.cpp:231 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3204) | netwerk/test/TestSocketIO.cpp:315 High: PR_smprintf: Check to be sure that the non-constant format string passed as argument 1 to this function call does not come from an untrusted source that could have added formatting characters that the code is not prepared to handle.
|
| r3205) | netwerk/test/TestSocketTransport.cpp:266 Medium: signal: When setting signal handlers, do not use the same function to handle multiple signals. There exists the possibility a race condition will result if 2 or more different signals are sent to the process at nearly the same time. Also, when writing signal handlers, it is best to do as little as possible in them. The best strategy is to use the signal handler to set a flag, that another part of the program tests and performs the appropriate action(s) when it is set. See also: http://razor.bindview.com/publish/papers/signals.txt
|
| r3206) | netwerk/test/TestSocketTransport.cpp:268 Medium: signal: When setting signal handlers, do not use the same function to handle multiple signals. There exists the possibility a race condition will result if 2 or more different signals are sent to the process at nearly the same time. Also, when writing signal handlers, it is best to do as little as possible in them. The best strategy is to use the signal handler to set a flag, that another part of the program tests and performs the appropriate action(s) when it is set. See also: http://razor.bindview.com/publish/papers/signals.txt
|
| r3207) | netwerk/test/TestSyncHTTP.cpp:260 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3208) | netwerk/test/TestThreadedIO.cpp:78 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3209) | netwerk/test/TestUpload.cpp:138 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3210) | netwerk/test/TestUpload.cpp:173 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3211) | netwerk/test/TestWriteSpeed.cpp:97 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3212) | netwerk/test/TestWriteStream.cpp:86 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3213) | netwerk/test/urltest.cpp:126 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3214) | netwerk/test/urltest.cpp:176 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3230) | nsprpub/lib/libc/include/plstr.h:282 Medium: lstat: A potential TOCTOU (Time Of Check, Time Of Use) vulnerability exists. This is the first line where a check has occured. The following line(s) contain uses that may match up with this check: 287 (unlink), 290 (mkdir), 292 (chown), 334 (lchown)
|
| r3231) | nsprpub/lib/libc/include/plstr.h:91 High: PL_strcpy: Check to be sure that argument 2 passed to this function call will not copy more data than can be handled, resulting in a buffer overflow.
|
| r3232) | nsprpub/lib/libc/src/strcat.c:177 High: PL_strcat: Check to be sure that argument 2 passed to this function call will not copy more data than can be handled, resulting in a buffer overflow.
|
| r3233) | nsprpub/lib/libc/src/strcpy.c:38 High: PL_strcat: Check to be sure that argument 2 passed to this function call will not copy more data than can be handled, resulting in a buffer overflow.
|
| r3234) | nsprpub/lib/libc/src/strdup.c:38 High: PL_strcpy: Check to be sure that argument 2 passed to this function call will not copy more data than can be handled, resulting in a buffer overflow.
|
| r3235) | nsprpub/lib/msgc/src/prgcapi.c:52 High: PL_strcpy: Check to be sure that argument 2 passed to this function call will not copy more data than can be handled, resulting in a buffer overflow.
|
| r3236) | nsprpub/lib/msgc/src/prmsgc.c:276 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3237) | nsprpub/lib/msgc/src/prmsgc.c:455 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3238) | nsprpub/lib/msgc/src/prmsgc.c:3487 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3239) | nsprpub/lib/msgc/src/unixgc.c:1945 High: fprintf: Check to be sure that the non-constant format string passed as argument 2 to this function call does not come from an untrusted source that could have added formatting characters that the code is not prepared to handle.
|
| r3240) | nsprpub/lib/msgc/src/unixgc.c:1974 High: fprintf: Check to be sure that the non-constant format string passed as argument 2 to this function call does not come from an untrusted source that could have added formatting characters that the code is not prepared to handle.
|
| r3241) | nsprpub/lib/msgc/src/unixgc.c:3471 High: fprintf: Check to be sure that the non-constant format string passed as argument 2 to this function call does not come from an untrusted source that could have added formatting characters that the code is not prepared to handle.
|
| r3243) | nsprpub/lib/prstreams/prstrms.cpp:143 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3244) | nsprpub/lib/prstreams/prstrms.cpp:243 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3317) | nsprpub/pr/include/gencfg.c:3032 High: PL_strcat: Check to be sure that argument 2 passed to this function call will not copy more data than can be handled, resulting in a buffer overflow.
|
| r3318) | nsprpub/pr/include/gencfg.c:3033 High: PL_strcat: Check to be sure that argument 2 passed to this function call will not copy more data than can be handled, resulting in a buffer overflow.
|
| r3319) | nsprpub/pr/include/prio.h:193 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3320) | nsprpub/pr/include/prio.h:210 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3321) | nsprpub/pr/include/prprf.h:167 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3322) | nsprpub/pr/include/prprf.h:169 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3323) | nsprpub/pr/include/prprf.h:177 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3324) | nsprpub/pr/include/prprf.h:179 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3325) | nsprpub/pr/include/prprf.h:192 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3326) | nsprpub/pr/include/prprf.h:73 High: PR_smprintf: Check to be sure that the non-constant format string passed as argument 1 to this function call does not come from an untrusted source that could have added formatting characters that the code is not prepared to handle.
|
| r3328) | nsprpub/pr/include/prprf.h:87 High: PR_sprintf_append: Check to be sure that the format string passed as argument 2 to this function call does not come from an untrusted source that could have added formatting characters that the code is not prepared to handle. Additionally, the format string could contain `%s' without precision that could result in a buffer overflow.
|
| r3329) | nsprpub/pr/include/prprf.h:103 High: PR_fprintf: Check to be sure that the non-constant format string passed as argument 2 to this function call does not come from an untrusted source that could have added formatting characters that the code is not prepared to handle.
|
| r3330) | nsprpub/pr/include/prprf.h:109 High: PR_vsmprintf: Check to be sure that the non-constant format string passed as argument 1 to this function call does not come from an untrusted source that could have added formatting characters that the code is not prepared to handle.
|
| r3332) | nsprpub/pr/include/prprf.h:110 High: PR_vsprintf_append: Check to be sure that the format string passed as argument 2 to this function call does not come from an untrusted source that could have added formatting characters that the code is not prepared to handle. Additionally, the format string could contain `%s' without precision that could result in a buffer overflow.
|
| r3333) | nsprpub/pr/include/prprf.h:112 High: PR_vfprintf: Check to be sure that the non-constant format string passed as argument 2 to this function call does not come from an untrusted source that could have added formatting characters that the code is not prepared to handle.
