├── .gitattributes ├── .gitignore ├── 2012-02-22 - Opera 12 - foreignObject textNode removeChild ├── Opera.dll!+0x1702B3 ExecAV@Arbitrary (39cbf6a121ca163e8ec1f3cb8387897c).html ├── Opera.dll!+0x1706B8 ReadAV@Arbitrary (59c34b915b36ac548dfc7b708b92a8bb).html ├── Opera.dll!+0x1706B8 ReadAV@NULL (59c34b915b36ac548dfc7b708b92a8bb).html ├── Opera.dll!+0x1706C7 ReadAV@Arbitrary (00410073b4514e671f91431a816b3c70).html ├── Opera.dll!+0x1706C7 ReadAV@Free (00410073b4514e671f91431a816b3c70).html ├── Opera.dll!+0x1706C7 ReadAV@NULL (00410073b4514e671f91431a816b3c70).html ├── Opera.dll!+0x1706C7 ReadAV@Uninitialized (00410073b4514e671f91431a816b3c70).html ├── Opera.dll!+0x1706C9 ReadAV@Arbitrary (f7cbdb2070de6a97705b87118bc6e027).html ├── Opera.dll!+0x1706C9 ReadAV@NULL (f7cbdb2070de6a97705b87118bc6e027).html ├── Opera.dll!+0x496973 WriteAV@Arbitrary (b068d282e6c828318ece2b843573acdb).html ├── Opera.dll!+0x49877B ExecAV@Arbitrary (f383ccc6321c4f2217cb028f17f2a6c3).html ├── Opera.dll!+0x49877B ExecAV@Free (f383ccc6321c4f2217cb028f17f2a6c3).html ├── Opera.dll!+0x49877B ExecAV@NULL (f383ccc6321c4f2217cb028f17f2a6c3).html ├── Opera.dll!+0x49877B ExecAV@Uninitialized (f383ccc6321c4f2217cb028f17f2a6c3).html ├── Opera.dll!+0x498E7C ReadAV@NULL (b0bb865e695287a72c98c8d710b7234e).html ├── Opera.dll!.0x155C8E ReadAV@Arbitrary (8060c8e7fcb0cfaae2112b8e8050986e).html ├── Opera.dll!.0x1706B8 ReadAV@Arbitrary (59c34b915b36ac548dfc7b708b92a8bb).html ├── Opera.dll!.0x1706B8 ReadAV@NULL (59c34b915b36ac548dfc7b708b92a8bb).html ├── Opera.dll!.0x1706B8 ReadAV@Uninitialized (59c34b915b36ac548dfc7b708b92a8bb).html ├── Opera.dll!.0x1706C7 ReadAV@Arbitrary (00410073b4514e671f91431a816b3c70).html ├── Opera.dll!.0x1706C7 ReadAV@Free (00410073b4514e671f91431a816b3c70).html ├── Opera.dll!.0x1706C7 ReadAV@NULL (00410073b4514e671f91431a816b3c70).html ├── Opera.dll!.0x1706C7 ReadAV@Uninitialized (00410073b4514e671f91431a816b3c70).html ├── Opera.dll!.0x1706C9 ReadAV@Arbitrary (f7cbdb2070de6a97705b87118bc6e027).html ├── Opera.dll!.0x1706C9 ReadAV@NULL (f7cbdb2070de6a97705b87118bc6e027).html ├── Opera.dll!.0x170A75 ReadAV@NULL (3564d9ef104a1965bdb0fdb44f611ea0).html ├── Opera.dll!.0x208CE6 WriteAV@NULL (52a6753481837468a7a799ff5b978fc4).html ├── Opera.dll!.0x2780EF ReadAV@NULL (864189389b7bcc634c043e26d21cadf9).html ├── Opera.dll!.0x49877B ExecAV@Arbitrary (f383ccc6321c4f2217cb028f17f2a6c3).html ├── Opera.dll!.0x49877B ExecAV@NULL (f383ccc6321c4f2217cb028f17f2a6c3).html └── repro │ ├── repro.svg │ └── sploit.svg ├── 2013-01-02 MSIE 10 MSHTML HtmlLayout..Node..ContentParent UAF ├── Arbitrary AVR@MSHTML.dll!CTreeNode..EnsureNestedFormats(jOP5).html ├── Arbitrary AVR@MSHTML.dll!HtmlLayout..Node..ContentParent(ZhbW).html ├── Arbitrary AVR@MSHTML.dll!HtmlLayout..TextBlock..ContaingBlockElementOfEndPos(yTMy).html ├── NULL+0x14 AVR@MSHTML.dll!HtmlLayout..Node..ContentParent(ZhbW).html ├── NULL+0x4 AVR@MSHTML.dll!HtmlLayout..Node..ContentParent(ZhbW).html ├── NULL+0x404 AVR@MSHTML.dll!HtmlLayout..Node..ContentParent(ZhbW).html └── NULL+0x43 AVR@MSHTML.dll!HtmlLayout..Node..ContentParent(ZhbW).html ├── 2013-09-27 chrome.dll!base..StringTokenizerT.......QuickGetNext OOB read ├── AssembleRawHeaders.c ├── FindStatusLineEnd.c ├── LocateStartOfStatusLine.c ├── QuickGetNext.c ├── chrome.dll!base..StringTokenizerT.......QuickGetNext Arbitrary AVR(AD11CFDE).html └── repro │ ├── 101.py │ ├── analysis.txt │ ├── index.html │ ├── non-ascii-header-null-ptr.py │ ├── poc.py │ └── proxy.html ├── 2014-03-02 MSIE 11 MSHTML BaseCSSParser..RecordProperty OOBR ├── MSHTML.dll!BaseCSSParser..RecordProperty Arbitrary AVR(47621293).html ├── repro.css └── repro.html ├── 2014-04-01 MSIE 9 MSHTML CAttrArray UAF ├── 2014-11-07 Analysis.txt ├── Arbitrary AVR@MSHTML.dll!+0x3E3EA7(-tv+).html ├── Arbitrary AVR@MSHTML.dll!+0x3E8E00(oHUf).html ├── IE 9.00 x86 MSHTML.dll!ParseListStyleProperty Arbitrary~FC8 AVR(75FC5EAB).html ├── IE 9.00 x86 MSHTML.dll!ParseListStyleProperty Arbitrary~FE8 AVR(75FC5EAB).html ├── MSHTML.dll!CAttrArray..Set Arbitrary AVR(7C7963D9).html ├── MSHTML.dll!ParseListStyleProperty Arbitrary~FA8 AVR(3986463A).html ├── MSHTML.dll!ParseListStyleProperty Arbitrary~FE0 AVR(3986463A).html ├── repro.html └── repro2.html ├── 2014-05-02 MSIE 11 MSHTML CView..CalculateImageImmunity UAF ├── MSHTML.dll!+0x6B9E9D Arbitrary~FC8 AVR(3A17B87F).html ├── MSHTML.dll!CView..CalculateImageImmunity Arbitrary~FB0 AVR(2B4083E3).html ├── MSHTML.dll!UrlImgCtxContainer..LDICheckInView Arbitrary~FC8 AVR(1C06B24A).html ├── [unknown] in user32.DLL!UserCallWinProcCheckWow Arbitrary~FC8 AVR(4B718858).html ├── analysis.txt ├── hasChildNodes.html └── repro.html ├── 2014-05-14 MSIE 9 MSHTML CMarkup..ReloadInCompatView UAF ├── Analysis.txt ├── MSHTML.dll!CMarkup..ReloadInCompatView Arbitrary~E58 AVR(D6B0C524).html ├── heap.html ├── heap.py ├── heap2.html └── repro.html ├── 2014-06-04 MSIE 8 MSTHML Ptls5..FsDestroyTextLayoutSession UAF ├── Analysis.txt ├── IE 8.00 x86 mshtml.dll!Ptls5..FsDestroyTextLayoutSession Arbitrary~D84 AVR(13AD8514).html ├── IE 8.00 x86 mshtml.dll!Ptls5..FsDestroyTextLayoutSession Arbitrary~E04 AVR(13AD8514).html ├── IE 8.00 x86 mshtml.dll!Ptls5..FsDestroyTextLayoutSession Arbitrary~E84 AVR(13AD8514).html ├── IE 8.00 x86 mshtml.dll!Ptls5..FsDestroyTextLayoutSession Arbitrary~F04 AVR(13AD8514).html ├── IE 8.00 x86 mshtml.dll!Ptls5..FsDestroyTextLayoutSession Arbitrary~F84 AVR(13AD8514).html └── repro.html ├── 2014-06-14 MSIE 8 MSHTML SRunPointer..SpanQualifier,RunType OOB read ├── Analysis.txt ├── IE 8.00 x86 mshtml.dll!SRunPointer..RunType Arbitrary~EC0 AVR(20943C18).html ├── IE 8.00 x86 mshtml.dll!SRunPointer..RunType Arbitrary~F30 AVR(20943C18).html ├── IE 8.00 x86 mshtml.dll!SRunPointer..RunType Arbitrary~F40 AVR(20943C18).html ├── IE 8.00 x86 mshtml.dll!SRunPointer..RunType Arbitrary~F70 AVR(20943C18).html ├── IE 8.00 x86 mshtml.dll!SRunPointer..RunType Arbitrary~F80 AVR(20943C18).html ├── IE 8.00 x86 mshtml.dll!SRunPointer..RunType Arbitrary~FB0 AVR(20943C18).html ├── IE 8.00 x86 mshtml.dll!SRunPointer..RunType Arbitrary~FC0 AVR(20943C18).html ├── IE 8.00 x86 mshtml.dll!SRunPointer..RunType Arbitrary~FD0 AVR(20943C18).html └── repro.html ├── 2014-07-02 MSIE10 MSHTML CElement..GetPlainTextInScope OOB read ├── IE 10.00 x86 MSHTML.dll!+0x142074 Arbitrary~000 AVR(5AAE627C).html ├── IE 10.00 x86 MSHTML.dll!+0x1449A8 Arbitrary~000 AVR(621D2CFB).html ├── IE 10.00 x86 MSHTML.dll!+0x1449A8 Arbitrary~000 AVR(89A8AA53).html ├── IE 10.00 x86 MSHTML.dll!CElement..GetPlainTextInScope Arbitrary~000 AVR(02058506).html ├── IE 10.00 x86 MSHTML.dll!CElement..GetPlainTextInScope Arbitrary~000 AVR(4B67A6C4).html ├── IE 10.00 x86 MSHTML.dll!CElement..GetPlainTextInScope Arbitrary~000 AVR(56BB30E2).html └── IE 10.00 x86 ntdll.dll!KiRaiseUserExceptionDispatcher InvalidHandle(BD405B4F).html ├── 2014-07-09 MSIE 9 MSHTML CPtsTextParaclient..CountApes OOB read ├── Analysis-details.txt ├── Analysis.txt ├── IE 9.00 x86 MSHTML.dll!CPtsTextParaclient..CountApes Arbitrary~BBB AVR(3CE28B51).html ├── MSHTML.dll!CPtsTextParaclient..CountApes Arbitrary AVR(3CE28B51).html ├── MSHTML.dll!CPtsTextParaclient..CountApes Arbitrary AVR(C1B4C602).html ├── MSHTML.dll!CPtsTextParaclient..CountApes NULL-0x1 AVR(3CE28B51).html ├── MSHTML.dll!CPtsTextParaclient..CountApes NULL-0x1 AVR(C1B4C602).html ├── repro1-helper.html ├── repro1.html ├── repro2-helper.html └── repro2.html ├── 2015-02-19 MSIE 9 html.iec PxchFindXch OOB read ├── Analysis.txt ├── IE 9.00 x86 html.iec!PxchFindXch Arbitrary AVR(ABA4E22D).html ├── repro.html └── target.xhtml ├── 2015-03-25 1501H - MSIE 8 - F12 Developer Tools tooltips UAF └── Analysis.txt ├── 2015-07-01 1143b - Firefox - xul mozilla..MediaStream use-after-free ├── 2015-07-01 Bugzilla 1179484 │ ├── Analysis.txt │ └── repro.html ├── 2015-09-04 jemalloc 272 │ └── Jemalloc issue 272.url ├── Notes.txt ├── poc.html └── repro.html ├── 2015-08-03 Chrome blink..XMLDocumentParser..startElementNs NULL ptr ├── Analysis.txt ├── Chromium issue 516290.url ├── crashes.txt └── repro │ ├── iframe.svg │ └── repro.html ├── 2015-08-30#1 AVR.NULL 1ff.228 @ iexplore.exe!mshtml.dll!CTsfTextStore..Initialize ├── AVR.NULL+4#N 868.1ff iexplore.exe!mshtml.dll!Tree..ElementNode..GetCElement.html ├── AVR.NULL+4#N 868.1ff iexplore.exe!mshtml.dll!Tree..ElementNode..GetCElement.png ├── AVR;NULL+0x10 iexplore.exe!MSHTML.dll!Tree;;ElementNode;;GetCElement AF0F.html ├── repro.html └── repro2.html ├── 2015-08-30#10 1207w - MSIE 10 AVR.NULL+0xA iexplore.exe!MSHTML.dll!HtmlLayout..Element..LastContentChild D7D8A4 ├── AVR;NULL+0xA iexplore.exe!MSHTML.dll!HtmlLayout;;Element;;LastContentChild D7D8.html └── repro.html ├── 2015-08-30#11 1207x - MSIE 10 AVR.NULL iexplore.exe!MSHTML.dll!CCollectionCache..CompareName 8C1AB7 ├── AVR.NULL iexplore.exe!MSHTML.dll!CCollectionCache..CompareName 8C1AB7.html ├── AVR;NULL iexplore.exe!MSHTML.dll!CCollectionCache;;CompareName C81A.html └── repro.html ├── 2015-08-30#12 1207y - MSIE 10 AVR;NULL+0x29 iexplore.exe!MSHTML.dll!CMarkup;;ReparentDirectChildren FEDB53 ├── AVR;NULL+0x29 iexplore.exe!MSHTML.dll!CMarkup;;ReparentDirectChildren FEDB.html └── repro.html ├── 2015-08-30#13 1207z - MSIE 8 AVR;NULL iexplore.exe!mshtml.dll!CStringTable;;Find B8534E ├── MSIE 8 AVR;NULL iexplore.exe!mshtml.dll!CStringTable;;Find B8534E.html └── repro.html ├── 2015-08-30#14 1173m - MSIE 8 AVR;NULL+0x84 iexplore.exe!mshtml.dll!CMarkup;;EmbedPointers 9BE518 ├── MSIE 8 AVR;NULL+0x84 iexplore.exe!mshtml.dll!CMarkup;;EmbedPointers 9BE518.html └── repro.html ├── 2015-08-30#15 1501N - MSIE 9,10,11 AVR;NULL iexplore.exe!MSHTML.dll!CDoc;;GetComputedStyle 82F0CA ├── 1501N - MSIE 10 - MSHTML CDoc..GetComputedStyle NULL ptr Microsoft Connect.URL ├── AVR;NULL iexplore.exe!MSHTML.dll!CComputedStyle;;CreateComputedStyle 0DF0.html ├── AVR;NULL iexplore.exe!MSHTML.dll!CDoc;;GetComputedStyle 82F0.html └── repro.html ├── 2015-08-30#2 1173o - MSIE 9-11 MSHTML CCanvasCompositor..~CCanvasCompositor NULL AVR ├── AVR;NULL+0x80 iexplore.exe!MSHTML.dll!CDispSurface;;DiscardAllLayers 20BA.html ├── AVR;NULL+0x88 iexplore.exe!MSHTML.dll!CCanvasCompositor;;~CCanvasCompositor BA0C.html ├── AVR;NULL+0x88 iexplore.exe!MSHTML.dll!CCanvasCompositor;;~CCanvasCompositor BA2B.html ├── AVR;NULL+0x9C iexplore.exe!MSHTML.dll!CCanvasCompositor;;~CCanvasCompositor BA0C.html ├── AVR;NULL+0x9C iexplore.exe!MSHTML.dll!CCanvasCompositor;;~CCanvasCompositor BAA5.html ├── repro.html ├── repro1.html └── repro2.html ├── 2015-08-30#3 1207n - MSIE 11 AVR.NULL+0x38 iexplore.exe!MSHTML.dll!CSVGSwitchElement..FindAndSetVisibleChildNode FA7BE5 └── repro.html ├── 2015-08-30#4 1207o - MSIE 8,9,10,11 AVR;NULL iexplore.exe!MSHTML.dll!HDLDESC;;FindPropDescForName 1E4E03 ├── AVR;NULL iexplore.exe!MSHTML.dll!CBase;;FindPropDescForName 4E03.html ├── AVR;NULL iexplore.exe!MSHTML.dll!CPtrBagVTableAggregate;;GetCi 941E.html ├── AVR;NULL iexplore.exe!MSHTML.dll!HDLDESC;;FindPropDescForName BBEC.html └── repro.html ├── 2015-08-30#5 AVR.NULL+4.N f0b.7d7 @ iexplore.exe!mshtml.dll!CGeneratedContent..ValidateCounterValue ├── 1175n - MSIE 11 MSHTML MSHTML!CGeneratedContent..ValidateCounterValue NULL+0x4 AVR Microsoft Connect.URL ├── AVR;NULL+0x8 iexplore.exe!MSHTML.dll!CGeneratedContent;;ValidateCounterValue C7CE.html └── repro.html ├── 2015-08-30#6 AVR.NULL 4df.0e2 @ iexplore.exe!mshtml.dll!CInclusionWalker..NextBranch ├── AVR.NULL 4df.0e2 @ iexplore.exe!mshtml.dll!CInclusionWalker..NextBranch.html ├── Microsoft Edge issue 1599878.URL └── repro.html ├── 2015-08-30#7 1173q - MSIE 11 CSS animation keyframes font NULL ptrs ├── AVR;Arbitrary iexplore.exe!ntdll.dll!LdrpValidateUserCallTarget 0BC8.html └── repro.xhtml ├── 2015-08-30#8 AVR։NULL e4d.73c @ microsoftedgecp.exe!edgehtml.dll!GetParentElement ├── AVR.NULL e4d.b3f @ microsoftedgecp.exe!edgehtml.dll!GetParentElement - frameset.html ├── AVR։NULL e4d.2f3 @ iexplore.exe!mshtml.dll!GetParentElement.html ├── AVR։NULL e4d.2f3 @ iexplore.exe!mshtml.dll!GetParentElement.png ├── AVR։NULL e4d.73c @ microsoftedgecp.exe!edgehtml.dll!GetParentElement - Microsoft Edge Development.URL ├── AVR։NULL e4d.73c @ microsoftedgecp.exe!edgehtml.dll!GetParentElement.html ├── AVR։NULL e4d.73c @ microsoftedgecp.exe!edgehtml.dll!GetParentElement.png ├── Internet Explorer 11 MSHTML GetParentElement NULL ptr Microsoft Connect.URL ├── repro - formatBlock.svg ├── repro - frameset.html ├── repro - frameset.xhtml ├── repro - unlink.html ├── repro2 │ ├── blank.svg │ └── repro.html └── repro3 │ ├── blank.svg │ └── repro.html ├── 2015-08-30#9 1501M - MSIE 11 AVR;NULL+0xC iexplore.exe!MSHTML.dll!COmWindowProxy;;Markup 87E44D ├── 1502C - MSIE 11 - MSHTML COmWindowProxy..Markup NULL ptr Microsoft Connect.URL ├── 87E4 AVR.NULL+X iexplore.exe!MSHTML.dll!COmWindowProxy..Markup.html ├── AVR;NULL+0x10 iexplore.exe!MSHTML.dll!CDoc;;UpdateDesignMode E44D.html ├── repro.html ├── repro │ ├── blank.html │ └── repro.html ├── repro2 │ ├── repro.html │ └── target.html └── repro3 │ └── repro.html ├── 2015-08-31 1502B - MSIE 8 AVR;NULL+0x2A iexplore.exe!mshtml.dll!SRunPointer;;IsRelativeSpanEdge FFBFD1 ├── AVR;NULL+0x2A iexplore.exe!mshtml.dll!SRunPointer;;IsRelativeSpanEdge FFBFD1.html ├── MSIE 8 Unknown function NULL ptr Microsoft Connect.URL ├── repro.html └── repro2.html ├── 2015-09-15 microsoftedgecp.exe!edgehtml.dll!C(Generated)Element։։ComputeFormatsVirtual ├── AVR։NULL+4⁎N e77.3bc │ ├── AVR։NULL+4⁎N e77.3bc @ microsoftedgecp.exe!edgehtml.dll!CssCalcExpressionHelpers։։GetCalcCtxFromNode.html │ ├── AVR։NULL+4⁎N e77.3bc @ microsoftedgecp.exe!edgehtml.dll!CssCalcExpressionHelpers։։GetCalcCtxFromNode.png │ └── repro.html ├── EdgeHTML issue - RecursiveCall dcb.5d7.9cf.25e.51e.fb7.7b4.c8e.f9f.020.URL ├── RecursiveCall 653.64e │ ├── RecursiveCall 653.64e @ microsoftedgecp.exe!edgehtml.dll!CElement։։ComputeFormatsVirtual.html │ ├── RecursiveCall 653.64e @ microsoftedgecp.exe!edgehtml.dll!CElement։։ComputeFormatsVirtual.png │ └── repro.html ├── RecursiveCall 653.b28 │ ├── RecursiveCall 653.b28 @ microsoftedgecp.exe!edgehtml.dll!CElement։։ComputeFormatsVirtual.html │ ├── RecursiveCall 653.b28 @ microsoftedgecp.exe!edgehtml.dll!CElement։։ComputeFormatsVirtual.png │ └── repro.html ├── RecursiveCall 653.be6 │ ├── RecursiveCall 653.be6 @ microsoftedgecp.exe!edgehtml.dll!CElement։։ComputeFormatsVirtual.html │ └── repro.html └── RecursiveCall dcb.801 │ ├── RecursiveCall dcb.801 @ microsoftedgecp.exe!edgehtml.dll!CGeneratedElement։։ComputeFormatsVirt.png │ ├── RecursiveCall dcb.801 @ microsoftedgecp.exe!edgehtml.dll!CGeneratedElement։։ComputeFormatsVirtual.html │ └── repro.html ├── 2015-09-16 1174j - MSIE 8,9,10,11 RecursiveCall iexplore.exe!vbscript.dll!RegExpCompAssignRemLen 84 ├── IE 10.00 x86 vbscript.dll!RegExpComp..AssignRemLen Loop(846A3A21).html ├── RecursiveCall iexplore.exe!vbscript.dll!RegExpComp;;AssignRemLen 84.html └── repro.html ├── 2015-09-17 AVR.NULL+4.N f3e.b45 @ iexplore.exe!mshtml.dll!CTreePos..GetCpAndMarkup ├── AVR։NULL+0x10 009.2c6 @ iexplore.exe!mshtml.dll!Tree։։TextBlock։։SourceNodeOfBeginPos.html ├── AVR։NULL+0x10 009.2c6 @ iexplore.exe!mshtml.dll!Tree։։TextBlock։։SourceNodeOfBeginPos.png ├── AVR։NULL+0x28 f3e.b45 @ iexplore.exe!mshtml.dll!CTreePos։։GetCpAndMarkup.html ├── AVR։NULL+0x28 f3e.b45 @ iexplore.exe!mshtml.dll!CTreePos։։GetCpAndMarkup.png ├── AVR։NULL+0x44 f3e.d42 @ iexplore.exe!mshtml.dll!CTreePos։։GetCpAndMarkup.html ├── AVR։NULL+0x44 f3e.d42 @ iexplore.exe!mshtml.dll!CTreePos։։GetCpAndMarkup.png ├── AVR։NULL+8 009.2c6 @ iexplore.exe!mshtml.dll!Tree։։TextBlock։։SourceNodeOfBeginPos.html ├── AVR։NULL+8 009.2c6 @ iexplore.exe!mshtml.dll!Tree։։TextBlock։։SourceNodeOfBeginPos.png ├── repro 009.2c6.html ├── repro f3e.d42.html └── repro.html ├── 2015-09-18 1215l - MSIE 8 7C89 AVR.NULL+X iexplore.exe!mshtml.dll!SLayoutRun..GetInnerNodeCrossingBlockBoundary ├── 7C89 AVR.NULL+X iexplore.exe!mshtml.dll!SLayoutRun..GetInnerNodeCrossingBlockBoundary.html └── repro.html ├── 2015-09-21 1228t - Chrome 753F Breakpoint chrome.exe!chrome_child.dll!base..saturated_cast ├── 753F Breakpoint chrome.exe!chrome_child.dll!base..saturated_cast......html └── repro.html ├── 2015-09-22 1228v - Chrome 11F6 AVR.NULL+X chrome.exe!chrome_child.dll!blink..ComputedStyle..hasExplicitlyInheritedProperties ├── 11F6 AVR.NULL+X chrome.exe!chrome_child.dll!blink..ComputedStyle..hasExplicitlyInheritedProperties.html └── repro.html ├── 2015-09-23 1223u - Edge AVR.NULL+0x4 microsoftedgecp.exe!chakra.dll!Js..JavascriptError..Is E748 ├── AVR.NULL+0x4 microsoftedgecp.exe!chakra.dll!Js..JavascriptError..Is E748.html └── repro.html ├── 2015-09-24 AVR.NULL 4df.0e2 @ iexplore.exe!mshtml.dll!CInclusionWalker..NextBranch ├── AVR։NULL 4df.0e2 @ iexplore.exe!mshtml.dll!CInclusionWalker։։NextBranch.html └── repro.html ├── 2015-09-25 1226r - MSIE 8 03FC AVR.NULL+X iexplore.exe!mshtml.dll!CTableRowGroupBlock..RowCount ├── 03FC AVR.NULL+X iexplore.exe!mshtml.dll!CTableRowGroupBlock..RowCount.html └── repro.html ├── 2015-09-28 MSIE 11 AVR;NULL+0x10 MSHTML bla bla bla 0FCD ├── 6CCD AVR.NULL+X iexplore.exe!MSHTML.dll!CLSRenderer..RenderLine.html ├── AVR;NULL+0x10 iexplore.exe!MSHTML.dll!`CBackgroundInfo;;Property[...]';;`7';;`dynamic atexit destructor for 'fieldDefaultValue'' 0FCD.html └── repro.html ├── 2015-09-29 1217x - Firefox IntOverflow firefox.exe!xul.dll!nthChildGenericMatches 8775 ├── 1206105 – nth-child integer overflow.URL ├── IntOverflow firefox.exe!xul.dll!nthChildGenericMatches EF75.html └── repro.html ├── 2015-09-30 1223q - Edge AVR.NULL microsoftedgecp.exe!EDGEHTML.dll!CDocument..getElementsByTagNameNSInternal E39B4D ├── AVR.NULL microsoftedgecp.exe!EDGEHTML.dll!CDocument..getElementsByTagNameNSInte.html └── repro.html ├── 2015-10-01 1238r - MSIE 11 D20C AVR.NULL+EVEN iexplore.exe!MSHTML.dll!SDispNodeReadCursor.......SDispNodeReadCursor ├── D20C AVR.NULL+EVEN iexplore.exe!MSHTML.dll!SDispNodeReadCursor.......SDispNodeReadCursor......html └── repro.html ├── 2015-10-02 1223r - Edge AVR.NULL+0x24 microsoftedgecp.exe!EDGEHTML.dll!Tree..TreeWriter..CloneNodeInternal C39F9C ├── AVR.NULL+0x24 microsoftedgecp.exe!EDGEHTML.dll!Tree..TreeWriter..CloneNodeInternal C39F.html └── repro.html ├── 2015-10-05 1238k - Firefox EFD8 AVR.NULL+EVEN firefox.exe!xul.dll!InlineBackgroundData..GetContinuousRect ├── EFD8 AVR.NULL+EVEN firefox.exe!xul.dll!InlineBackgroundData..GetContinuousRect.html └── repro.html ├── 2015-10-06#1 1238q - MSIE 10 49FE AVW.NULL+ODD iexplore.exe!MSHTML.dll!CGeneratedContent..WrapContent ├── 49FE AVW.NULL+ODD iexplore.exe!MSHTML.dll!CGeneratedContent..WrapContent.html └── repro.html ├── 2015-10-06#2 1244r - Chrome AE7E13F067118BAA48AD RecursiveCall chrome.exe!chrome_child.dll!`anonymous namespace'..call_new_handler ├── AE7E13F067118BAA48AD RecursiveCall chrome.exe!chrome_child.dll!`anonymous namespace'..call_new_handler.html ├── Chromoium 539907.url └── repro.html ├── 2015-10-08 1238s - Edge A43E AVR.NULL microsoftedgecp.exe!EDGEHTML.dll!CJScript9Holder..FastVarToDispatch ├── A43E AVR.NULL microsoftedgecp.exe!EDGEHTML.dll!CJScript9Holder..FastVarToDispatch.html ├── Various NULL pointers @ microsoftedgecp.exe!EDGEHTML.dll!CJScript9Holder..FastVarToDispatch.html - Microsoft Edge Developmen.URL └── repro.html ├── 2015-10-09#1 1228u - Edge 9B1F AVR.NULL+X microsoftedgecp.exe!EDGEHTML.dll!CssCalcExpressionHelpers..GetCalcCtxFromNode ├── 9B1F AVR.NULL+EVEN microsoftedgecp.exe!EDGEHTML.dll!CssCalcExpressionHelpers..GetCalcCtxF.html └── repro.html ├── 2015-10-09#2 1244u - Edge 762C AVR.NULL+EVEN microsoftedgecp.exe!EDGEHTML.dll!Tree..TreeReader..GetNextPreorderNode ├── 762C AVR.NULL+EVEN microsoftedgecp.exe!EDGEHTML.dll!Tree..TreeReader..GetNextPreorderNode.html └── repro.html ├── 2015-10-12 1247u - MSIE 10&11 A43C AVR.NULL+EVEN iexplore.exe!MSHTML.dll!Tree..TextBlock..HasChange ├── A43C AVR.NULL+EVEN iexplore.exe!MSHTML.dll!Tree..TextBlock..HasChange.html └── repro.html ├── 2015-10-13#1 AVR.NULL 561.34e @ iexplore.exe!mshtml.dll!HashStringWordCi ├── 3F14 AVR.NULL iexplore.exe!mshtml.dll!HashStringWordCi.html └── repro.html ├── 2015-10-14 1246r - MSIE 10 F3F5 AVR.NULL+EVEN iexplore.exe!MSHTML.dll!CCssCalcHolder..CacheCalc ├── F3F5 AVR.NULL+EVEN iexplore.exe!MSHTML.dll!CCssCalcHolder..CacheCalc.html └── repro.html ├── 2015-10-15 1246t - MSIE 11 A2CF AVR.NULL iexplore.exe!MSHTML.dll!CTsfTextStore..Initialize (same as 2015-08-30#1 1207l) ├── A2CF AVR.NULL iexplore.exe!MSHTML.dll!CTsfTextStore..Initialize.html ├── ABA2 AVR.NULL+EVEN iexplore.exe!MSHTML.dll!Tree..ElementNode..GetCElement.html └── repro.html ├── 2015-10-16#1 