|
| r3334) | nsprpub/pr/include/prprf.h:147 High: PR_sscanf: Check to be sure that the non-constant format string passed as argument 2 to this function call does not come from an untrusted source that could have added formatting characters that the code is not prepared to handle.
|
| r3335) | nsprpub/pr/include/md/sunos4.h:147 High: PR_sscanf: Check to be sure that the format string passed as argument 2 to this function call does not come from an untrusted source that could have added formatting characters that the code is not prepared to handle. Additionally, the format string could contain `%s' without precision that could result in a buffer overflow.
|
| r3353) | nsprpub/pr/include/md/sunos4.h:100 Medium: fgetc: Check buffer boundaries if calling this function in a loop and make sure you are not in danger of writing past the allocated space.
|
| r3354) | nsprpub/pr/include/md/sunos4.h:124 Medium: srand48: Standard random number generators should not be used to generate randomness used for security reasons. For security sensitive randomness a crytographic randomness generator that provides sufficient entropy should be used.
|
| r3357) | nsprpub/pr/include/md/_macos.h:152 Medium: lstat: A potential TOCTOU (Time Of Check, Time Of Use) vulnerability exists. This is the first line where a check has occured. The following line(s) contain uses that may match up with this check: 112 (remove), 144 (rename)
|
| r3358) | nsprpub/pr/include/md/_pcos.h:604 High: gethostbyaddr: DNS results can easily be forged by an attacker (or arbitrarily set to large values, etc), and should not be trusted.
|
| r3359) | nsprpub/pr/include/md/_unixos.h:59 High: getopt: Truncate all input strings to a reasonable length before passing them to this function
|
| r3360) | nsprpub/pr/include/md/_win16.h:587 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3361) | nsprpub/pr/src/cplus/rcfileio.cpp:137 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3364) | nsprpub/pr/src/io/prlayer.c:256 High: PR_fprintf: Check to be sure that the non-constant format string passed as argument 2 to this function call does not come from an untrusted source that could have added formatting characters that the code is not prepared to handle.
|
| r3365) | nsprpub/pr/src/io/prlog.c:638 High: strcpy: Check to be sure that argument 2 passed to this function call will not copy more data than can be handled, resulting in a buffer overflow.
|
| r3366) | nsprpub/pr/src/io/prpolevt.c:197 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3367) | nsprpub/pr/src/io/prpolevt.c:301 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3368) | nsprpub/pr/src/io/prpolevt.c:406 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3369) | nsprpub/pr/src/io/prprf.c:503 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3370) | nsprpub/pr/src/io/prprf.c:253 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3371) | nsprpub/pr/src/io/prprf.c:293 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3372) | nsprpub/pr/src/io/prprf.c:340 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3373) | nsprpub/pr/src/io/prprf.c:341 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3374) | nsprpub/pr/src/io/prprf.c:710 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3378) | nsprpub/pr/src/io/prprf.c:1109 High: PR_smprintf: Check to be sure that the non-constant format string passed as argument 1 to this function call does not come from an untrusted source that could have added formatting characters that the code is not prepared to handle.
|
| r3379) | nsprpub/pr/src/io/prprf.c:1115 High: PR_vsmprintf: Check to be sure that the non-constant format string passed as argument 1 to this function call does not come from an untrusted source that could have added formatting characters that the code is not prepared to handle.
|
| r3380) | nsprpub/pr/src/io/prprf.c:1128 High: PR_vsmprintf: Check to be sure that the non-constant format string passed as argument 1 to this function call does not come from an untrusted source that could have added formatting characters that the code is not prepared to handle.
|
| r3382) | nsprpub/pr/src/io/prprf.c:1209 High: PR_sprintf_append: Check to be sure that the format string passed as argument 2 to this function call does not come from an untrusted source that could have added formatting characters that the code is not prepared to handle. Additionally, the format string could contain `%s' without precision that could result in a buffer overflow.
|
| r3383) | nsprpub/pr/src/io/prprf.c:1215 High: PR_vsprintf_append: Check to be sure that the non-constant format string passed as argument 2 to this function call does not come from an untrusted source that could have added formatting characters that the code is not prepared to handle.
|
| r3384) | nsprpub/pr/src/io/prprf.c:1220 High: PR_vsprintf_append: Check to be sure that the non-constant format string passed as argument 2 to this function call does not come from an untrusted source that could have added formatting characters that the code is not prepared to handle.
|
| r3385) | nsprpub/pr/src/io/prscanf.c:1215 High: PR_vsprintf_append: Check to be sure that the format string passed as argument 2 to this function call does not come from an untrusted source that could have added formatting characters that the code is not prepared to handle. Additionally, the format string could contain `%s' without precision that could result in a buffer overflow.
|
| r3386) | nsprpub/pr/src/io/prscanf.c:1220 High: PR_vsprintf_append: Check to be sure that the format string passed as argument 2 to this function call does not come from an untrusted source that could have added formatting characters that the code is not prepared to handle. Additionally, the format string could contain `%s' without precision that could result in a buffer overflow.
|
| r3387) | nsprpub/pr/src/io/prscanf.c:228 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3388) | nsprpub/pr/src/io/prscanf.c:338 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3389) | nsprpub/pr/src/io/prscanf.c:654 High: PR_sscanf: Check to be sure that the non-constant format string passed as argument 2 to this function call does not come from an untrusted source that could have added formatting characters that the code is not prepared to handle.
|
| r3390) | nsprpub/pr/src/io/prstdio.c:654 High: PR_sscanf: Check to be sure that the format string passed as argument 2 to this function call does not come from an untrusted source that could have added formatting characters that the code is not prepared to handle. Additionally, the format string could contain `%s' without precision that could result in a buffer overflow.
|
| r3391) | nsprpub/pr/src/io/prstdio.c:42 High: PR_fprintf: Check to be sure that the non-constant format string passed as argument 2 to this function call does not come from an untrusted source that could have added formatting characters that the code is not prepared to handle.
|
| r3392) | nsprpub/pr/src/io/prstdio.c:48 High: PR_vfprintf: Check to be sure that the non-constant format string passed as argument 2 to this function call does not come from an untrusted source that could have added formatting characters that the code is not prepared to handle.
|
| r3393) | nsprpub/pr/src/io/prstdio.c:53 High: PR_vfprintf: Check to be sure that the non-constant format string passed as argument 2 to this function call does not come from an untrusted source that could have added formatting characters that the code is not prepared to handle.
|
| r3394) | nsprpub/pr/src/linking/prlink.c:57 High: PR_vsmprintf: Check to be sure that the non-constant format string passed as argument 1 to this function call does not come from an untrusted source that could have added formatting characters that the code is not prepared to handle.