AVR.NULL+4.N cc4.c76 @ iexplore.exe!jscript9.dll!Js..ScriptContext..RethrowRecordedException ├── 67CB AVR.NULL+EVEN iexplore.exe!jscript9.dll!Js..ScriptContext..RethrowRecordedException.html ├── 67F4 AVR.NULL+EVEN iexplore.exe!jscript9.dll!Js..ScriptContext..RethrowRecordedException.html ├── NULL+4N cc4.c76 @ microsoftedgecp.exe!chakra.dll!JsScriptContextRethrowRecordedException - Microsoft Edge Development.URL └── repro.html ├── 2015-10-16#2 1208b - Firefox Canvas 2d content arc method 100% CPU usage ├── OOM firefox.exe!xul.dll!SkPathRef..makeSpace 3B8857.html └── repro.html ├── 2015-10-19 1183k - Chrome AVW;NULL chrome.exe!chrome_child.dll!blink;;`anonymous namespace';;rethrowExceptionInPrivateScript EBE1 ├── AVW;NULL chrome.exe!chrome_child.dll!blink;;`anonymous namespace';;rethrowExceptionInPrivateScript EBE1.html ├── Chromium 528882.url └── repro.html ├── 2015-10-20 1246u - MSIE 11 0CB4 AVR.NULL+EVEN iexplore.exe!MSHTML.dll!CDispRoot..FindRootScroller ├── 0CB4 AVR.NULL+EVEN iexplore.exe!MSHTML.dll!CDispRoot..FindRootScroller.html └── repro.html ├── 2015-10-21#1 1215j - Chrome Breakpoint chrome.exe!chrome_child.dll!ui;;AXTreeSerializer[...];;SerializeChangedNodes 0D0D ├── Breakpoint chrome.exe!chrome_child.dll!ui;;AXTreeSerializer[...];;SerializeChangedNodes 0D0D.html ├── Chromium 528872.url └── repro.html ├── 2015-10-21#2 1211r - Edge D71E AVR.Free microsoftedgecp.exe!EDGEHTML.dll!CAttrArray..Destroy ├── Analysis.txt ├── CAttrArray..Destroy.cpp ├── D71E AVR.Free microsoftedgecp.exe!EDGEHTML.dll!CAttrArray..Destroy │ ├── D71E AVR.Free microsoftedgecp.exe!EDGEHTML.dll!CAttrArray..Destroy.html │ └── repro.html └── D744 AVR.Free microsoftedgecp.exe!EDGEHTML.dll!CAttrArray..Destroy │ ├── D744 AVR.Free microsoftedgecp.exe!EDGEHTML.dll!CAttrArray..Destroy.html │ └── repro.html ├── 2015-10-22 1211x - Chrome AVR.NULL+0x8 chrome.exe!chrome_child.dll!WTF..HashTable.......lookup B67A7A ├── B67A AVR.NULL+EVEN chrome.exe!chrome_child.dll!WTF..HashTable[...]..lookup.html ├── Issue 544116 - chromium - B67A AVRNULL+EVEN chrome.exe!chrome_child.dll!WTFHashTable...lookup - An open-source project to he.URL └── repro.html ├── 2015-10-23#1 1225l - MSIE 8 CA13A784631F84BE RecursiveCall iexplore.exe!jscript.dll!ConvertToString ├── CA13A784631F84BE RecursiveCall iexplore.exe!jscript.dll!ConvertToString.html ├── CA13A784631F84BECA13A784631F84BE RecursiveCall iexplore.exe!jscript.dll!ConvertToString.html └── repro.html ├── 2015-10-23#2 1224q - MSIE 10,11 AVR.NULL+0x4 iexplore.exe!dcomp.dll!DirectComposition..CDevice..RemoveDirtyRebuildableObject 52F8 ├── AVR.NULL+0x4 iexplore.exe!dcomp.dll!DirectComposition..CDevice..RemoveDirtyRebuildableObject 52F8.html ├── notes.txt └── repro.html ├── 2015-10-26 1252q - MSIE 8 0F5C AVR.NULL+EVEN iexplore.exe!mshtml.dll!CExposedAttrIterator..NextSpecial ├── 0F5C AVR.NULL+EVEN iexplore.exe!mshtml.dll!CExposedAttrIterator..NextSpecial.html └── repro.html ├── 2015-10-27 1223p - MSIE 10 6359 AVR.NULL iexplore.exe!MSHTML.dll!HtmlLayout..Node..ContentParent ├── 6359 AVR.NULL iexplore.exe!MSHTML.dll!HtmlLayout..Node..ContentParent.html ├── notes.txt └── repro.html ├── 2015-10-28#1 AVR։NULL+4⁎N 9e4.640 @ iexplore.exe!mshtml.dll!Ptls6։։FindNextForceBreakOppInsideNonTextChunk ├── AVR։NULL+4⁎N 9e4.640 @ iexplore.exe!mshtml.dll!Ptls6։։FindNextForceBreakOppInsideNonTextChunk.html ├── Edge Bug.url ├── FEDC AVR.NULL+EVEN iexplore.exe!MSHTML.dll!Ptls6..CLsTruncationPointSubline..Create.html └── repro.xhtml ├── 2015-10-28#2 1224o - MSIE 11 3274 AVR.NULL+EVEN iexplore.exe!MSHTML.dll!CHtPvPvBaseT[...]..Insert ├── 3274 AVR.NULL+EVEN iexplore.exe!MSHTML.dll!CHtPvPvBaseT[...]..Insert.html ├── E832 AVR.NULL+EVEN iexplore.exe!MSHTML.dll!CHtPvPvBaseT.......FindEntry.html ├── repro.xhtml └── repro2.html ├── 2015-10-29 1257r - Chrome 5BEF AVR.NULL+EVEN chrome.exe!chrome_child.dll!blink..Node..isShadowRoot ├── 5BEF AVR.NULL+EVEN chrome.exe!chrome_child.dll!blink..Node..isShadowRoot.html ├── Issue 545852.url └── repro.html ├── 2015-10-30 AVR.NULL+4.N f0b.7d7 @ iexplore.exe!mshtml.dll!CGeneratedContent..ValidateCounterValue ├── 8705 AVR.NULL+EVEN iexplore.exe!MSHTML.dll!CGeneratedContent..ValidateCounterValue.html ├── 870F AVR.NULL+EVEN iexplore.exe!MSHTML.dll!CGeneratedContent..ValidateCounterValue.html ├── 8764 AVR.NULL+EVEN iexplore.exe!MSHTML.dll!CGeneratedContent..ValidateCounterValue.html ├── 8769 AVR.NULL+EVEN iexplore.exe!MSHTML.dll!CGeneratedContent..ValidateCounterValue.html ├── AVR.NULL+4.N f0b.163 @ iexplore.exe!mshtml.dll!CGeneratedContent..ValidateCounterValue.html ├── AVR.NULL+4.N f0b.e04 @ iexplore.exe!mshtml.dll!CGeneratedContent..ValidateCounterValue.html ├── AVR։NULL+0x10 b20.f0b @ iexplore.exe!mshtml.dll!CGeneratedContentExpression։։NextRunBlock.html ├── AVR։NULL+4 f0b.7d7 @ iexplore.exe!mshtml.dll!CGeneratedContent։։ValidateCounterValue.html ├── AVR։NULL+4 f0b.e04 @ iexplore.exe!mshtml.dll!CGeneratedContent։։ValidateCounterValue.html ├── AVR։NULL+8 f0b.7d7 @ iexplore.exe!mshtml.dll!CGeneratedContent։։ValidateCounterValue.html ├── AVR։NULL+8 f0b.e04 @ iexplore.exe!mshtml.dll!CGeneratedContent։։ValidateCounterValue.html ├── repro AVR։NULL+N f0b.7d7.html └── repro AVR։NULL+N f0b.e04.svg ├── 2015-11-02 AVR։NULL 670.d75 @ iexplore.exe!mshtml.dll!CTreePos։։GetBranch ├── AVR։NULL 670.d75 @ iexplore.exe!mshtml.dll!CTreePos։։GetBranch.html └── repro.html ├── 2015-11-03 1256u - MSIE 8 79F4 AVR.NULL+EVEN iexplore.exe!mshtml.dll!CGeneratedContent..IsBeginNode ├── 79F4 AVR.NULL+EVEN iexplore.exe!mshtml.dll!CGeneratedContent..IsBeginNode.html └── repro.html ├── 2015-11-04 1216v - MSIE 9,10 9D RecursiveCall iexplore.exe!MSHTML.dll!CListCommand..ChangeListsChildListsTypes ├── 9D RecursiveCall iexplore.exe!MSHTML.dll!CListCommand..ChangeListsChildListsTypes.html └── repro.html ├── 2015-11-05 1257s - Chrome A9F0 AVR.NULL+EVEN chrome.exe!chrome_child.dll!blink..WebVector.......{ctor} ├── A9F0 AVR.NULL+EVEN chrome.exe!chrome_child.dll!blink..WebVector[...]..{ctor}.html ├── Issue 545855.url └── repro.html ├── 2015-11-06 1259k - MSIE 8 9477CF4F77 RecursiveCall iexplore.exe!mshtml.dll!CBlockContainerBlock..BuildBlockContainer ├── 9477CF4F77 RecursiveCall iexplore.exe!mshtml.dll!CBlockContainerBlock..BuildBlockContainer.html └── repro.html ├── 2015-11-09 1259l - MSIE 8 C6C61D1CAB8CD8E931C0C0D264B3D770 RecursiveCall iexplore.exe!mshtml.dll!Ptls5..FsAdjustPageVertical ├── C6C61D1CAB8CD8E931C0C0D264B3D770 RecursiveCall iexplore.exe!mshtml.dll!Ptls5..FsAdjustPageVertical.html └── repro.html ├── 2015-11-10 1259q - Edge 8605EF RecursiveCall microsoftedgecp.exe!EDGEHTML.dll!CDispContainer..FinalizeChildren ├── 8605EF RecursiveCall microsoftedgecp.exe!EDGEHTML.dll!CDispContainer..FinalizeChildren.html └── repro.html ├── 2015-11-11 1278w - MSIE 8 ECFC AVR.NULL+EVEN iexplore.exe!mshtml.dll!CTableRowBlock..ColumnCount └── repro.html ├── 2015-11-12 1226u - MSIE 9 37B5 AVR.NULL iexplore.exe!MSHTML.dll!CTreePosGap..PartitionPointers ├── 37B5 AVR.NULL iexplore.exe!MSHTML.dll!CTreePosGap..PartitionPointers.html └── repro.svg ├── 2015-11-13#1 1238o - MSIE 9 B683 AVR.NULL iexplore.exe!MSHTML.dll!CSpliceTreeEngine..RemoveSplice ├── B683 AVR.NULL iexplore.exe!MSHTML.dll!CSpliceTreeEngine..RemoveSplice.html └── repro.svg ├── 2015-11-13#2 1244v - Edge B27A AVR.NULL+EVEN microsoftedgecp.exe!EDGEHTML.dll!Layout..InlineLayout..IsInlineRelative ├── B27A AVR.NULL+EVEN microsoftedgecp.exe!EDGEHTML.dll!Layout..InlineLayout..IsInlineRelative.html └── repro.html ├── 2015-11-16 1257t - Firefox BD24 AVR.NULL firefox.exe!xul.dll!mozilla..layers..ContentClientDoubleBuffered..FinalizeFrame ├── BD24 AVR.NULL firefox.exe!xul.dll!mozilla..layers..ContentClientDoubleBuffered..FinalizeFram.html ├── Issue 1216909.url └── repro.html ├── 2015-11-17 AVR.NULL+N 43f.355 microsoftedgecp.exe!edgehtml.dll!CColorValue..IsDefined ├── AVR.NULL+N 43f.355 microsoftedgecp.exe!edgehtml.dll!CColorValue..IsDefined.html ├── EdgeHTML issue - AVR.NULL+0x7 microsoftedgecp.exe!EDGEHTML.dll!CColorValue..IsDefined B410.URL └── repro.html ├── 2015-11-18 1223w - Edge AVR.NULL+0x8 iexplore.exe!MSHTML.dll!Tree..ElementNode..GetCEle ├── AB0F AVR.NULL+X iexplore.exe!MSHTML.dll!Tree..ElementNode..GetCElement.html ├── AVR.NULL+0x10 iexplore.exe!MSHTML.dll!Tree..ElementNode..GetCElement ABA2.html ├── AVR.NULL+0x8 iexplore.exe!MSHTML.dll!Tree..ElementNode..GetCElement AB0F.html ├── AVR.NULL+0x8 iexplore.exe!MSHTML.dll!Tree..ElementNode..GetCElement C00F.html └── repro.html ├── 2015-11-18 1226s - MSIE 9 405F AVR.NULL iexplore.exe!MSHTML.dll!CDomRange..surroundContents ├── 405F AVR.NULL iexplore.exe!MSHTML.dll!CDomRange..surroundContents.html └── repro.html ├── 2015-11-19 1173n - MSIE 8 AVR;NULL iexplore.exe!mshtml.dll!CStorage;;setItem 163352 ├── MSIE 8 AVR;NULL iexplore.exe!mshtml.dll!CStorage;;setItem 163352.html └── repro.html ├── 2015-11-20 AVR։NULL+4⁎N 75d.c39 @ microsoftedgecp.exe!edgehtml.dll!CAutoRange։։IsOrphaned ├── AVR։NULL+4⁎N 75d.c39 @ microsoftedgecp.exe!edgehtml.dll!CAutoRange։։IsOrphaned.html ├── AVR։NULL+4⁎N 75d.c39 @ microsoftedgecp.exe!edgehtml.dll!CAutoRange։։IsOrphaned.png └── repro.html ├── 2015-11-23 1280q - Edge C0BF Breakpoint microsoftedgecp.exe!EDGEHTML.dll!ConvertUnitValuesToSameType └── repro.html ├── 2015-11-24 1280q - Edge B260 AVR.NULL microsoftedgecp.exe!EDGEHTML.dll!Layout..ContainerBox..GetParentDisplayNodeForPositionedBox ├── B260 AVR.NULL microsoftedgecp.exe!EDGEHTML.dll!Layout..ContainerBox..GetParentDisplayNodeForPositionedBox.html └── repro.html ├── 2015-11-25 1257m - MSIE 11 4BF5 AVR.NULL iexplore.exe!MSHTML.dll!CGeneratedContent..RemoveGeneratedContentInRangeInternal ├── 4BF5 AVR.NULL iexplore.exe!MSHTML.dll!CGeneratedContent..RemoveGeneratedContentInRangeInternal.html └── repro.html ├── 2015-11-26 1280u - MSIE 10 2327 AVR.NULL iexplore.exe!MSHTML.dll!CTreePos..TestFlag ├── 2327 AVR.NULL iexplore.exe!MSHTML.dll!CTreePos..TestFlag.html └── repro.html ├── 2015-11-26 1BF6 AVR.Free microsoftedgecp.exe!EDGEHTML.dll!CMarkup..EnsureTitle ├── 1BF6 AVR.Free microsoftedgecp.exe!EDGEHTML.dll!CMarkup..EnsureTitle.html ├── Analysis.txt └── repro.svg ├── 2015-11-26 6CDE AVR.Free microsoftedgecp.exe!EDGEHTML.dll!CTreePosGap..MoveImpl ├── 6CDE AVR.Free microsoftedgecp.exe!EDGEHTML.dll!CTreePosGap..MoveImpl.html ├── Analysis.txt └── repro.html ├── 2015-11-27 1294k - MSIE 8 1D21 AVR.NULL+EVEN iexplore.exe!mshtml.dll!CDisplayBox..NonConstBlock ├── 1D21 AVR.NULL+EVEN iexplore.exe!mshtml.dll!CDisplayBox..NonConstBlock.html └── repro.html ├── 2015-11-30 1294m - MSIE 8 EC17 AVR.NULL+EVEN iexplore.exe!mshtml.dll!CTableRowBlock..ColumnCount ├── EC17 AVR.NULL+EVEN iexplore.exe!mshtml.dll!CTableRowBlock..ColumnCount.html └── repro.html ├── 2015-12-01 1294q - Edge A3CA Assert microsoftedgecp.exe!EDGEHTML.dll!CCounterManager..UpdateCounters ├── A3CA Assert microsoftedgecp.exe!EDGEHTML.dll!CCounterManager..UpdateCounters.html └── repro.html ├── 2015-12-01 66F6 AVR.Free microsoftedgecp.exe!EDGEHTML.dll!CCollectionCache..GetDisp ├── 66F6 AVR.Free microsoftedgecp.exe!EDGEHTML.dll!CCollectionCache..GetDisp.html ├── Analysis.txt └── repro.xhtml ├── 2015-12-02 1280s - Edge C65A AVR.NULL+EVEN microsoftedgecp.exe!EDGEHTML.dll!CJScript9Holder..CBaseToVar ├── C65A AVR.NULL+EVEN microsoftedgecp.exe!EDGEHTML.dll!CJScript9Holder..CBaseToVar.html └── repro.xhtml ├── 2015-12-03 1294l - MSIE 8,9 33BB AVR.NULL iexplore.exe!mshtml.dll!CLayout..GetClientRect ├── 33BB AVR.NULL iexplore.exe!mshtml.dll!CLayout..GetClientRect.html └── repro.html ├── 2015-12-04 1295o - MSIE 11 - 3036 IntegerOverflow iexplore.exe!DWrite.dll!SafeIntExceptionHandler.......SafeIntOnOverflow ├── 3036 IntegerOverflow iexplore.exe!DWrite.dll!SafeIntExceptionHandler.......SafeIntOnOverflow.html ├── repro.html └── repro2.html ├── 2015-12-07 1595m - MSIE 10 0C0D AVE.NULL iexplore.exe!MSHTML.dll!TransitionUpdateMsTransformValues ├── 0C0D AVE.NULL iexplore.exe!MSHTML.dll!TransitionUpdateMsTransformValues.html └── repro.html ├── 2015-12-08 1302q - MSIE 8 - E6E6 AVR.NULL+ODD iexplore.exe!mshtml.dll!CView..HitTestPoint ├── E6E6 AVR.NULL+ODD iexplore.exe!mshtml.dll!CView..HitTestPoint.html └── repro.html ├── 2015-12-09 1302s - Edge - A469 AVR.NULL microsoftedgecp.exe!EDGEHTML.dll!CJScript9Holder..FastVarToDispatch ├── A469 AVR.NULL microsoftedgecp.exe!EDGEHTML.dll!CJScript9Holder..FastVarToDispatch.html └── repro.html ├── 2015-12-10 1302t - Edge - 8A2F AVR.NULL+EVEN microsoftedgecp.exe!EDGEHTML.dll!CPDFHelper..SetReplacedSize ├── 8A2F AVR.NULL+EVEN microsoftedgecp.exe!EDGEHTML.dll!CPDFHelper..SetReplacedSize.html └── repro.html ├── 2015-12-11#1 AVR։NULL+0x10 2c6.581 @ microsoftedgecp.exe!edgehtml.dll!Layout։։LayoutBox։։GetRangeRectsForChildBox ├── AVR։NULL+0x10 2c6.581 @ microsoftedgecp.exe!edgehtml.dll!Layout։։LayoutBox։։GetRangeRectsForChildBox.html ├── AVR։NULL+0x10 2c6.581 @ microsoftedgecp.exe!edgehtml.dll!Layout։։LayoutBox։։GetRangeRectsForChildBox.png └── repro.html ├── 2015-12-11#2 1302v - Edge - D473 AVR.NULL microsoftedgecp.exe!EDGEHTML.dll!Tree..STextPosition..CalculateCP ├── AVR։NULL+4⁎N b45.d42 @ microsoftedgecp.exe!edgehtml.dll!Tree։։STextPosition։։CalculateCP.html └── repro.html ├── 2015-12-11#2 AVR.NULL b45.796 @ microsoftedgecp.exe!edgehtml.dll!Tree..STextPosition..CalculateCP ├── AVR.NULL b45.796 microsoftedgecp.exe!edgehtml.dll!Tree..STextPosition..CalculateCP.html ├── AVR.NULL b45.796 microsoftedgecp.exe!edgehtml.dll!Tree..STextPosition..CalculateCP.png ├── EdgeHTML issue - NULL b45.796 @ microsoftedgecp.exe!edgehtml.dll!TreeSTextPositionCalculateCP.URL ├── repro.html └── repro2.html ├── 2016-01-08 EF0F AVR.Free iexplore.exe!MSHTML.dll!CDataset..RemoveItem ├── Analysis.txt ├── EF0F AVR.Free iexplore.exe!MSHTML.dll!CDataset..RemoveItem.html └── repro.html ├── 2016-02-11 1217r - MSIE 11 - AVR.Arbitrary iexplore.exe!jscript9.dll!HostDispatch..CallInvoke FC65 ├── Analysis.txt └── repro.html ├── 2016-02-11 1257n - MSIE 8-11 3806 AVW.Arbitrary iexplore.exe!MSHTML.dll!CBase..VersionedGetDispID ├── 1.html ├── 2.html ├── 3806 AVW.Arbitrary iexplore.exe!MSHTML.dll!CBase..VersionedGetDispID.html ├── A07F AVR.NULL-ODD iexplore.exe!MSHTML.dll!Method_VARIANTBOOLp_BSTR_o0oVARIANT.html ├── Analysis.txt ├── CBase..(Context)InvokeEx.cpp ├── MSHTML!Method_VARIANTBOOLp_BSTR_o0oVARIANT.cpp ├── MSIE 8 │ ├── 05B8 AVE.Arbitrary iexplore.exe!__dyn_tls_init_callback [...] (iexplore+0x20030).html │ ├── 4A52 AVR.Arbitrary iexplore.exe!mshtml.dll!ReleaseInterface.html │ ├── 4A52 AVR.OOB+EVEN iexplore.exe!mshtml.dll!ReleaseInterface.html │ ├── Analysis.txt │ └── repro.html ├── MSIE10 │ └── 7F5B AVR.Arbitrary iexplore.exe!MSHTML.dll!CBase..ContextInvokeEx.html ├── MSIE11 │ ├── 3806 AVW.Arbitrary iexplore.exe!MSHTML.dll!CBase..VersionedGetDispID.html │ └── A07F AVR.NULL-ODD iexplore.exe!MSHTML.dll!Method_VARIANTBOOLp_BSTR_o0oVARIANT.html ├── MSIE9 │ ├── 0A69 AVR.OOB iexplore.exe!d2d1.dll!DrawingContext..FlushBatch.html │ ├── 0C69 AVW.OOB+EVEN iexplore.exe!ntdll.dll!RtlInitializeCriticalSectionEx.html │ ├── 0CEB AVW.OOB+EVEN iexplore.exe!ntdll.dll!RtlInitializeCriticalSectionEx.html │ ├── 1A69 AVR.NULL iexplore.exe!msls31.dll!LsGetHihLsimethods.html │ ├── 2F6C AVR.NULL+EVEN iexplore.exe!ole32.dll!CopyToMQI.html │ ├── 34E3 AVR.NULL+EVEN iexplore.exe!MSHTML.dll!CDXFont..Initialize.html │ ├── 3569 AVR.OOB+EVEN iexplore.exe!ntdll.dll!LdrpProcessStaticImports.html │ ├── 4968 AVW.NULL+EVEN iexplore.exe!verifier.dll!AVrfpDphExitHeapPath.html │ ├── 4A10 AVW.OOB iexplore.exe!MSHTML.dll!CFancyFormat..CFancyFormat.html │ ├── 5FA2 Breakpoint iexplore.exe!kernel32.dll!UnhandledExceptionFilter.html │ ├── 5FD2 Breakpoint iexplore.exe!kernel32.dll!UnhandledExceptionFilter.html │ ├── 7F69 AVE.NULL iexplore.exe!MSHTML.dll!CBase..ContextInvokeEx.html │ ├── 7F69 AVR.Arbitrary iexplore.exe!MSHTML.dll!CBase..ContextInvokeEx.html │ ├── 7F69 AVR.OOB+EVEN iexplore.exe!MSHTML.dll!CBase..ContextInvokeEx.html │ ├── 7F69 AVR.OOB+ODD iexplore.exe!MSHTML.dll!CBase..ContextInvokeEx.html │ ├── 8A69 AVR.OOB+EVEN iexplore.exe!ole32.dll!ComInvokeWithLockAndIPID.html │ ├── 9869 AVR.OOB+EVEN iexplore.exe!MSHTML.dll!CMarkup..SetInteractiveInternal.html │ ├── 9AC4 AVW.NULL+EVEN iexplore.exe!ntdll.dll!RtlLeaveCriticalSection.html │ ├── BC69 AVE.Arbitrary iexplore.exe!__dyn_tls_init_callback ..... (iexplore+0x80030).html │ ├── C569 AVW.OOB+EVEN iexplore.exe!d3d11.dll!NDXGI..CDevice..CDevice.html │ ├── C788 AVR.OOB+EVEN iexplore.exe!MSHTML.dll!EnsureDefaultAnonymousFormat.html │ ├── E2C5 AVR.NULL-ODD iexplore.exe!d2d1.dll!FPUStateSSE.......~FPUStateSSE......html │ ├── F669 AVR.NULL+EVEN iexplore.exe!verifier.dll!AVrfDebugPageHeapAllocate.html │ ├── FA83 AVR.NULL+EVEN iexplore.exe!IEFRAME.dll!CTabEventProxy..Cleanup.html │ ├── __0E38 AVE.Arbitrary iexplore.exe!MSHTML.dll!CFunctionPointer..Invoke.html │ ├── __7F69 AVE.Arbitrary iexplore.exe!MSHTML.dll!CBase..ContextInvokeEx.html │ ├── __7F69 AVE.Free iexplore.exe!MSHTML.dll!CBase..ContextInvokeEx.html │ ├── __7F69 AVE.NULL+ODD iexplore.exe!MSHTML.dll!CBase..ContextInvokeEx.html │ ├── __7F69 AVE.OOB iexplore.exe!MSHTML.dll!CBase..ContextInvokeEx.html │ ├── __7F69 AVE.OOB+EVEN iexplore.exe!MSHTML.dll!CBase..ContextInvokeEx.html │ └── __7F69 AVE.OOB+ODD iexplore.exe!MSHTML.dll!CBase..ContextInvokeEx.html ├── repro (new Array).html ├── repro.html ├── repro.svg └── target.html ├── 2016-02-26 MSIE 9 USER32 SmartStretchDIBits OOB read ├── 24EE AVR.OOB+ODD iexplore.exe!USER32.dll!SmartStretchDIBits.html ├── Analysis.txt ├── pGenerateICO.cmd ├── pGenerateICO.py ├── repro.html ├── repro.ico └── test.ico ├── 2016-03-12 1301q - Edge - B00B AVR.OOB+EVEN microsoftedgecp.exe!msvcrt.dll!memcpy_s ├── 09EE AVR.NULL+EVEN microsoftedgecp.exe!EDGEHTML.dll!CTreePos..GetMarkup.html ├── 3D86 AVR.Arbitrary microsoftedgecp.exe!EDGEHTML.dll!CTreePos..RotateUp.html ├── 9057 AVR.NULL microsoftedgecp.exe!EDGEHTML.dll!Tree..TextBlock..IsTreePosAssocaitedWithTextBlock.html ├── Analysis.txt ├── B00B AV..OOB microsoftedgecp.exe!msvcrt.dll!memcpy_s.html ├── B00B AVR.Arbitrary microsoftedgecp.exe!msvcrt.dll!memcpy_s.html ├── B00B AVR.Free microsoftedgecp.exe!msvcrt.dll!memcpy_s.html ├── B00B AVR.OOB+EVEN microsoftedgecp.exe!msvcrt.dll!memcpy_s.html ├── F141 AVR.NULL microsoftedgecp.exe!EDGEHTML.dll!Dom..TreeReader..GetNextPreorderNode.html ├── exploit.html └── repro.html ├── 2016-03-15 1247v - Edge - FAB7 AVR.Free microsoftedgecp.exe!EDGEHTML.dll!Tree..ANode..IsInTree ├── 001A Breakpoint MicrosoftEdgeCP.exe!EDGEHTML.dll!Abandonment..CheckHRESULT.html ├── 0088 Breakpoint MicrosoftEdgeCP.exe!EDGEHTML.dll!Abandonment..CheckHRESULT.html ├── 00C6 Breakpoint microsoftedgecp.exe!EDGEHTML.dll!Abandonment..CheckHRESULT.html ├── 09C1 Breakpoint microsoftedgecp.exe!EDGEHTML.dll!Abandonment..CheckHRESULTStrict.html ├── 53CB OOM MicrosoftEdgeCP.exe!EDGEHTML.dll!CStr.._Alloc.html ├── Analysis.md ├── EDGEHTML!CEventMgr.._InvokeListeners.cpp ├── FAB7 AVR.Free microsoftedgecp.exe!EDGEHTML.dll!Tree..ANode..IsInTree.html ├── original repro │ ├── repro.html │ └── target.xhtml ├── repro.html └── target.xhtml ├── 2016-03-17 1295u - Edge - 17DE AVR.Free microsoftedgecp.exe!EDGEHTML.dll!CTreePosGap..PartitionPointers ├── 17DE AVR.Free microsoftedgecp.exe!EDGEHTML.dll!CTreePosGap..PartitionPointers.html ├── Analysis.txt ├── mini.html └── repro.html ├── 2016-04-05 - Edge - AVR.NULL+4.N e77.3bc @ microsoftedgecp.exe!edgehtml.dll!CssCalcExpressionHelpers..GetCalcCtxFromNode ├── AVR.NULL+4.N e77.3bc @ microsoftedgecp.exe!edgehtml.dll!CssCalcExpressionHelpers..GetCalcCtxFromNode.html └── repro.html ├── 2016-04-12 - Edge - AVR.NULL+4.N 92f.464 @ microsoftedgecp.exe!chakra.dll!Js..JavascriptError..Is ├── AVR.NULL+4#N 92f.464 microsoftedgecp.exe!chakra.dll!Js..JavascriptError..Is.html └── repro.html ├── 2016-04-13 - Edge - Assert 0c3.485 @ microsoftedgecp.exe!edgehtml.dll!Tree..TreeWriter..MoveNodeLegacy ├── Assert 0c3.485 microsoftedgecp.exe!edgehtml.dll!Tree..TreeWriter..MoveNodeLegacy.html ├── EdgeHTML issue - Assert 0c3.485 @ microsoftedgecp.exe!edgehtml.dll!TreeTreeWriterMoveNodeLegacy.URL └── repro.html ├── 2016-04-13 AVR.NULL 7f2.7dd @ microsoftedgecp.exe!edgehtml.dll!Tree..TreeReader..GetParentWithFilter ├── AVR.NULL 7f2.7dd @ microsoftedgecp.exe!edgehtml.dll!Tree..TreeReader..GetParentWithFilter.html ├── EdgeHTML issue - NULL+4N ad3.653 @ microsoftedgecp.exe!edgehtml.dll!CFormatInfoFindFormattingParent.URL └── repro AVR.NULL 7f2.7dd.xhtml ├── 2016-04-13 AVR.NULL+4.N ad3.653 @ microsoftedgecp.exe!edgehtml.dll!CFormatInfo..FindFormattingParent ├── AVR.NULL+4#N ad3.653 microsoftedgecp.exe!edgehtml.dll!CFormatInfo..FindFormattingParent.html ├── EdgeHTML issue - NULL+4N ad3.653 @ microsoftedgecp.exe!edgehtml.dll!CFormatInfoFindFormattingParent.URL └── repro AVR.NULL+4#N ad3.653.xhtml ├── 2016-04-14#1 - Edge - AVR.NULL+4.N 1e9.328 @ microsoftedgecp.exe!edgehtml.dll!ParentNodeHelper ├── AVR.NULL+4#N 1e9.328 microsoftedgecp.exe!edgehtml.dll!ParentNodeHelper.html ├── EdgeHTML issue - NULL+4N ad3.653 @ microsoftedgecp.exe!edgehtml.dll!CFormatInfoFindFormattingParent.URL └── repro AVR.NULL+4#N 1e9.328.xhtml ├── 2016-04-14#2 - MSIE 9 - DF79 AVR.NULL+EVEN iexplore.exe!MSHTML.dll!HtmlLayout..FlowBoxBuilder..CompleteBoxSizing ├── DF79 AVR.NULL+EVEN iexplore.exe!MSHTML.dll!HtmlLayout..FlowBoxBuilder..CompleteBoxSizing.html └── repro.xhtml ├── 2016-04-14#3 - MSIE 10 - 47E2 AVR.NULL+EVEN iexplore.exe!MSHTML.dll!CTreeNode..ComputeFormats ├── 47E2 AVR.NULL+EVEN iexplore.exe!MSHTML.dll!CTreeNode..ComputeFormats.html └── repro.html ├── 2016-04-15#1 - Edge - RecursiveCall dcb.5d7.9cf.25e.51e.fb7.7b4.c8e.f9f.020 @ microsoftedgecp.exe!edgehtml.dll!CGeneratedElement..ComputeForma ├── EdgeHTML issue - RecursiveCall dcb.5d7.9cf.25e.51e.fb7.7b4.c8e.f9f.020.URL ├── RecursiveCall dcb.5d7.9cf.25e.51e.fb7.7b4.c8e.f9f.020 microsoftedgecp.exe!e.html └── repro.html ├── 2016-04-15#2 - Firefox - Iterator 100% CPU Usage ├── 1124835 – Iterator Freezes Firefox completely.URL └── repro.html ├── 2016-04-18 - Edge - Assert cac.075 microsoftedgecp.exe!edgehtml.dll!Tree..SvgDeepCloneBuilder..EnsureDeepCloneForUse ├── Assert cac.075 microsoftedgecp.exe!edgehtml.dll!Tree..SvgDeepCloneBuilder..EnsureDeepCloneForUse.html ├── EdgeHTML issue.url └── repro.html ├── 2016-04-19 - AVR.NULL+4.N 9c5.305 microsoftedgecp.exe!edgehtml.dll!Tree..TreeReader..GetNextPreorderNode ├── AVR.NULL+4#N 9c5.305 microsoftedgecp.exe!edgehtml.dll!Tree..TreeReader..GetNextPreorderNode.html ├── EdgeHTML issue - NULL+4N 9c5.305 @ microsoftedgecp.exe!edgehtml.dll!TreeTreeReaderGetNextPreorderNode.URL ├── repro.html ├── repro.svg └── repro3.html ├── 2016-04-20 - Edge - AVR.NULL+4.N 077.fd8 microsoftedgecp.exe!edgehtml.dll!Tree..TreeWriter..CloneNodeInternal ├── AVR.NULL+4#N 077.fd8 microsoftedgecp.exe!edgehtml.dll!Tree..TreeWriter..CloneNodeInternal.html ├── AVR.NULL+4#N 077.fd8 microsoftedgecp.exe!edgehtml.dll!Tree..TreeWriter..CloneNodeInternal.png ├── EdgeHTML issue - NULL+4N 077.fd8 @ microsoftedgecp.exe!edgehtml.dll!TreeTreeWriterCloneNodeInternal.URL └── repro.html ├── 2016-04-21#1 AVR.NULL bd8.55c iexplore.exe!mshtml.dll!CTreeNode..EnsureNoDependentLayoutFixup ├── AVR.NULL bd8.55c iexplore.exe!mshtml.dll!CTreeNode..EnsureNoDependentLayoutFixup.html ├── AVR.NULL bd8.55c iexplore.exe!mshtml.dll!CTreeNode..EnsureNoDependentLayoutFixup.png ├── AVW.NULL+4#N 97b.404 iexplore.exe!mshtml.dll!Tree..TableBlockBuilder..BuildRowGroup.html ├── AVW.NULL+4#N 97b.404 iexplore.exe!mshtml.dll!Tree..TableBlockBuilder..BuildRowGroup.png ├── EdgeHTML issue - NULL bd8.55c @ iexplore.exe!mshtml.dll!CTreeNodeEnsureNoDependentLayoutFixup.URL ├── repro AVR.NULL bd8.55c.html └── repro AVW.NULL+4#N 97b.404 .html ├── 2016-04-21#2 Assert b42.46d microsoftedgecp.exe!edgehtml.dll!CGeneratedContentInfo..AddFixupNodeAsDependentFromDescendantOwner ├── Assert b42.46d microsoftedgecp.exe!edgehtml.dll!CGeneratedContentInfo..AddFixupNodeAsDependentFromDescendantOwner.html ├── Assert b42.46d microsoftedgecp.exe!edgehtml.dll!CGeneratedContentInfo..AddFixupNodeAsDependentFromDescendantOwner.png ├── Edge issue 7290988.URL └── repro Assert b42.46d.html ├── 2016-04-22 - AVR.NULL b02.0f5 microsoftedgecp.exe!edgehtml.dll!CDocument..getElementsByTagNameNSInternal ├── AVR.NULL b02.0f5 microsoftedgecp.exe!edgehtml.dll!CDocument..getElementsByTagNameNSInternal.html ├── AVR.NULL b02.0f5 microsoftedgecp.exe!edgehtml.dll!CDocument..getElementsByTagNameNSInternal.jpg ├── EdgeHTML issue - NULL b02.0f5 @ microsoftedgecp.exe!edgehtml.dll!CDocumentgetElementsByTagNameNSInternal.URL └── repro.html ├── 2016-04-25 - AVR.NULL 8fe.8f2 @ iexplore.exe!mshtml.dll!CThreadDialogProcParam..CThreadDialog ├── A.xhtml ├── AVR.NULL 8fe.8f2 iexplore.exe!mshtml.dll!CThreadDialogProcParam..CThreadDialogProcParam.html ├── AVR.NULL 8fe.8f2 iexplore.exe!mshtml.dll!CThreadDialogProcParam..CThreadDialogProcParam.png └── repro.html ├── 2016-04-26 Assert 95d.1d3 @ microsoftedgecp.exe!edgehtml.dll!CCounterManager..UpdateCounter ├── Assert 95d.1d3 microsoftedgecp.exe!edgehtml.dll!CCounterManager..UpdateCounters.html ├── Assert 95d.1d3 microsoftedgecp.exe!edgehtml.dll!CCounterManager..UpdateCounters.png ├── EdgeHTML issue - Assert 95d.1d3 microsoftedgecp.exe!edgehtml.dll!CCounterManagerUpdateCounters.URL └── repro.html ├── 2016-04-28 AVR.NULL c09.270 @ firefox.exe!xul.dll!nsEditor..DeleteSelectionAndPrepareToCreateNode ├── AVR.NULL c09.1cb firefox.exe!xul.dll!nsEditor..DeleteSelectionAndPrepareToCreateNode.html ├── AVR.NULL c09.1cb firefox.exe!xul.dll!nsEditor..DeleteSelectionAndPrepareToCreateNode.png ├── Bug 1268482.URL └── repro.html ├── 2016-04-29 AVR.NULL aae @ firefox.exe!xul.dll!mozilla..layers..BasicLayerManager..PopGroupForLayer ├── 1268699 – AVRNULL aae @ firefox.exe!xul.dll!mozillalayersBasicLayerManagerPopGroupForLayer.URL ├── AVR.NULL aae @ firefox.exe!xul.dll!mozilla..layers..BasicLayerManager..PopGroupForLayer.html └── repro.html ├── 2016-05-02 AVR.NULL+4.N 670.b00 @ microsoftedgecp.exe!edgehtml.dll!CTreePos..GetBranch ├── AVR։NULL+4⁎N 670.b00 @ microsoftedgecp.exe!edgehtml.dll!CTreePos։։GetBranch.html ├── AVR։NULL+4⁎N 670.b00 @ microsoftedgecp.exe!edgehtml.dll!CTreePos։։GetBranch.png ├── EdgeHTML issue - NULL+4N 670.b00 @ microsoftedgecp.exe!edgehtml.dll!CTreePosGetBranch.URL └── repro.xhtml ├── 2016-05-03 AVR.NULL 1d5.5c3 @ microsoftedgecp.exe!edgehtml.dll!CSelectionManager..InitEditContext ├── AVR.NULL 1d5.5c3 microsoftedgecp.exe!edgehtml.dll!CSelectionManager..InitEditContext.html ├── AVR.NULL 1d5.5c3 microsoftedgecp.exe!edgehtml.dll!CSelectionManager..InitEditContext.png ├── EdgeHTML issue - NULL 1d5.5c3 @ microsoftedgecp.exe!edgehtml.dll!CSelectionManagerInitEditContext.URL └── repro.svg ├── 2016-05-04#1 Assert afc.68f @ microsoftedgecp.exe!edgehtml.dll!CAngleValue..FormatBuffer ├── Assert afc.68f microsoftedgecp.exe!edgehtml.dll!CAngleValue..FormatBuffer.html ├── Assert afc.68f microsoftedgecp.exe!edgehtml.dll!CAngleValue..FormatBuffer.png ├── EdgeHTML issue - Assert afc.68f @ microsoftedgecp.exe!edgehtml.dll!CAngleValueFormatBuffer.URL └── repro.html ├── 2016-05-04#2 AVR.NULL 652.661 @ firefox.exe!xul.dll!nsContentIterator..NextNode ├── 1264932 – AVR.NULL 652.661 @ firefox.exe!xul.dll!nsContentIterator..NextNode.URL ├── AVR.NULL 652.661 firefox.exe!xul.dll!nsContentIterator..NextNode.html ├── AVR.NULL 652.661 firefox.exe!xul.dll!nsContentIterator..NextNode.png └── repro.html ├── 2016-05-05 CPU usage progress style=border-top-width=21474836 ├── 1269351 – High CPU usage makes browser unresponsive with progress style=border-top-width21474836.URL └── repro.html ├── 2016-05-06 AVR.NULL+4.N bc8.8e7 @ microsoftedgecp.exe!edgehtml.dll!Tree..TreeWriter..SpliceOut ├── AVR.NULL+4#N bc8.8e7 microsoftedgecp.exe!edgehtml.dll!Tree..TreeWriter..SpliceOut.png ├── AVR.NULL+4.N bc8.8e7 microsoftedgecp.exe!edgehtml.dll!Tree..TreeWriter..SpliceOut.html ├── EdgeHTML issue - NULL+4N bc8.8e7 @ microsoftedgecp.exe!edgehtml.dll!TreeTreeWriterSpliceOut.URL └── repro.html ├── 2016-05-09 AVR.Arbitrary b89.c4b @ iexplore.exe!mshtml.dll!CAnimatablePropertyListElement..GetCurrentValues ├── AVR.Arbitrary b89.c4b @ iexplore.exe!mshtml.dll!CAnimatablePropertyListElement..GetCurrentValues.html ├── AVR.Arbitrary c4b.72f microsoftedgecp.exe!edgehtml.dll!CreateKeyframeFromBlock.html ├── EdgeHTML issue - CSS Animations NULL pointers.URL └── repro.html ├── 2016-05-09 Assert 90d.90d ├── Assert 90d.90d @ microsoftedgecp.exe!edgehtml.dll!`TextInput..TextInputLogging..Instance'..`2'..`dynamic atexit destructor for 'wrapper''.html ├── Assert 90d.90d @ microsoftedgecp.exe!edgehtml.dll!`TextInput..TextInputLogging..Instance'..`2'..`dynamic atexit destructor for 'wrapper''.png ├── EdgeHTML issue - Assert 90d.90d @ microsoftedgecp.exe!edgehtml.dll!`TextInputTextInputLoggingInstance'`2'`dynamic atexit des.URL └── repro.html ├── 2016-05-10 AVR.NULL+4.N e2d.0f3 @ microsoftedgecp.exe!edgehtml.dll!CBaseScriptable..PrivateQueryInterface ├── AVR.NULL+4#N e2d.0f3 microsoftedgecp.exe!edgehtml.dll!CBaseScriptable..PrivateQueryInte.png ├── EdgeHTML issue - NULL+4N e2d.0f3 @ microsoftedgecp.exe!edgehtml.dll!CBaseScriptablePrivateQueryInterface.URL ├── repro.html └── repro2.html ├── 2016-05-11 Edge nested dir element with CSS columns excessive CPU usage ├── EdgeHTML issue - Nested dir elements with CSS columns excessive CPU usage.URL └── repro.html ├── 2016-05-12 Assert efc.a0b microsoftedgecp.exe!edgehtml.dll!CJScript9Holder..GetPrototype ├── Assert efc.a0b microsoftedgecp.exe!edgehtml.dll!CJScript9Holder..GetPrototype.html ├── Assert efc.a0b microsoftedgecp.exe!edgehtml.dll!CJScript9Holder..GetPrototype.png ├── EdgeHTML issue - Assert efc.a0b @ microsoftedgecp.exe!edgehtml.dll!CJScript9HolderGetPrototype.URL └── repro.html ├── 2016-05-13 AVR.NULL f54.7f7 @ firefox.exe!xul.dll!nsHTMLEditRules..GetNodesForOperation ├── 1267757 – AVRNULL f54.7f7 @ firefox.exe!xul.dll!nsHTMLEditRulesGetNodesForOperation.URL ├── AVR.NULL f54.7f7 firefox.exe!xul.dll!nsHTMLEditRules..GetNodesForOperation.html ├── AVR.NULL f54.7f7 firefox.exe!xul.dll!nsHTMLEditRules..GetNodesForOperation.png └── repro.html ├── 2016-05-16 AVR.NULL+4#N fe6.a29 microsoftedgecp.exe!edgehtml.dll!Tree..ANode..GetFirstNodeLocation ├── AVR.NULL+4#N fe6.a29 microsoftedgecp.exe!edgehtml.dll!Tree..ANode..GetFirstNodeLocation.png ├── AVR.NULL+4.N fe6.a29 microsoftedgecp.exe!edgehtml.dll!Tree..ANode..GetFirstNodeLocation.html ├── EdgeHTML issue - NULL+4N fe6.a29 microsoftedgecp.exe!edgehtml.dll!TreeANodeGetFirstNodeLocation.URL └── repro.html ├── 2016-05-17#1 CPUUsage b38.085 firefox.exe!xul.dll!nsCSSBorderRenderer..DrawBorderSidesCompositeColors ├── CPUUsage b38.085 firefox.exe!xul.dll!nsCSSBorderRenderer..DrawBorderSidesCompositeColors.html ├── CPUUsage b38.085 firefox.exe!xul.dll!nsCSSBorderRenderer..DrawBorderSidesCompositeColors.png ├── Mozilla bug.url └── repro.html ├── 2016-05-17#2 AVR.NULL 1d5.5c3 microsoftedgecp.exe!edgehtml.dll!CSelectionManager..InitEditContext ├── AVR.NULL 1d5.5c3 microsoftedgecp.exe!edgehtml.dll!CSelectionManager..InitEditContext.html ├── AVR.NULL 1d5.5c3 microsoftedgecp.exe!edgehtml.dll!CSelectionManager..InitEditContext.png ├── EdgeHTML issue - AVR.NULL 1d5.5c3 microsoftedgecp.exe!edgehtml.dll!CSelectionManager..Init.URL ├── repro.html └── x.svg ├── 2016-05-18#1 AVR.NULL 527.202 @ iexplore.exe!mshtml.dll!CCaret..SetHeightAndReflow ├── AVR.NULL 527.202 iexplore.exe!mshtml.dll!CCaret..SetHeightAndReflow.html ├── AVR.NULL 527.202 iexplore.exe!mshtml.dll!CCaret..SetHeightAndReflow.png └── repro.svg ├── 2016-05-18#2 CPUUsage 290.742 microsoftedgecp.exe!edgehtml.dll!CDotFitter..FillShapesAlongPath ├── CPUUsage 283.303 iexplore.exe!mshtml.dll!CDispSurface..DrawComplexBorder.html ├── CPUUsage 283.303 iexplore.exe!mshtml.dll!CDispSurface..DrawComplexBorder.png ├── CPUUsage 290.742 microsoftedgecp.exe!edgehtml.dll!CDotFitter..FillShapesAlongPath.html ├── CPUUsage 290.742 microsoftedgecp.exe!edgehtml.dll!CDotFitter..FillShapesAlongPath.png ├── EdgeHTML issue - CPUUsage 290.742 microsoftedgecp.exe!edgehtml.dll!CDotFitter..FillShapesAlongPath.URL └── repro.html ├── 2016-05-19#1 Assert #.0c6 microsoftedgecp.exe!edgehtml.dll!BASICPROPPARAMS..GetColor ├── Assert #.0c6 microsoftedgecp.exe!edgehtml.dll!BASICPROPPARAMS..GetColor.png ├── Assert ..0c6 microsoftedgecp.exe!edgehtml.dll!BASICPROPPARAMS..GetColor.html ├── EdgeHTML issue - Assert #.0c6 microsoftedgecp.exe!edgehtml.dll!BASICPROPPARAMS..GetColor.URL └── repro.html ├── 2016-05-19#2 AVR.NULL+4.N 5e3.eca @ firefox.exe!xul.dll!mozilla..dom..SVGSVGElement..GetIntrinsicHeight ├── AVR.NULL+4#N 5e3.eca firefox.exe!xul.dll!mozilla..dom..SVGSVGElement..GetIntrinsicHeight.html ├── AVR.NULL+4#N 5e3.eca firefox.exe!xul.dll!mozilla..dom..SVGSVGElement..GetIntrinsicHeight.png ├── Bug 1267272.URL ├── image.svg └── repro.svg ├── 2016-05-19#3 AVR.NULL 43c.6ea iexplore.exe!mshtml.dll!CBlockPointer..MoveToParent ├── AVR.NULL 43c.6ea iexplore.exe!mshtml.dll!CBlockPointer..MoveToParent.html ├── AVR.NULL 43c.6ea iexplore.exe!mshtml.dll!CBlockPointer..MoveToParent.png └── repro.xhtml ├── 2016-05-19#4 AVR.NULL+4.N edc.f54 @ firefox.exe!xul.dll!nsEditor..IsTextNode ├── 1254975 – NULL pointer crash in nsEditorIsTextNode.URL ├── AVR.NULL+4#N edc.f54 firefox.exe!xul.dll!nsEditor..IsTextNode.html ├── AVR.NULL+4#N edc.f54 firefox.exe!xul.dll!nsEditor..IsTextNode.png ├── repro.html └── repro.xhtml ├── 2016-05-20#1 Assert #.19c microsoftedgecp.exe!edgehtml.dll!Tree..SvgDeepCloneBuilder..CopySubTreeForUse ├── Assert #.19c microsoftedgecp.exe!edgehtml.dll!Tree..SvgDeepCloneBuilder..CopySubTreeForUse.png ├── Assert ..19c microsoftedgecp.exe!edgehtml.dll!Tree..SvgDeepCloneBuilder..CopySubTreeForUse.html ├── Assert 19c.923 @ microsoftedgecp.exe!edgehtml.dll!Tree։։SvgDeepCloneBuilder։։CopySubTreeForUse.html ├── EdgeHTML issue - Assert #.19c microsoftedgecp.exe!edgehtml.dll!Tree..SvgDeepCloneBuilder..CopySubTreeForUse.URL └── repro.svg ├── 2016-05-20#2 RecursiveCall cf5.c76.ef5.ef5.7f7.2eb.255.2d6.2eb firefox.exe!xul.dll!PrepareEditorEvent..Run ├── Firefox bug.url ├── RecursiveCall cf5.c76.ef5.ef5.7f7.2eb.255.da2.2eb firefox.exe!xul.dll!PrepareEditorEvent..Run.html ├── RecursiveCall cf5.c76.ef5.ef5.7f7.2eb.255.da2.2eb firefox.exe!xul.dll!PrepareEditorEvent..Run.png └── repro.html ├── 2016-05-20#3 AVR.NULL 696.61b iexplore.exe!mshtml.dll!CJScript9Holder..FastVarToDispatch ├── AVR.NULL 696.61b iexplore.exe!mshtml.dll!CJScript9Holder..FastVarToDispatch.html ├── AVR.NULL 696.61b iexplore.exe!mshtml.dll!CJScript9Holder..FastVarToDispatch.png ├── AVR.NULL+4.N a0b.be9 @ iexplore.exe!mshtml.dll!CJScript9Holder..CBaseToVar.html ├── AVR։NULL 61b.54e @ iexplore.exe!mshtml.dll!CJScript9Holder։։VarToVARIANT.html ├── Various NULL pointers @ microsoftedgecp.exe!EDGEHTML.dll!CJScript9Holder..FastVarToDispatch.html - Microsoft Edge Developmen.URL └── repro.xhtml ├── 2016-05-24 Assert #.56c microsoftedgecp.exe!edgehtml.dll!CDoc..TagIdFromETag ├── Assert #.56c microsoftedgecp.exe!edgehtml.dll!CDoc..TagIdFromETag.png ├── Assert ..56c microsoftedgecp.exe!edgehtml.dll!CDoc..TagIdFromETag.html ├── EdgeHTML issue - Assert #.56c microsoftedgecp.exe!edgehtml.dll!CDoc..TagIdFromETag.URL └── repro.html ├── 2016-05-24 Assert #.773 microsoftedgecp.exe!edgehtml.dll!CssInitialValue..GetAttrValue ├── Assert #.773 microsoftedgecp.exe!edgehtml.dll!CssInitialValue..GetAttrValue.html ├── Assert #.773 microsoftedgecp.exe!edgehtml.dll!CssInitialValue..GetAttrValue.png ├── EdgeHTML issue - Assert .773 microsoftedgecp.exe!edgehtml.dll!CssInitialValue..GetAttrValue.URL └── repro.html ├── 2016-05-25 AVR.NULL+4#N 109.983 microsoftedgecp.exe!edgehtml.dll!CComputeFormatState..GetComputingFirstLine ├── AVR.NULL+4#N 109.983 microsoftedgecp.exe!edgehtml.dll!CComputeFormatState..GetComputingFirstLine.html ├── AVR.NULL+4#N 109.983 microsoftedgecp.exe!edgehtml.dll!CComputeFormatState..GetComputingFirstLine.png ├── EdgeHTML issue - AVR.NULL+4N 109.983 microsoftedgecp.exe!edgehtml.dll!CComputeFormatState..GetComputingFirstLine.URL └── repro.html ├── 2016-05-26 CPUUsage 91b.a85 microsoftedgecp.exe!emodel.dll!CTabWindow.._TabWindowThreadProc ├── CPUUsage 91b.a85 microsoftedgecp.exe!emodel.dll!CTabWindow.._TabWindowThreadProc.html ├── CPUUsage 91b.a85 microsoftedgecp.exe!emodel.dll!CTabWindow.._TabWindowThreadProc.png ├── EdgeHTML issue - CPUUsage 91b.a85 microsoftedgecp.exe!emodel.dll!CTabWindow_TabWindowThreadProc.URL ├── FailFast b72.fca iexplore.exe!mshtml.dll!CView..EnsureView.html ├── FailFast b72.fca iexplore.exe!mshtml.dll!CView..EnsureView.png └── repro.svg ├── 2016-06-13 AVR.NULL+4.N 0b9.86a @ microsoftedgecp.exe!edgehtml.dll!COpenElements..Push ├── AVR.Free 0b9.86a microsoftedgecp.exe!edgehtml.dll!COpenElements..Push.html ├── AVR.Free 0b9.86a microsoftedgecp.exe!edgehtml.dll!COpenElements..Push.png ├── AVR.NULL+4#N 0b9.86a microsoftedgecp.exe!edgehtml.dll!COpenElements..Push.html ├── AVR.NULL+4#N 0b9.86a microsoftedgecp.exe!edgehtml.dll!COpenElements..Push.png ├── Free 0b9.86a @ microsoftedgecp.exe!edgehtml.dll!COpenElementsPush - Microsoft Edge Development.URL ├── notes.txt └── repro.html ├── 2016-06-14 AVR.NULL+4.N c33.013 @ microsoftedgecp.exe!edgehtml.dll!CTreePos..TestFlag ├── AVR.NULL+4N c33.013 @ microsoftedgecp.exe!edgehtml.dll!CTreePosTestFlag - Microsoft Edge Development.URL ├── repro.html ├── x64 - AVR.NULL+4#N 013.2aa microsoftedgecp.exe!edgehtml.dll!Tree..TextNode..IsGeneratedReplacement.html ├── x64 - AVR.NULL+4#N 013.2aa microsoftedgecp.exe!edgehtml.dll!Tree..TextNode..IsGeneratedReplacement.png └── x86 - AVR.NULL+4.N c33.013 @ microsoftedgecp.exe!edgehtml.dll!CTreePos..TestFlag.html ├── 2016-06-16 MSIE 11 - AVR.NULL+4.N ff9.da4 @ iexplore.exe!mshtml.dll!CSVGSwitchElement..FindAndSetVisibleChildNode ├── AVR.NULL+4.N ff9.da4 @ iexplore.exe!mshtml.dll!CSVGSwitchElement..FindAndSetVisibleChildNode.html ├── AVR.NULL+4.N ff9.da4 @ iexplore.exe!mshtml.dll!CSVGSwitchElement..FindAndSetVisibleChildNode.png └── repro.svg ├── 2016-06-17#1 Assert 56c.5df @ microsoftedgecp.exe!edgehtml.dll!CDoc..TagIdFromETag ├── Assert 56c.5df @ microsoftedgecp.exe!edgehtml.dll!CDoc..TagIdFromETag - Microsoft Edge Development.URL ├── Assert 56c.5df @ microsoftedgecp.exe!edgehtml.dll!CDoc..TagIdFromETag.html ├── Assert 56c.5df @ microsoftedgecp.exe!edgehtml.dll!CDoc..TagIdFromETag.png └── repro.html ├── 2016-06-17#2 1350n - MSIE 11 CFBB AVR.Arbitrary iexplore.exe!jscript9.dll!JavascriptThreadService..EnumerateTrackingClient ├── Analysis.txt ├── B0CF AVR.Arbitrary iexplore.exe!ntdll.dll!LdrpValidateUserCallTargetBitMapCheck.html ├── CFBB AVR.Arbitrary iexplore.exe!jscript9.dll!JavascriptThreadService..EnumerateTrackingClient.html ├── CFBB AVR.OOB+ODD iexplore.exe!jscript9.dll!JavascriptThreadService..EnumerateTrackingClient.html ├── SkyLined - CVE-2016-0199 MS16-063 MSIE 11 garbage collector attribute type confusion.URL ├── __CFBB AVE.Arbitrary iexplore.exe!jscript9.dll!JavascriptThreadService..EnumerateTrackingClient.html ├── repro_32.html ├── repro_64.html └── scanner.html ├── 2016-06-21 Magic value mitigations ├── 1177r - verifier.dll AVrfDebugPageHeapAllocate incorrect memory initialization │ ├── 2015-08-27 Chromium 525288 │ │ ├── AVR;Arbitrary chrome.exe!verifier.dll!AVrfpDphFindBusyMemoryNoCheck 27DAF4.html │ │ ├── AVR;Uninitialized+0x24 chrome.exe!msvcrt.dll!_freefls 0A3263.html │ │ ├── Analysis.txt │ │ ├── Chromium Issue 525288.URL │ │ ├── poc.html │ │ └── repro.html │ ├── AVR;Arbitrary chrome.exe!verifier.dll!AVrfpDphFindBusyMemoryNoCheck 27DAF4.html │ ├── AVR;Uninitialized+0x24 chrome.exe!msvcrt.dll!_freefls 0A3263.html │ ├── Analysis.txt │ ├── Analysis2.txt │ ├── Chrome 45.0 x86 (unknown function) Uninitialized AVR(05CFD378).html │ ├── Chrome 45.0 x86 msvcrt.dll!