|
| r3402) | nsprpub/pr/src/linking/prlink.c:547 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3403) | nsprpub/pr/src/linking/prlink.c:646 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3404) | nsprpub/pr/src/linking/prlink.c:870 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3405) | nsprpub/pr/src/malloc/prmalloc.c:618 High: LoadLibrary: LoadLibrary will search several places for a library if no path is specified, allowing trojan DLL's to be inserted elsewhere even if the intended DLL is correctly protected from overwriting. Make sure to specify the full path.
|
| r3406) | nsprpub/pr/src/malloc/prmalloc.c:313 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3407) | nsprpub/pr/src/malloc/prmalloc.c:331 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3409) | nsprpub/pr/src/malloc/prmem.c:65 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3411) | nsprpub/pr/src/md/beos/bfile.c:343 Medium: realloc: Don't use on memory intended to be secure, because the old structure will not be zeroed out.
|
| r3412) | nsprpub/pr/src/md/beos/bfile.c:448 Medium: realloc: Don't use on memory intended to be secure, because the old structure will not be zeroed out.
|
| r3413) | nsprpub/pr/src/md/beos/bfile.c:493 Medium: realloc: Don't use on memory intended to be secure, because the old structure will not be zeroed out.
|
| r3414) | nsprpub/pr/src/md/beos/bfile.c:660 Medium: realloc: Don't use on memory intended to be secure, because the old structure will not be zeroed out.
|
| r3415) | nsprpub/pr/src/md/beos/bfile.c:229 Medium: read: Check buffer boundaries if calling this function in a loop and make sure you are not in danger of writing past the allocated space.
|
| r3416) | nsprpub/pr/src/md/mac/macdll.c:502 Medium: access: A potential TOCTOU (Time Of Check, Time Of Use) vulnerability exists. This is the first line where a check has occured. The following line(s) contain uses that may match up with this check: 532 (mkdir), 547 (rmdir)
|
| r3417) | nsprpub/pr/src/md/mac/macio.c:395 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3418) | nsprpub/pr/src/md/mac/macio.c:542 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3419) | nsprpub/pr/src/md/mac/macio.c:1616 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3422) | nsprpub/pr/src/md/mac/macio.c:1392 Medium: realloc: Don't use on memory intended to be secure, because the old structure will not be zeroed out.
|
| r3423) | nsprpub/pr/src/md/mac/macsockotpt.c:943 Medium: stat: A potential TOCTOU (Time Of Check, Time Of Use) vulnerability exists. This is the first line where a check has occured. The following line(s) contain uses that may match up with this check: 1572 (fopen)
|
| r3424) | nsprpub/pr/src/md/mac/macsockotpt.c:788 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3425) | nsprpub/pr/src/md/mac/macsockotpt.c:913 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3426) | nsprpub/pr/src/md/mac/macsockotpt.c:2149 High: gethostbyname: DNS results can easily be forged by an attacker (or arbitrarily set to large values, etc), and should not be trusted.
|
| r3427) | nsprpub/pr/src/md/mac/macsockotpt.c:2199 High: gethostbyname: DNS results can easily be forged by an attacker (or arbitrarily set to large values, etc), and should not be trusted.
|
| r3428) | nsprpub/pr/src/md/mac/mdmac.c:2190 High: gethostbyaddr: DNS results can easily be forged by an attacker (or arbitrarily set to large values, etc), and should not be trusted.
|
| r3430) | nsprpub/pr/src/md/mac/macsocket.h:647 High: PR_vsmprintf: Check to be sure that the non-constant format string passed as argument 1 to this function call does not come from an untrusted source that could have added formatting characters that the code is not prepared to handle.
|
| r3431) | nsprpub/pr/src/md/mac/macsocket.h:66 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3432) | nsprpub/pr/src/md/mac/macsocket.h:79 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3433) | nsprpub/pr/src/md/mac/macsocket.h:212 High: gethostbyname: DNS results can easily be forged by an attacker (or arbitrarily set to large values, etc), and should not be trusted.
|
| r3434) | nsprpub/pr/src/md/os2/os2io.c:213 High: gethostbyaddr: DNS results can easily be forged by an attacker (or arbitrarily set to large values, etc), and should not be trusted.
|
| r3435) | nsprpub/pr/src/md/os2/os2io.c:410 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3436) | nsprpub/pr/src/md/os2/os2io.c:502 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3437) | nsprpub/pr/src/md/os2/os2io.c:527 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3438) | nsprpub/pr/src/md/os2/os2misc.c:529 High: strcpy: Check to be sure that argument 2 passed to this function call will not copy more data than can be handled, resulting in a buffer overflow.
|
| r3440) | nsprpub/pr/src/md/os2/os2misc.c:141 High: strcat: Check to be sure that argument 2 passed to this function call will not copy more data than can be handled, resulting in a buffer overflow.
|
| r3441) | nsprpub/pr/src/md/os2/os2misc.c:250 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3442) | nsprpub/pr/src/md/os2/os2misc.c:251 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3443) | nsprpub/pr/src/md/os2/os2misc.c:252 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3444) | nsprpub/pr/src/md/os2/os2misc.c:298 High: strcpy: Check to be sure that argument 2 passed to this function call will not copy more data than can be handled, resulting in a buffer overflow.
|
| r3445) | nsprpub/pr/src/md/os2/os2misc.c:333 High: strcpy: Check to be sure that argument 2 passed to this function call will not copy more data than can be handled, resulting in a buffer overflow.
|
| r3446) | nsprpub/pr/src/md/os2/os2misc.c:330 High: sprintf: Check to be sure that the non-constant format string passed as argument 2 to this function call does not come from an untrusted source that could have added formatting characters that the code is not prepared to handle.
|
| r3447) | nsprpub/pr/src/md/unix/aix.c:330 High: sprintf: Check to be sure that the format string passed as argument 2 to this function call does not come from an untrusted source that could have added formatting characters that the code is not prepared to handle. Additionally, the format string could contain `%s' without precision that could result in a buffer overflow.
|
| r3449) | nsprpub/pr/src/md/unix/irix.c:473 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3450) | nsprpub/pr/src/md/unix/irix.c:1167 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3451) | nsprpub/pr/src/md/unix/irix.c:1168 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3452) | nsprpub/pr/src/md/unix/irix.c:1269 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3453) | nsprpub/pr/src/md/unix/irix.c:1270 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3457) | nsprpub/pr/src/md/unix/nextstep.c:93 Medium: tmpfile: Many calls for generating temporary file names are insecure (susceptible to race conditions). Use a securely generated file name, for example, by pulling 64 bits of randomness from /dev/random, base 64 encoding it and using that as a file suffix.
|
| r3458) | nsprpub/pr/src/md/unix/scoos.c:169 High: strcpy: Check to be sure that argument 2 passed to this function call will not copy more data than can be handled, resulting in a buffer overflow.