_freefls Uninitialized AVR(2E3B8089).html │ └── Chrome 45.0 x86 verifier.dll!AVrfpDphFindBusyMemoryNoCheck Uninitialized AVR(D38508F1).html ├── SkyLined - Magic values in 32-bit processes and 64-bit OS-es.URL ├── poc.html └── repro.html ├── 2016-06-22#1 AVR.NULL+4.N 3eb.d47 @ iexplore.exe!mshtml.dll!CDispNode..NodeReader ├── AVR.NULL+4.N 3eb.d47 @ iexplore.exe!mshtml.dll!CDispNode..NodeReader.html ├── AVR.NULL+4.N 3eb.d47 @ iexplore.exe!mshtml.dll!CDispNode..NodeReader.png └── repro.html ├── 2016-06-22#2 1312A - Chrome on x64 - createImageData arbitrary read&write ├── Analysis.txt ├── CVE-2014-1736.URL ├── Chromium 359802.URL ├── Repro │ ├── Memory.js │ ├── readPlusWriteEqualsExecute.js │ ├── repro.html │ └── sploit.html └── chrome_child.dll!v8..internal..ExternalPixelArray..SetValue Arbitrary AVW(87BB9C9D).html ├── 2016-06-23 AVR.NULL+4.N a05.7ab @ microsoftedgecp.exe!edgehtml.dll!CMarkup..GetStylesheetMarkupContext ├── AVR.NULL+4.N a05.7ab @ microsoftedgecp.exe!edgehtml.dll!CMarkup..GetStylesheetMarkupContext.html ├── AVR.NULL+4.N a05.7ab @ microsoftedgecp.exe!edgehtml.dll!CMarkup..GetStylesheetMarkupContext.png ├── NULL+4N a05.7ab @ microsoftedgecp.exe!edgehtml.dll!CMarkupGetStylesheetMarkupContext - Microsoft Edge Development.URL └── repro.html ├── 2016-06-24 AVR.NULL+4#N fdc.7e7 microsoftedgecp.exe!edgehtml.dll!Tree..NodeLocation..AttachToNode ├── AVR.NULL+4#N fdc.7e7 microsoftedgecp.exe!edgehtml.dll!Tree..NodeLocation..AttachToNode.html ├── AVR.NULL+4#N fdc.7e7 microsoftedgecp.exe!edgehtml.dll!Tree..NodeLocation..AttachToNode.png ├── NULL ptr in microsoftedgecp.exe!edgehtml.dll!TreeNodeLocationAttachToNode - Microsoft Edge Development.URL └── repro.html ├── 2016-07-04 AVR.NULL+4.N a93.16f @ iexplore.exe!mshtml.dll!CTransitionPropertyDefinition..ParsePropertyToken ├── AVR.NULL+4.N a93.16f @ iexplore.exe!mshtml.dll!CTransitionPropertyDefinition..ParsePropertyToken.html ├── AVR.NULL+4.N a93.16f @ iexplore.exe!mshtml.dll!CTransitionPropertyDefinition..ParsePropertyToken.png ├── AVR։NULL+0x1C a93.058 @ iexplore.exe!mshtml.dll!CTransitionPropertyDefinition։։ParsePropertyToken.html ├── AVR։NULL+0x1C a93.16f @ iexplore.exe!mshtml.dll!CTransitionPropertyDefinition։։ParsePropertyToken.html ├── AVR։NULL+0x30 a93.058 @ iexplore.exe!mshtml.dll!CTransitionPropertyDefinition։։ParsePropertyToken.html ├── repro AVR։NULL+N a93.058.xhtml └── repro AVR։NULL+N a93.16f.svg ├── 2016-07-05 FailFast dbd.285 iexplore.exe!mshtml.dll!CTitleElement..Notify ├── 2.html ├── FailFast dbd.285 iexplore.exe!mshtml.dll!CTitleElement..Notify.html ├── FailFast dbd.285 iexplore.exe!mshtml.dll!CTitleElement..Notify.png └── repro.html ├── 2016-07-06#1 RecursiveCall 4b8.bc1 @ iexplore.exe!mshtml.dll!CDispContainer..FinalizeChildren ├── RecursiveCall 4b8.bc1 @ iexplore.exe!mshtml.dll!CDispContainer..FinalizeChildren.html ├── RecursiveCall 4b8.bc1 @ iexplore.exe!mshtml.dll!CDispContainer..FinalizeChildren.png ├── aka RecursiveCall 575.b1b @ iexplore.exe!mshtml.dll!CDispContainer..DrawChildren.html └── repro.html ├── 2016-07-06#2 Assert efc.2c0 @ microsoftedgecp.exe!edgehtml.dll!CJScript9Holder..GetPrototype ├── Assert efc.2c0 microsoftedgecp.exe!edgehtml.dll!CJScript9Holder..GetPrototype.html ├── Assert efc.2c0 microsoftedgecp.exe!edgehtml.dll!CJScript9Holder..GetPrototype.png └── repro.html ├── 2016-07-07#1 AVR.NULL+2.N 41b.16f @ microsoftedgecp.exe!edgehtml.dll!Tree..ANode..IsInTree ├── AVR.NULL+2#N 41b.16f microsoftedgecp.exe!edgehtml.dll!Tree..ANode..IsInTree.html ├── AVR.NULL+2#N 41b.16f microsoftedgecp.exe!edgehtml.dll!Tree..ANode..IsInTree.png ├── IsInTree NULL pointer - Microsoft Edge Development.URL └── repro.html ├── 2016-07-07#2 AVR.NULL 484.a53 @ microsoftedgecp.exe!edgehtml.dll!CTreePosGap..PartitionPointers ├── AVR.NULL 484.a53 microsoftedgecp.exe!edgehtml.dll!CTreePosGap..PartitionPointers.html ├── AVR.NULL 484.a53 microsoftedgecp.exe!edgehtml.dll!CTreePosGap..PartitionPointers.png ├── EdgeHTML issue - NULL 484.a53 @ microsoftedgecp.exe!edgehtml.dll!CTreePosGapPartitionPointers.URL └── repro.html ├── 2016-07-08 AVR։NULL+4⁎N ddf.47b @ iexplore.exe!mshtml.dll!CHtPvPvBaseT〈...〉։։FindEntry ├── AVR։NULL+4⁎N ddf.47b @ iexplore.exe!mshtml.dll!CHtPvPvBaseT〈...〉։։FindEntry.html ├── AVR։NULL+4⁎N ddf.47b @ iexplore.exe!mshtml.dll!CHtPvPvBaseT〈...〉։։FindEntry.png └── repro.xhtml ├── 2016-07-11 FailFast b72.fca @ iexplore.exe!mshtml.dll!CView։։EnsureView ├── FailFast b72.fca @ iexplore.exe!mshtml.dll!CView։։EnsureView.html ├── FailFast b72.fca @ iexplore.exe!mshtml.dll!CView։։EnsureView.png └── repro.svg ├── 2016-07-12#1 AVR.NULL+4#N cc0.fda microsoftedgecp.exe!edgehtml.dll!Tree..TreeWriter..InsertSingleElement ├── AVR.NULL+4#N cc0.fda microsoftedgecp.exe!edgehtml.dll!Tree..TreeWriter..InsertSingleElement.html ├── AVR.NULL+4#N cc0.fda microsoftedgecp.exe!edgehtml.dll!Tree..TreeWriter..InsertSingleElement.png ├── EdgeHTML issue - NULL+4N cc0.fda @ microsoftedgecp.exe!edgehtml.dll!TreeTreeWriterInsertSingleElement.URL └── repro.html ├── 2016-07-12#2 AVR.NULL d6a.a07 microsoftedgecp.exe!edgehtml.dll!EdUtil..GetCommonAncestorElement ├── AVR.NULL d6a.a07 microsoftedgecp.exe!edgehtml.dll!EdUtil..GetCommonAncestorElement.html ├── AVR.NULL d6a.a07 microsoftedgecp.exe!edgehtml.dll!EdUtil..GetCommonAncestorElement.png ├── EdgeHTML issue - NULL d6a.a07 @ microsoftedgecp.exe!edgehtml.dll!EdUtilGetCommonAncestorElement.URL └── repro.html ├── 2016-07-12#3 AVR.NULL 273.c63 @ iexplore.exe!mshtml.dll!Tree..ElementNode..GetNearestCElement ├── AVR։NULL 273.c63 @ iexplore.exe!mshtml.dll!Tree։։ElementNode։։GetNearestCElement.html ├── AVR։NULL 273.c63 @ iexplore.exe!mshtml.dll!Tree։։ElementNode։։GetNearestCElement.png └── repro.xhtml ├── 2016-07-12#4 Edge CPUUsage & MSIE 11 NULL ptr with removeFormat ├── AVR։NULL e4d.2f3 @ iexplore.exe!mshtml.dll!GetParentElement.html ├── AVR։NULL e4d.2f3 @ iexplore.exe!mshtml.dll!GetParentElement.png ├── CPUUsage 91b.a85 @ microsoftedgecp.exe!emodel.dll!CTabWindow։։_TabWindowThreadProc.html └── repro - removeFormat.svg ├── 2016-07-13#1 Assert a56.92c @ microsoftedgecp.exe!edgehtml.dll!CElement..EnterMarkup ├── Assert a56.92c @ microsoftedgecp.exe!edgehtml.dll!CElement։։EnterMarkup - Microsoft Edge Development.URL ├── Assert a56.92c @ microsoftedgecp.exe!edgehtml.dll!CElement։։EnterMarkup.html ├── Assert a56.92c @ microsoftedgecp.exe!edgehtml.dll!CElement։։EnterMarkup.png └── repro.html ├── 2016-07-13#2 AVR.NULL+4.N b00.bf9 @ microsoftedgecp.exe!edgehtml.dll!Tree..ANode..Parent ├── AVR.NULL+4#N b00.bf9 microsoftedgecp.exe!edgehtml.dll!Tree..ANode..Parent.html ├── AVR.NULL+4#N b00.bf9 microsoftedgecp.exe!edgehtml.dll!Tree..ANode..Parent.png ├── NULL pointer in microsoftedgecp.exe!edgehtml.dll!TreeANodeParent - Microsoft Edge Development.URL └── repro.html ├── 2016-07-14 AVR։NULL+4⁎N 013.2aa @ microsoftedgecp.exe!edgehtml.dll!Tree։։TextNode։։IsGeneratedReplacement ├── AVR։NULL+4⁎N 013.2aa @ microsoftedgecp.exe!edgehtml.dll!Tree։։TextNode։։IsGeneratedReplacement.html ├── AVR։NULL+4⁎N 013.2aa @ microsoftedgecp.exe!edgehtml.dll!Tree։։TextNode։։IsGeneratedReplacement.png ├── NULL pointer in microsoftedgecp.exe!edgehtml.dll!Tree։։TextNode։։IsGeneratedReplacement - Microsoft Edge Development.URL └── repro.html ├── 2016-07-25 AVR։NULL+4⁎N 733.4f3 @ microsoftedgecp.exe!edgehtml.dll!CDispNode։։GetDispClient ├── AVR։NULL+4⁎N 733.4f3 @ microsoftedgecp.exe!edgehtml.dll!CDispNode։։GetDispClient - Microsoft Edge Development.URL ├── AVR։NULL+4⁎N 733.4f3 @ microsoftedgecp.exe!edgehtml.dll!CDispNode։։GetDispClient.html ├── AVR։NULL+4⁎N 733.4f3 @ microsoftedgecp.exe!edgehtml.dll!CDispNode։։GetDispClient.png └── repro.html ├── 2016-07-26 AVR։NULL+4⁎N b00.e6c @ microsoftedgecp.exe!edgehtml.dll!Tree։։ANode։։Parent ├── AVR։NULL+4⁎N b00.e6c @ microsoftedgecp.exe!edgehtml.dll!Tree։։ANode։։Parent.html ├── AVR։NULL+4⁎N b00.e6c @ microsoftedgecp.exe!edgehtml.dll!Tree։։ANode։։Parent.png ├── Another NULL pointer in microsoftedgecp.exe!edgehtml.dll!Tree։։ANode։։Parent - Microsoft Edge Development.URL └── repro.html ├── 2016-07-27 AVR։NULL+4⁎N e7b.8e3 @ microsoftedgecp.exe!edgehtml.dll!CImplAry։։AppendIndirect〈...〉 ├── Microsoft Edge issue 8297088.URL ├── repro.html ├── x64 AVR։NULL e7b.8e3 @ microsoftedgecp.exe!edgehtml.dll!CImplAry։։AppendIndirect〈...〉.html ├── x64 AVR։NULL e7b.8e3 @ microsoftedgecp.exe!edgehtml.dll!CImplAry։։AppendIndirect〈...〉.png ├── x86 AVR։NULL+4 e1b.8e3 @ microsoftedgecp.exe!edgehtml.dll!CImplAry։։AppendIndirect〈...〉.html └── x86 AVR։NULL+4 e1b.8e3 @ microsoftedgecp.exe!edgehtml.dll!CImplAry։։AppendIndirect〈...〉.png ├── 2016-07-28 CPUUsage 163.0b9 @ iexplore.exe!mshtml.dll!SBidiAnalysis։։CheckIfBidiAnalysisIsNeeded ├── CPUUsage 163.0b9 @ iexplore.exe!mshtml.dll!SBidiAnalysis։։CheckIfBidiAnalysisIsNeeded.html ├── CPUUsage 163.0b9 @ iexplore.exe!mshtml.dll!SBidiAnalysis։։CheckIfBidiAnalysisIsNeeded.png └── repro.xhtml ├── 2016-07-29 RecursiveCall 984.c3f @ microsoftedgecp.exe!edgehtml.dll!BuildTransition ├── Microsoft Edge issue 8327054.URL ├── RecursiveCall 984.4e8 @ microsoftedgecp.exe!edgehtml.dll!BuildTransition.html ├── RecursiveCall 984.4e8 @ microsoftedgecp.exe!edgehtml.dll!BuildTransition.png ├── RecursiveCall 984.c3f @ microsoftedgecp.exe!edgehtml.dll!BuildTransition.html ├── RecursiveCall 984.c3f @ microsoftedgecp.exe!edgehtml.dll!BuildTransition.png └── repro.svg ├── 2016-08-01 CPUUsage 5f5.c02 @ iexplore.exe!d2d1.dll!CDasher։։Flush ├── CPUUsage 176.c8f @ iexplore.exe!user32.dll!_fnDWORD.html ├── CPUUsage 4cf.0b1 @ iexplore.exe!d2d1.dll!CShape։։Reset.html ├── CPUUsage 5f5.c02 @ iexplore.exe!d2d1.dll!CDasher։։Flush.html ├── CPUUsage 5f5.c02 @ iexplore.exe!d2d1.dll!CDasher։։Flush.png ├── CPUUsage 90d.303 @ iexplore.exe!mshtml.dll!`TextInput։։TextInputLogging։։Instance'։։`2'։։`dynamic atexit destructor for 'wrapper''.html ├── CPUUsage c8c.cdf @ iexplore.exe!d2d1.dll!CHwSurfaceRenderTarget։։ProcessBatch.html └── repro.svg ├── 2016-08-02 AVR։NULL+4 7dd.12d @ microsoftedgecp.exe!edgehtml.dll!Tree։։TreeWriter։։RemoveGeneratedContentInSubtree ├── AVR։NULL+4 7dd.12d @ microsoftedgecp.exe!edgehtml.dll!Tree։։TreeWriter։։RemoveGeneratedContentInSubtree - Microsoft Edge Dev.URL ├── AVR։NULL+4 7dd.12d @ microsoftedgecp.exe!edgehtml.dll!Tree։։TreeWriter։։RemoveGeneratedContentInSubtree.html ├── AVR։NULL+4 7dd.12d @ microsoftedgecp.exe!edgehtml.dll!Tree։։TreeWriter։։RemoveGeneratedContentInSubtree.png └── repro.xhtml ├── 2016-08-03 CPUUsage cc5.3b0 @ iexplore.exe!mshtml.dll!Layout։։FlowBoxBuilder։։BuildBoxItem ├── CPUUsage 90d.3b0 @ iexplore.exe!mshtml.dll!`TextInput։։TextInputLogging։։Instance'։։`2'։։`dynamic atexit destructor for 'wrapper''.html ├── CPUUsage cc5.3b0 @ iexplore.exe!mshtml.dll!Layout։։FlowBoxBuilder։։BuildBoxItem.html ├── CPUUsage cc5.3b0 @ iexplore.exe!mshtml.dll!Layout։։FlowBoxBuilder։։BuildBoxItem.png └── repro.xhtml ├── 2016-08-09 AVR։OOB[0x21A]+6 922.cc0 @ FoxitReader_Lib_Full.exe!msvcr100.dll!wcsstr ├── AVR։OOB[0x21A]+6 922.cc0 @ FoxitReader_Lib_Full.exe!msvcr100.dll!wcsstr.html └── AVR։OOB[0x21A]+6 922.cc0 @ FoxitReader_Lib_Full.exe!msvcr100.dll!wcsstr.png ├── 2016-08-10 AVR։NULL+0x10 edc.f54 @ firefox.exe!xul.dll!nsEditor։։IsTextNode ├── 1254975 – NULL pointer crash in nsEditorIsTextNode.URL ├── AVR։NULL+0x10 edc.f54 @ firefox.exe!xul.dll!nsEditor։։IsTextNode.html ├── AVR։NULL+0x10 edc.f54 @ firefox.exe!xul.dll!nsEditor։։IsTextNode.png └── repro.html ├── 2016-08-11 AOO Writer AVR։NULL+0x5C f15.f2b @ soffice.exe!tl.dll!String։։Equals ├── AVR։NULL+0x5C f15.f2b @ soffice.exe!tl.dll!String։։Equals.html ├── AVR։NULL+0x5C f15.f2b @ soffice.exe!tl.dll!String։։Equals.png └── repro.rtf ├── 2016-08-12 AOO Writer AVR։NULL+0x4E f32.921 @ soffice.exe!tl.dll!SvStream։։Write ├── AVR։NULL+0x4E f32.921 @ soffice.exe!tl.dll!SvStream։։Write.html ├── AVR։NULL+0x4E f32.921 @ soffice.exe!tl.dll!SvStream։։Write.png └── repro.rtf ├── 2016-08-15 AOO Writer AVR։NULL+0x38 3f0.x @ soffice.exe!msword.dll+0xCE0F ├── AVR։NULL+0x38 3f0.3ff @ soffice.exe!msword.dll+0xCE0F.html ├── AVR։NULL+0x38 3f0.3ff @ soffice.exe!msword.dll+0xCE0F.png ├── AVR։NULL+0x38 3f0.601 @ soffice.exe!msword.dll+0xCE0F.html ├── AVR։NULL+0x38 3f0.601 @ soffice.exe!msword.dll+0xCE0F.png ├── repro 3f0.3ff.rtf └── repro 3f0.601.rtf ├── 2016-08-16 AVR.OOB+4.N 900.c14 @ microsoftedgecp.exe!ieapfltr.dll!Canon..UnescapeChar ├── Analysis.md ├── OOBR[0x18] 900.c14 @ microsoftedgecp.exe!ieapfltr.dll!Canon։։UnescapeChar〈...〉