|
| r3459) | nsprpub/pr/src/md/unix/solaris.c:93 Medium: tmpfile: Many calls for generating temporary file names are insecure (susceptible to race conditions). Use a securely generated file name, for example, by pulling 64 bits of randomness from /dev/random, base 64 encoding it and using that as a file suffix.
|
| r3460) | nsprpub/pr/src/md/unix/unix.c:485 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3466) | nsprpub/pr/src/md/unix/unix.c:329 Medium: read: Check buffer boundaries if calling this function in a loop and make sure you are not in danger of writing past the allocated space.
|
| r3467) | nsprpub/pr/src/md/unix/unix.c:799 Medium: read: Check buffer boundaries if calling this function in a loop and make sure you are not in danger of writing past the allocated space.
|
| r3468) | nsprpub/pr/src/md/unix/unix.c:1700 Medium: read: Check buffer boundaries if calling this function in a loop and make sure you are not in danger of writing past the allocated space.
|
| r3469) | nsprpub/pr/src/md/unix/unix.c:1721 Medium: read: Check buffer boundaries if calling this function in a loop and make sure you are not in danger of writing past the allocated space.
|
| r3470) | nsprpub/pr/src/md/unix/unix.c:1917 Medium: read: Check buffer boundaries if calling this function in a loop and make sure you are not in danger of writing past the allocated space.
|
| r3471) | nsprpub/pr/src/md/unix/unix.c:1935 Medium: read: Check buffer boundaries if calling this function in a loop and make sure you are not in danger of writing past the allocated space.
|
| r3472) | nsprpub/pr/src/md/unix/unix.c:2000 Medium: read: Check buffer boundaries if calling this function in a loop and make sure you are not in danger of writing past the allocated space.
|
| r3473) | nsprpub/pr/src/md/unix/unixware.c:268 Medium: access: A potential TOCTOU (Time Of Check, Time Of Use) vulnerability exists. This is the first line where a check has occured. The following line(s) contain uses that may match up with this check: 146 (opendir), 210 (unlink)
|
| r3474) | nsprpub/pr/src/md/unix/uxproces.c:96 Medium: tmpfile: Many calls for generating temporary file names are insecure (susceptible to race conditions). Use a securely generated file name, for example, by pulling 64 bits of randomness from /dev/random, base 64 encoding it and using that as a file suffix.
|
| r3475) | nsprpub/pr/src/md/unix/uxproces.c:174 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3476) | nsprpub/pr/src/md/unix/uxproces.c:692 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3477) | nsprpub/pr/src/md/unix/uxrng.c:720 Medium: read: Check buffer boundaries if calling this function in a loop and make sure you are not in danger of writing past the allocated space.
|
| r3478) | nsprpub/pr/src/md/unix/uxshm.c:163 Medium: read: Check buffer boundaries if calling this function in a loop and make sure you are not in danger of writing past the allocated space.
|
| r3479) | nsprpub/pr/src/md/unix/uxshm.c:78 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3480) | nsprpub/pr/src/md/unix/uxshm.c:228 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3481) | nsprpub/pr/src/md/unix/uxshm.c:316 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3482) | nsprpub/pr/src/md/unix/uxshm.c:454 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3483) | nsprpub/pr/src/md/windows/ntio.c:106 High: strcpy: Check to be sure that argument 2 passed to this function call will not copy more data than can be handled, resulting in a buffer overflow.
|
| r3484) | nsprpub/pr/src/md/windows/ntio.c:344 High: strcpy: Check to be sure that argument 2 passed to this function call will not copy more data than can be handled, resulting in a buffer overflow.
|
| r3485) | nsprpub/pr/src/md/windows/ntio.c:2737 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3486) | nsprpub/pr/src/md/windows/ntio.c:2887 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3487) | nsprpub/pr/src/md/windows/ntio.c:2996 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3488) | nsprpub/pr/src/md/windows/ntmisc.c:2746 High: strcpy: Check to be sure that argument 2 passed to this function call will not copy more data than can be handled, resulting in a buffer overflow.
|
| r3489) | nsprpub/pr/src/md/windows/ntmisc.c:2889 High: strcpy: Check to be sure that argument 2 passed to this function call will not copy more data than can be handled, resulting in a buffer overflow.
|
| r3491) | nsprpub/pr/src/md/windows/ntmisc.c:461 High: CreateProcess: Many program execution commands under Windows will search the path for a program if you do not explicitly specify a full path to the file. This can allow trojans to be executed instead. Also, be sure to specify a file extension, since otherwise multiple extensions will be tried by the operating system, providing another opportunity for trojans.
|
| r3492) | nsprpub/pr/src/md/windows/ntsec.c:461 High: CreateProcess: Argument 3 to this function call should be checked to ensure that it does not come from an untrusted source without first verifying that it contains nothing dangerous.
|
| r3493) | nsprpub/pr/src/md/windows/w16callb.c:244 Medium: SetSecurityDescriptorDacl: If the third argument, pDacl, is NULL there is no protection from attack. As an example, an attacker could set a Deny All to Everyone ACE on such an object.
|
| r3494) | nsprpub/pr/src/md/windows/w16io.c:76 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3495) | nsprpub/pr/src/md/windows/w16io.c:233 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3496) | nsprpub/pr/src/md/windows/w16io.c:148 Medium: read: Check buffer boundaries if calling this function in a loop and make sure you are not in danger of writing past the allocated space.
|
| r3497) | nsprpub/pr/src/md/windows/w16stdio.c:583 Medium: access: A potential TOCTOU (Time Of Check, Time Of Use) vulnerability exists. This is the first line where a check has occured. The following line(s) contain uses that may match up with this check: 334 (opendir), 412 (remove)
|
| r3499) | nsprpub/pr/src/md/windows/w32shm.c:136 Medium: realloc: Don't use on memory intended to be secure, because the old structure will not be zeroed out.
|
| r3500) | nsprpub/pr/src/md/windows/w32shm.c:66 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3501) | nsprpub/pr/src/md/windows/w95cv.c:102 High: strcpy: Check to be sure that argument 2 passed to this function call will not copy more data than can be handled, resulting in a buffer overflow.
|
| r3502) | nsprpub/pr/src/md/windows/w95io.c:279 High: EnterCriticalSection: This function can throw exceptions in low memory conditions. Use InitialCriticalSectionAndSpinCount instead.
|
| r3503) | nsprpub/pr/src/md/windows/w95io.c:490 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3504) | nsprpub/pr/src/md/windows/w95io.c:644 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3505) | nsprpub/pr/src/md/windows/w95io.c:753 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3506) | nsprpub/pr/src/misc/pratom.c:499 High: strcpy: Check to be sure that argument 2 passed to this function call will not copy more data than can be handled, resulting in a buffer overflow.
|
| r3507) | nsprpub/pr/src/misc/pratom.c:646 High: strcpy: Check to be sure that argument 2 passed to this function call will not copy more data than can be handled, resulting in a buffer overflow.
|
| r3509) | nsprpub/pr/src/misc/prcountr.c:344 High: strcpy: Check to be sure that argument 2 passed to this function call will not copy more data than can be handled, resulting in a buffer overflow.
|
| r3510) | nsprpub/pr/src/misc/prcountr.c:86 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3511) | nsprpub/pr/src/misc/prcountr.c:98 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3512) | nsprpub/pr/src/misc/prcountr.c:99 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3513) | nsprpub/pr/src/misc/prdtoa.c:192 High: strcpy: Check to be sure that argument 2 passed to this function call will not copy more data than can be handled, resulting in a buffer overflow.
|
| r3514) | nsprpub/pr/src/misc/prdtoa.c:214 High: strcpy: Check to be sure that argument 2 passed to this function call will not copy more data than can be handled, resulting in a buffer overflow.
|
| r3515) | nsprpub/pr/src/misc/prdtoa.c:215 High: strcpy: Check to be sure that argument 2 passed to this function call will not copy more data than can be handled, resulting in a buffer overflow.
|
| r3516) | nsprpub/pr/src/misc/prerrortable.c:1962 High: strcpy: Check to be sure that argument 2 passed to this function call will not copy more data than can be handled, resulting in a buffer overflow.
|
| r3517) | nsprpub/pr/src/misc/prerrortable.c:97 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3518) | nsprpub/pr/src/misc/prerrortable.c:124 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3519) | nsprpub/pr/src/misc/prinit.c:155 High: strcat: Check to be sure that argument 2 passed to this function call will not copy more data than can be handled, resulting in a buffer overflow.
|
| r3521) | nsprpub/pr/src/misc/pripc.c:573 High: strcpy: Check to be sure that argument 2 passed to this function call will not copy more data than can be handled, resulting in a buffer overflow.
|
| r3522) | nsprpub/pr/src/misc/pripcsem.c:116 High: strcpy: Check to be sure that argument 2 passed to this function call will not copy more data than can be handled, resulting in a buffer overflow.
|
| r3523) | nsprpub/pr/src/misc/prnetdb.c:90 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3524) | nsprpub/pr/src/misc/prnetdb.c:117 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3525) | nsprpub/pr/src/misc/prtime.c:210 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3526) | nsprpub/pr/src/misc/prtime.c:595 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3527) | nsprpub/pr/src/misc/prtime.c:701 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3528) | nsprpub/pr/src/misc/prtime.c:867 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3529) | nsprpub/pr/src/misc/prtrace.c:1767 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3530) | nsprpub/pr/src/misc/prtrace.c:76 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3531) | nsprpub/pr/src/misc/prtrace.c:88 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3532) | nsprpub/pr/src/misc/prtrace.c:89 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3533) | nsprpub/pr/src/pthreads/ptio.c:277 High: strcpy: Check to be sure that argument 2 passed to this function call will not copy more data than can be handled, resulting in a buffer overflow.
|
| r3534) | nsprpub/pr/src/pthreads/ptio.c:299 High: strcpy: Check to be sure that argument 2 passed to this function call will not copy more data than can be handled, resulting in a buffer overflow.
|
| r3535) | nsprpub/pr/src/pthreads/ptio.c:300 High: strcpy: Check to be sure that argument 2 passed to this function call will not copy more data than can be handled, resulting in a buffer overflow.
|
| r3536) | nsprpub/pr/src/pthreads/ptio.c:380 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3537) | nsprpub/pr/src/pthreads/ptio.c:755 Medium: read: Check buffer boundaries if calling this function in a loop and make sure you are not in danger of writing past the allocated space.
|
| r3538) | nsprpub/pr/src/pthreads/ptio.c:772 Medium: read: Check buffer boundaries if calling this function in a loop and make sure you are not in danger of writing past the allocated space.
|
| r3539) | nsprpub/pr/src/pthreads/ptio.c:1267 Medium: read: Check buffer boundaries if calling this function in a loop and make sure you are not in danger of writing past the allocated space.
|
| r3540) | nsprpub/pr/src/pthreads/ptio.c:1811 Medium: read: Check buffer boundaries if calling this function in a loop and make sure you are not in danger of writing past the allocated space.
|
| r3541) | nsprpub/pr/src/pthreads/ptio.c:3542 Medium: access: A potential TOCTOU (Time Of Check, Time Of Use) vulnerability exists. This is the first line where a check has occured. The following line(s) contain uses that may match up with this check: 3524 (unlink)
|
| r3542) | nsprpub/pr/src/pthreads/ptsynch.c:4575 Medium: stat: A potential TOCTOU (Time Of Check, Time Of Use) vulnerability exists. This is the first line where a check has occured. The following line(s) contain uses that may match up with this check: 3632 (mkdir), 3652 (rmdir), 3669 (opendir)
|
| r3543) | nsprpub/pr/src/threads/prdump.c:692 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3544) | nsprpub/pr/src/threads/prdump.c:767 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3545) | nsprpub/pr/src/threads/prdump.c:823 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3546) | nsprpub/pr/src/threads/prdump.c:959 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3547) | nsprpub/pr/src/threads/prrwlock.c:53 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3790) | plugin/oji/MRJ/plugin/Source/BackwardAdapter.cpp:67 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3791) | plugin/oji/MRJ/plugin/Source/BackwardAdapter.cpp:893 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3792) | plugin/oji/MRJ/plugin/Source/BackwardAdapter.cpp:2395 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3793) | plugin/oji/MRJ/plugin/Source/EmbeddedFrame.cpp:2081 High: strcpy: Check to be sure that argument 2 passed to this function call will not copy more data than can be handled, resulting in a buffer overflow.
|
| r3794) | plugin/oji/MRJ/plugin/Source/EmbeddedFrame.cpp:2085 High: strcpy: Check to be sure that argument 2 passed to this function call will not copy more data than can be handled, resulting in a buffer overflow.
|
| r3795) | plugin/oji/MRJ/plugin/Source/EmbeddedFrame.cpp:138 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3797) | plugin/oji/MRJ/plugin/Source/JSEvaluator.cpp:139 High: sprintf: Check to be sure that the format string passed as argument 2 to this function call does not come from an untrusted source that could have added formatting characters that the code is not prepared to handle. Additionally, the format string could contain `%s' without precision that could result in a buffer overflow.
|
| r3798) | plugin/oji/MRJ/plugin/Source/JSEvaluator.cpp:82 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3799) | plugin/oji/MRJ/plugin/Source/JSEvaluator.cpp:114 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3801) | plugin/oji/MRJ/plugin/Source/MRJConsole.cpp:85 High: strcat: Check to be sure that argument 2 passed to this function call will not copy more data than can be handled, resulting in a buffer overflow.
|
| r3802) | plugin/oji/MRJ/plugin/Source/MRJNetworking.cpp:179 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3803) | plugin/oji/MRJ/plugin/Source/MRJNetworking.cpp:65 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3804) | plugin/oji/MRJ/plugin/Source/MRJPlugin.cpp:126 Medium: read: Check buffer boundaries if calling this function in a loop and make sure you are not in danger of writing past the allocated space.
|
| r3805) | plugin/oji/MRJ/plugin/Source/MRJPlugin.cpp:141 Medium: read: Check buffer boundaries if calling this function in a loop and make sure you are not in danger of writing past the allocated space.
|
| r3806) | plugin/oji/MRJ/plugin/Source/MRJPlugin.cpp:379 Medium: read: Check buffer boundaries if calling this function in a loop and make sure you are not in danger of writing past the allocated space.
|
| r3807) | plugin/oji/MRJ/plugin/Source/MRJPlugin.cpp:396 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3808) | plugin/oji/MRJ/plugin/Source/MRJPlugin.cpp:402 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3809) | plugin/oji/MRJ/plugin/Source/MRJPlugin.cpp:699 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3810) | plugin/oji/MRJ/plugin/Source/MRJPlugin.cpp:398 High: strcpy: Check to be sure that argument 2 passed to this function call will not copy more data than can be handled, resulting in a buffer overflow.
|
| r3811) | plugin/oji/MRJ/plugin/Source/MRJPlugin.cpp:404 High: strcpy: Check to be sure that argument 2 passed to this function call will not copy more data than can be handled, resulting in a buffer overflow.
|
| r3812) | plugin/oji/MRJ/plugin/Source/MRJSession.cpp:404 High: strcat: Check to be sure that argument 2 passed to this function call will not copy more data than can be handled, resulting in a buffer overflow.
|
| r3813) | plugin/oji/MRJ/plugin/Source/nsLiveConnect.cpp:446 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3814) | plugin/oji/MRJ/plugin/Source/nsLiveConnect.cpp:70 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3815) | plugin/oji/MRJ/plugin/Source/nsLiveConnect.cpp:102 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3816) | plugin/oji/MRJ/plugin/Source/nsLiveConnect.cpp:134 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3818) | plugin/oji/MRJ/plugin/Source/StringUtils.cpp:104 High: strcat: Check to be sure that argument 2 passed to this function call will not copy more data than can be handled, resulting in a buffer overflow.
|
| r3819) | plugin/oji/MRJ/plugin/Source/StringUtils.cpp:80 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3820) | plugin/oji/MRJCarbon/plugin/Source/EmbeddedFrame.cpp:82 High: strcpy: Check to be sure that argument 2 passed to this function call will not copy more data than can be handled, resulting in a buffer overflow.
|
| r3821) | plugin/oji/MRJCarbon/plugin/Source/EmbeddedFrame.cpp:138 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3822) | plugin/oji/MRJCarbon/plugin/Source/EmbeddedFrame.cpp:139 High: sprintf: Check to be sure that the non-constant format string passed as argument 2 to this function call does not come from an untrusted source that could have added formatting characters that the code is not prepared to handle.
|
| r3823) | plugin/oji/MRJCarbon/plugin/Source/JSEvaluator.cpp:139 High: sprintf: Check to be sure that the format string passed as argument 2 to this function call does not come from an untrusted source that could have added formatting characters that the code is not prepared to handle. Additionally, the format string could contain `%s' without precision that could result in a buffer overflow.
|
| r3824) | plugin/oji/MRJCarbon/plugin/Source/JSEvaluator.cpp:82 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3825) | plugin/oji/MRJCarbon/plugin/Source/JSEvaluator.cpp:114 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3826) | plugin/oji/MRJCarbon/plugin/Source/JSEvaluator.cpp:84 High: strcpy: Check to be sure that argument 2 passed to this function call will not copy more data than can be handled, resulting in a buffer overflow.
|
| r3827) | plugin/oji/MRJCarbon/plugin/Source/MRJConsole.cpp:85 High: strcat: Check to be sure that argument 2 passed to this function call will not copy more data than can be handled, resulting in a buffer overflow.
|
| r3828) | plugin/oji/MRJCarbon/plugin/Source/MRJPlugin.cpp:185 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3829) | plugin/oji/MRJCarbon/plugin/Source/MRJPlugin.cpp:427 High: strcat: Check to be sure that argument 2 passed to this function call will not copy more data than can be handled, resulting in a buffer overflow.
|
| r3830) | plugin/oji/MRJCarbon/plugin/Source/MRJSession.cpp:444 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3831) | plugin/oji/MRJCarbon/plugin/Source/MRJSession.cpp:539 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3832) | plugin/oji/MRJCarbon/plugin/Source/MRJSession.cpp:734 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3833) | plugin/oji/MRJCarbon/plugin/Source/StringUtils.cpp:402 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3834) | plugin/oji/MRJCarbon/plugin/Source/StringUtils.cpp:513 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3835) | plugin/oji/MRJCarbon/plugin/Source/StringUtils.cpp:533 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3836) | plugin/oji/MRJCarbon/plugin/Source/StringUtils.cpp:80 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3837) | profile/pref-migrator/src/nsPrefMigration.cpp:82 High: strcpy: Check to be sure that argument 2 passed to this function call will not copy more data than can be handled, resulting in a buffer overflow.
|
| r3838) | profile/public/dialshr.h:1879 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3839) | profile/public/dialshr.h:2026 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3840) | profile/public/dialshr.h:2125 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3841) | profile/public/dialshr.h:2148 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3842) | profile/src/nsProfile.cpp:62 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3843) | profile/src/nsProfile.cpp:63 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3844) | profile/src/nsProfile.cpp:64 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3845) | profile/src/nsProfile.cpp:65 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3846) | profile/src/nsProfile.cpp:66 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3847) | profile/src/nsProfile.cpp:67 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3848) | profile/src/nsProfile.cpp:68 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3849) | profile/src/nsProfile.cpp:69 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3850) | profile/src/nsProfile.cpp:72 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3851) | profile/src/nsProfile.cpp:73 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3852) | profile/src/nsProfile.cpp:83 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3853) | profile/src/nsProfile.cpp:84 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3854) | profile/src/nsProfile.cpp:86 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3855) | profile/src/nsProfile.cpp:88 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3856) | profile/src/nsProfile.cpp:89 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3857) | profile/src/nsProfile.cpp:92 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3858) | profile/src/nsProfile.cpp:94 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3859) | profile/src/nsProfile.cpp:95 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3860) | profile/src/nsProfile.cpp:104 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3861) | profile/src/nsProfile.cpp:1992 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3862) | profile/src/nsProfile.cpp:2003 High: PL_strcpy: Check to be sure that argument 2 passed to this function call will not copy more data than can be handled, resulting in a buffer overflow.
|
| r3863) | profile/src/nsProfile.cpp:2011 High: PL_strcpy: Check to be sure that argument 2 passed to this function call will not copy more data than can be handled, resulting in a buffer overflow.
|
| r3864) | profile/src/nsProfile.cpp:2014 High: PL_strcpy: Check to be sure that argument 2 passed to this function call will not copy more data than can be handled, resulting in a buffer overflow.
|
| r3865) | profile/src/nsProfile.cpp:2004 High: PL_strcat: Check to be sure that argument 2 passed to this function call will not copy more data than can be handled, resulting in a buffer overflow.
|
| r3866) | profile/src/nsProfileAccess.cpp:1416 Medium: srand: Standard random number generators should not be used to generate randomness used for security reasons. For security sensitive randomness a crytographic randomness generator that provides sufficient entropy should be used.
|
| r3867) | rdf/base/src/nsRDFContainer.cpp:1866 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3868) | rdf/base/src/nsRDFContainer.cpp:1870 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3869) | rdf/base/src/nsRDFContainer.cpp:1891 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3870) | rdf/base/src/nsRDFContainerUtils.cpp:737 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3871) | rdf/base/src/nsRDFContainerUtils.cpp:162 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3872) | rdf/base/src/nsRDFParserUtils.cpp:164 High: PL_strcpy: Check to be sure that argument 2 passed to this function call will not copy more data than can be handled, resulting in a buffer overflow.
|
| r3873) | rdf/base/src/nsRDFService.cpp:118 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3874) | rdf/base/src/nsRDFService.cpp:108 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3875) | rdf/base/src/nsRDFService.cpp:1055 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3876) | rdf/base/src/nsRDFXMLDataSource.cpp:1063 High: PL_strcpy: Check to be sure that argument 2 passed to this function call will not copy more data than can be handled, resulting in a buffer overflow.
|
| r3877) | rdf/base/src/rdfutil.cpp:582 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3878) | rdf/chrome/src/nsChromeRegistry.cpp:183 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3879) | rdf/datasource/src/nsFileSystemDataSource.cpp:3283 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3880) | rdf/opendir/genopendir.c:1133 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3881) | rdf/opendir/genopendir.c:1589 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3882) | rdf/opendir/genopendir.c:1682 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3883) | rdf/opendir/genopendir.c:1793 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3884) | rdf/opendir/opendir.c:87 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3885) | rdf/opendir/opendir.c:157 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3886) | rdf/opendir/opendir.c:188 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3887) | rdf/opendir/opendir.c:221 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3888) | rdf/opendir/opendir.c:312 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3889) | rdf/opendir/opendir.c:321 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3890) | rdf/opendir/rdfparse.c:109 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3891) | rdf/opendir/rdfparse.c:377 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3892) | rdf/opendir/remstore.c:388 High: printf: Check to be sure that the non-constant format string passed as argument 1 to this function call does not come from an untrusted source that could have added formatting characters that the code is not prepared to handle.
|
| r3893) | rdf/opendir/remstore.c:397 High: printf: Check to be sure that the non-constant format string passed as argument 1 to this function call does not come from an untrusted source that could have added formatting characters that the code is not prepared to handle.
|
| r3894) | rdf/opendir/remstore.c:418 High: printf: Check to be sure that the non-constant format string passed as argument 1 to this function call does not come from an untrusted source that could have added formatting characters that the code is not prepared to handle.
|
| r3895) | rdf/opendir/remstore.c:420 High: printf: Check to be sure that the non-constant format string passed as argument 1 to this function call does not come from an untrusted source that could have added formatting characters that the code is not prepared to handle.
|
| r3896) | rdf/opendir/rl.c:72 Medium: realloc: Don't use on memory intended to be secure, because the old structure will not be zeroed out.
|
| r3897) | rdf/opendir/spf2ldiff.c:53 High: PR_vsmprintf: Check to be sure that the non-constant format string passed as argument 1 to this function call does not come from an untrusted source that could have added formatting characters that the code is not prepared to handle.
|
| r3899) | rdf/opendir/test.c:291 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3900) | rdf/opendir/rdf-int.h:52 High: gets: Gets is unsafe!! No bounds checking is performed, buffer is easily overflowable by user. Use fgets(buf, size, stdin) instead.
|
| r3907) | rdf/util/src/nsRDFResource.cpp:208 High: sscanf: Check to be sure that the format string passed as argument 2 to this function call does not come from an untrusted source that could have added formatting characters that the code is not prepared to handle. Additionally, the format string could contain `%s' without precision that could result in a buffer overflow.
|
| r3908) | rdf/util/src/nsRDFResource.cpp:220 High: sscanf: Check to be sure that the format string passed as argument 2 to this function call does not come from an untrusted source that could have added formatting characters that the code is not prepared to handle. Additionally, the format string could contain `%s' without precision that could result in a buffer overflow.
|
| r3909) | rdf/util/src/nsRDFResource.cpp:226 High: sscanf: Check to be sure that the format string passed as argument 2 to this function call does not come from an untrusted source that could have added formatting characters that the code is not prepared to handle. Additionally, the format string could contain `%s' without precision that could result in a buffer overflow.
|
| r3945) | security/manager/boot/src/nsEntropyCollector.h:154 Medium: lstat: A potential TOCTOU (Time Of Check, Time Of Use) vulnerability exists. This is the first line where a check has occured. The following line(s) contain uses that may match up with this check: 114 (remove), 146 (rename)
|
| r3946) | security/manager/ssl/src/nsCrypto.cpp:64 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3947) | security/manager/ssl/src/nsNSSCertHelper.cpp:1233 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3948) | security/manager/ssl/src/nsNSSCertificate.cpp:159 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3949) | security/manager/ssl/src/nsNSSCertificate.cpp:301 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3950) | security/manager/ssl/src/nsNSSCertificateDB.cpp:614 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3951) | security/manager/ssl/src/nsNSSCertificateDB.cpp:633 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3952) | security/manager/ssl/src/nsNSSCertificateDB.cpp:674 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3953) | security/manager/ssl/src/nsNSSCertificateDB.cpp:816 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3954) | security/manager/ssl/src/nsNSSComponent.cpp:1288 High: PR_smprintf: Check to be sure that the non-constant format string passed as argument 1 to this function call does not come from an untrusted source that could have added formatting characters that the code is not prepared to handle.
|
| r3955) | security/manager/ssl/src/nsNSSIOLayer.cpp:1215 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3956) | security/manager/ssl/src/nsNSSIOLayer.cpp:129 High: PR_vfprintf: Check to be sure that the non-constant format string passed as argument 2 to this function call does not come from an untrusted source that could have added formatting characters that the code is not prepared to handle.
|
| r3957) | security/manager/ssl/src/nsNSSIOLayer.cpp:463 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3958) | security/manager/ssl/src/nsPKCS12Blob.cpp:1099 Medium: read: Check buffer boundaries if calling this function in a loop and make sure you are not in danger of writing past the allocated space.
|
| r3959) | security/manager/ssl/src/nsPKCS12Blob.cpp:238 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3960) | security/manager/ssl/src/nsPKCS12Blob.cpp:495 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3961) | security/manager/ssl/src/nsPKCS12Blob.cpp:249 High: strcpy: Check to be sure that argument 2 passed to this function call will not copy more data than can be handled, resulting in a buffer overflow.
|
| r3962) | security/nss/cmd/addbuiltin/addbuiltin.c:502 Medium: read: Check buffer boundaries if calling this function in a loop and make sure you are not in danger of writing past the allocated space.
|
| r3963) | security/nss/cmd/atob/atob.c:81 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3964) | security/nss/cmd/atob/atob.c:82 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3966) | security/nss/cmd/bltest/blapitest.c:73 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3967) | security/nss/cmd/btoa/btoa.c:273 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3968) | security/nss/cmd/btoa/btoa.c:652 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3969) | security/nss/cmd/btoa/btoa.c:1651 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3970) | security/nss/cmd/btoa/btoa.c:1791 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3972) | security/nss/cmd/certcgi/certcgi.c:73 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3974) | security/nss/cmd/certutil/certutil.c:337 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3975) | security/nss/cmd/certutil/certutil.c:2236 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3976) | security/nss/cmd/certutil/certutil.c:2249 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3977) | security/nss/cmd/certutil/certutil.c:93 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3978) | security/nss/cmd/certutil/certutil.c:189 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3979) | security/nss/cmd/certutil/certutil.c:256 High: fixed size local buffer: Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
|
| r3980) | security/nss/cmd/certutil/certutil.c:104 High: scanf: Check to be sure that the format string passed as argument 2 to this function call does not come from an untrusted source that could have added formatting characters that the code is not prepared to handle. Additionally, the format string could contain `%s' without precision that could result in a buffer overflow.
|
| r3981) | security/nss/cmd/certutil/certutil.c:266 High: scanf: Check to be sure that the format string passed as argument 2 to this function call does not come from an untrusted source that could have added formatting characters that the code is not prepared to handle. Additionally, the format string could contain `%s' without precision that could result in a buffer overflow.
|
| r3982) | security/nss/cmd/certutil/certutil.c:1796 High: scanf: Check to be sure that the format string passed as argument 2 to this function call does not come from an untrusted source that could have added formatting characters that the code is not prepared to handle. Additionally, the format string could contain `%s' without precision that could result in a buffer overflow.
|
| r3983) | security/nss/cmd/certutil/certutil.c:1832 High: scanf: Check to be sure that the format string passed as argument 2 to this function call does not come from an untrusted source that could have added formatting characters that the code is not prepared to handle. Additionally, the format string could contain `%s' without precision that could result in a buffer overflow.
|
| r3984) | security/nss/cmd/certutil/keystuff.c:122 High: gets: Gets is unsafe!! No bounds checking is performed, buffer is easily overflowable by user. Use fgets(buf, size, stdin) instead.
|
| r3985) | security/nss/cmd/certutil/keystuff.c:195 High: gets: Gets is unsafe!! No bounds checking is performed, buffer is easily overflowable by user. Use fgets(buf, size, stdin) instead.
|
| r3986) | security/nss/cmd/certutil/keystuff.c:1321 High: gets: Gets is unsafe!! No bounds checking is performed, buffer is easily overflowable by user. Use fgets(buf, size, stdin) instead.
|
| r3987) | security/nss/cmd/certutil/keystuff.c:1336 High: gets: Gets is unsafe!! No bounds checking is performed, buffer is easily overflowable by user. Use fgets(buf, size, stdin) instead.
|
| r3988) | security/nss/cmd/certutil/keystuff.c:1479 High: gets: Gets is unsafe!! No bounds checking is performed, buffer is easily overflowable by user. Use fgets(buf, size, stdin) instead.
|
| r3989) | security/nss/cmd/certutil/keystuff.c:1518 High: gets: Gets is unsafe!! No bounds checking is performed, buffer is easily overflowable by user. Use fgets(buf, size, stdin) instead.
|
| r3990) | security/nss/cmd/certutil/keystuff.c:1547 High: gets: Gets is unsafe!! No bounds checking is performed, buffer is easily overflowable by user. Use fgets(buf, size, stdin) instead.
|
| r3991) | security/nss/cmd/certutil/keystuff.c:1558 High: gets: Gets is unsafe!! No bounds checking is performed, buffer is easily overflowable by user. Use fgets(buf, size, stdin) instead.
|
| r3992) | security/nss/cmd/certutil/keystuff.c:1609 High: gets: Gets is unsafe!! No bounds checking is performed, buffer is easily overflowable by user. Use fgets(buf, size, stdin) instead.
|
| r3993) | security/nss/cmd/certutil/keystuff.c:1614 High: gets: Gets is unsafe!! No bounds checking is performed, buffer is easily overflowable by user. Use fgets(buf, size, stdin) instead.
|
| r3994) | security/nss/cmd/certutil/keystuff.c:1624 High: gets: Gets is unsafe!! No bounds checking is performed, buffer is easily overflowable by user. Use fgets(buf, size, stdin) instead.
|
| r3995) | security/nss/cmd/certutil/keystuff.c:1756 High: gets: Gets is unsafe!! No bounds checking is performed, buffer is easily overflowable by user. Use fgets(buf, size, stdin) instead.
|
| r3996) | security/nss/cmd/certutil/keystuff.c:1811 High: gets: Gets is unsafe!! No bounds checking is performed, buffer is easily overflowable by user. Use fgets(buf, size, stdin) instead.
|
| r3997) | security/nss/cmd/certutil/keystuff.c:1879 High: gets: Gets is unsafe!! No bounds checking is performed, buffer is easily overflowable by user. Use fgets(buf, size, stdin) instead.
|
| r3999) | security/nss/cmd/checkcert/checkcert.c:129 Medium: getc: Check buffer boundaries if calling this function in a loop and make sure you are not in danger of writing past the allocated space.
|