.html ├── OOBR[0x18] 900.c14 @ microsoftedgecp.exe!ieapfltr.dll!Canon։։UnescapeChar〈...〉.png ├── OOBR[4.N] 900.c14 @ microsoftedgecp.exe!ieapfltr.dll!Canon..UnescapeChar......html └── repro.html ├── 2016-08-17 AOO Writer AVW։NULL+0x69 8f0.3ff @ soffice.exe!msword.dll+0xA709 ├── AVW։NULL+0x69 8f0.3ff @ soffice.exe!msword.dll+0xA709.html ├── AVW։NULL+0x69 8f0.3ff @ soffice.exe!msword.dll+0xA709.png └── repro.rtf ├── 2016-08-31 AVR։NULL+0x4C 067.c2a @ microsoftedgecp.exe!edgehtml.dll!CTreeNode։։Element ├── AVR։NULL+0x4C 067.c2a @ microsoftedgecp.exe!edgehtml.dll!CTreeNode։։Element.html ├── AVR։NULL+0x4C 067.c2a @ microsoftedgecp.exe!edgehtml.dll!CTreeNode։։Element.png ├── AVR։NULL+4⁎N a5b.577 @ microsoftedgecp.exe!edgehtml.dll!Tree։։TreeWriter։։Unwrap.html ├── CPUUsage 0e7.89a @ microsoftedgecp.exe!edgehtml.dll!CIndentCommand։։ApplyBlockCommand.html ├── CPUUsage 0e7.89a @ microsoftedgecp.exe!edgehtml.dll!CIndentCommand։։ApplyBlockCommand.png ├── edgehtml.dll!CTreeNode։։Element - Microsoft Edge issue 8720750.URL ├── repro AVR։NULL+0x4C 067.c2a.xhtml ├── repro CPUUsage.xhtml └── repro.xhtml ├── 2016-08-31 Assert c46.b93 @ microsoftedgecp.exe!edgehtml.dll!CDocument։։item ├── Assert c46.b93 @ microsoftedgecp.exe!edgehtml.dll!CDocument։։item.html ├── Assert c46.b93 @ microsoftedgecp.exe!edgehtml.dll!CDocument։։item.png ├── Microsoft Edge issue 8731652.URL ├── repro.html └── repro.xhtml ├── 2016-09-05 RecursiveCall 25e.cb0 @ microsoftedgecp.exe!edgehtml.dll!CTreeNode։։ComputeFormatsHelper ├── RecursiveCall 25e.cb0 @ microsoftedgecp.exe!edgehtml.dll!CTreeNode։։ComputeFormatsHelper.html ├── RecursiveCall 25e.cb0 @ microsoftedgecp.exe!edgehtml.dll!CTreeNode։։ComputeFormatsHelper.png ├── RecursiveCall 5d7.000 @ microsoftedgecp.exe!edgehtml.dll!CGeneratedElement։։ComputeFormats.html └── repro.xhtml ├── 2016-09-06 AVR։NULL de7.553 @ chrome.exe!chrome_child.dll!blink։։DOMDataStore։։setWrapper ├── AVR։NULL de7.f91 @ chrome.exe!chrome_child.dll!blink։։DOMDataStore։։setWrapper.html ├── AVR։NULL de7.f91 @ chrome.exe!chrome_child.dll!blink։։DOMDataStore։։setWrapper.png ├── Issue 644237 - chromium - AVR։NULL de7.553 @ chrome.exe!chrome_child.dll!blink։։DOMDataStore։։setWrapper - Monorail.URL └── repro.html ├── 2016-09-07 AVR։NULL+0xC 91a.06f @ chrome.exe!chrome_child.dll!v8_inspector։։V8StackTraceImpl։։topLineNumber ├── AVR։NULL+0xC 91a.06f @ chrome.exe!chrome_child.dll!v8_inspector։։V8StackTraceImpl։։topLineNumber.html ├── AVR։NULL+0xC 91a.06f @ chrome.exe!chrome_child.dll!v8_inspector։։V8StackTraceImpl։։topLineNumber.png ├── Issue 644629 - chromium - AVR։NULL+0xC 91a.06f @ chrome.exe!chrome_child.dll!v8_inspector։։V8StackTraceImpl։։topLineNumber -.URL └── repro.html ├── 2016-09-09 Assert 115.214 @ microsoftedgecp.exe!edgehtml.dll!Css3Calc։։GetIntoUnitValue ├── Assert 115.214 @ microsoftedgecp.exe!edgehtml.dll!Css3Calc։։GetIntoUnitValue.html ├── Assert 115.214 @ microsoftedgecp.exe!edgehtml.dll!Css3Calc։։GetIntoUnitValue.png ├── Assert 596.115 @ microsoftedgecp.exe!edgehtml.dll!CFormatInfo։։CacheCalc.html ├── Assert 596.115 @ microsoftedgecp.exe!edgehtml.dll!CFormatInfo։։CacheCalc.png ├── Microsoft Edge bug 8862383.URL └── repro.html ├── 2016-09-12 Assert 00d.bba @ microsoftedgecp.exe!edgehtml.dll!Tree։։TextBlockBuilder։։AddAtomRun ├── Assert 00d.68e @ microsoftedgecp.exe!edgehtml.dll!Tree։։TextBlockBuilder։։AddAtomRun.html ├── Assert 00d.68e @ microsoftedgecp.exe!edgehtml.dll!Tree։։TextBlockBuilder։։AddAtomRun.png ├── Assert 00d.bba @ microsoftedgecp.exe!edgehtml.dll!Tree։։TextBlockBuilder։։AddAtomRun.html ├── Assert 00d.bba @ microsoftedgecp.exe!edgehtml.dll!Tree։։TextBlockBuilder։։AddAtomRun.png ├── Microsoft Edge bug 8862388.URL └── repro.html ├── 2016-09-13 Assert c99.5c0 @ microsoftedgecp.exe!edgehtml.dll!Edit։։Selection։։SetBoundaryPositions ├── Assert c99.3af @ microsoftedgecp.exe!edgehtml.dll!Edit։։Selection։։SetBoundaryPositions.html ├── Assert c99.3af @ microsoftedgecp.exe!edgehtml.dll!Edit։։Selection։։SetBoundaryPositions.png ├── Assert c99.5c0 @ microsoftedgecp.exe!edgehtml.dll!Edit։։Selection։։SetBoundaryPositions.html ├── Assert c99.5c0 @ microsoftedgecp.exe!edgehtml.dll!Edit։։Selection։։SetBoundaryPositions.png ├── repro c99.3af.html └── repro c99.5c0.html ├── 2016-09-14 Assert 732.b0f @ microsoftedgecp.exe!edgehtml.dll!CScriptCollection։։GetHolderForLanguageHelper ├── Assert 732.b0f @ microsoftedgecp.exe!edgehtml.dll!CScriptCollection։։GetHolderForLanguageHelper.html ├── Assert 732.b0f @ microsoftedgecp.exe!edgehtml.dll!CScriptCollection։։GetHolderForLanguageHelper.png └── repro.html ├── 2016-09-15 Assert c99.119 @ microsoftedgecp.exe!edgehtml.dll!Edit։։Selection։։SetBoundaryPositions ├── Assert c99.119 @ microsoftedgecp.exe!edgehtml.dll!Edit։։Selection։։SetBoundaryPositions.html ├── Assert c99.119 @ microsoftedgecp.exe!edgehtml.dll!Edit։։Selection։։SetBoundaryPositions.png ├── g.svg └── repro.html ├── 2016-09-16 AVR։NULL 9e2.015 @ microsoftedgecp.exe!edgehtml.dll!Layout։։LineBoxBuilder։։CreateLineForFlow ├── AVR։NULL 9e2.015 @ microsoftedgecp.exe!edgehtml.dll!Layout։։LineBoxBuilder։։CreateLineForFlow.html ├── AVR։NULL 9e2.015 @ microsoftedgecp.exe!edgehtml.dll!Layout։։LineBoxBuilder։։CreateLineForFlow.png ├── Microsoft Edge issue 8989831.URL └── repro.html ├── 2016-09-19 AVR։NULL+0x10 ea0.a69 @ firefox.exe!xul.dll!mozilla։։EditorBase։։IsTextNode ├── AVR։NULL+0x10 edc.f54 @ firefox.exe!xul.dll!nsEditor։։IsTextNode.html ├── AVR։NULL+0x10 edc.f54 @ firefox.exe!xul.dll!nsEditor։։IsTextNode.png ├── AVR։NULL+0x20 f54.7f7 @ plugin-container.exe!xul.dll!nsHTMLEditRules։։GetNodesForOperation.html ├── AVR։NULL+0x20 f54.7f7 @ plugin-container.exe!xul.dll!nsHTMLEditRules։։GetNodesForOperation.png ├── Bug 1301663.URL └── repro.html ├── 2016-09-20 AVR։NULL+0x4C 05a.40a @ microsoftedgecp.exe!edgehtml.dll!Tree։։ANode։։LayoutPlacement ├── AVR։NULL+0x4C 05a.40a @ microsoftedgecp.exe!edgehtml.dll!Tree։։ANode։։LayoutPlacement.html ├── AVR։NULL+0x4C 05a.40a @ microsoftedgecp.exe!edgehtml.dll!Tree։։ANode։։LayoutPlacement.png ├── Microsoft Edge issue 9007925.URL └── repro.html ├── 2016-09-29 RecursiveCall a54.e7e @ microsoftedgecp.exe!edgehtml.dll!CElement։։ApplyDefaultFormat ├── Microsoft Edge bug 9132521.URL ├── RecursiveCall a54.e7e @ microsoftedgecp.exe!edgehtml.dll!CElement։։ApplyDefaultFormat.html ├── RecursiveCall a54.e7e @ microsoftedgecp.exe!edgehtml.dll!CElement։։ApplyDefaultFormat.png └── repro.xhtml ├── 2016-10-04 Assert 257.336 @ microsoftedgecp.exe!edgehtml.dll!CAryWindowTbl։։ReinitializeProxyVarIterationHandle ├── Assert 257.336 @ microsoftedgecp.exe!edgehtml.dll!CAryWindowTbl։։ReinitializeProxyVarIterationHandle.html ├── Assert 257.336 @ microsoftedgecp.exe!edgehtml.dll!CAryWindowTbl։։ReinitializeProxyVarIterationHandle.png ├── Microsft Edge issue 9201989.URL └── repro.html ├── 2016-10-05 Assert 943.e56 @ microsoftedgecp.exe!edgehtml.dll!Collections։։SCircularBuffer〈...〉։։GetAt ├── Assert 943.e56 @ microsoftedgecp.exe!edgehtml.dll!Collections։։SCircularBuffer〈...〉։։GetAt.html ├── Assert 943.e56 @ microsoftedgecp.exe!edgehtml.dll!Collections։։SCircularBuffer〈...〉։։GetAt.png ├── Edge issue 9227510.URL └── repro.html ├── 2016-10-06 Assert c99.5a8 @ microsoftedgecp.exe!edgehtml.dll!Edit։։Selection։։SetBoundaryPositions ├── Assert c99.5a8 @ microsoftedgecp.exe!edgehtml.dll!Edit։։Selection։։SetBoundaryPositions.html ├── Assert c99.5a8 @ microsoftedgecp.exe!edgehtml.dll!Edit։։Selection։։SetBoundaryPositions.png ├── Edge issue 9227503.URL └── repro.html ├── 2016-10-07 Assert c99.227 @ microsoftedgecp.exe!edgehtml.dll!Edit։։Selection։։SetBoundaryPositions ├── Assert c99.227 @ microsoftedgecp.exe!edgehtml.dll!Edit։։Selection։։SetBoundaryPositions.html ├── Assert c99.227 @ microsoftedgecp.exe!edgehtml.dll!Edit։։Selection։։SetBoundaryPositions.png └── repro.html ├── 2016-10-10 AVR։NULL+0x7C d87.353 @ firefox.exe!xul.dll!mozilla։։dom։։HTMLTrackElement։։HTMLTrackElement ├── AVR։NULL+0x7C d87.353 @ firefox.exe!xul.dll!mozilla։։dom։։HTMLTrackElement։։HTMLTrackElement.html ├── AVR։NULL+0x7C d87.353 @ firefox.exe!xul.dll!mozilla։։dom։։HTMLTrackElement։։HTMLTrackElement.png ├── Bugzilla@Mozilla 1308862.URL └── repro.svg ├── 2016-10-11 OOM 164.313 @ chrome.exe!chrome_child.dll!cc։։PaintedScrollbarLayer։։RasterizeScrollbarPart ├── OOM 164.313 @ chrome.exe!chrome_child.dll!cc։։PaintedScrollbarLayer։։RasterizeScrollbarPart.html ├── OOM 164.313 @ chrome.exe!chrome_child.dll!cc։։PaintedScrollbarLayer։։RasterizeScrollbarPart.png └── repro.html ├── 2016-10-12 AVR։NULL+8 825.0b4 @ microsoftedgecp.exe!edgehtml.dll!Layout։։Patchable〈...〉։։Readable ├── AVR։NULL+8 825.0b4 @ microsoftedgecp.exe!edgehtml.dll!Layout։։Patchable〈...〉։։Readable.html ├── AVR։NULL+8 825.0b4 @ microsoftedgecp.exe!edgehtml.dll!Layout։։Patchable〈...〉։։Readable.png ├── Microsoft Edge issue 9319292.URL └── repro.svg ├── 2016-10-13 AVR։NULL+0x188 2c5.ee9 @ microsoftedgecp.exe!edgehtml.dll!Tree։։TreeWriter։։ ├── AVR։NULL+0x108 2c5.ee9 @ microsoftedgecp.exe!edgehtml.dll!Tree։։TreeWriter։։Notify_IMEComposition_BeforeInsertAtReferencePosition.html ├── AVR։NULL+0x188 2c5.ee9 @ microsoftedgecp.exe!edgehtml.dll!Tree։։TreeWriter։։Notify_IMEComposition_BeforeInsertAtReferencePosition.html ├── AVR։NULL+0x188 2c5.ee9 @ microsoftedgecp.exe!edgehtml.dll!Tree։։TreeWriter։։Notify_IMEComposition_BeforeInsertAtReferencePosition.png └── repro.svg ├── 2016-10-14 Assert 1da.c56 @ microsoftedgecp.exe!edgehtml.dll!SBidiAnalysis։։GetCharProperties ├── Assert 1da.c56 @ microsoftedgecp.exe!edgehtml.dll!SBidiAnalysis։։GetCharProperties.html ├── Assert 1da.c56 @ microsoftedgecp.exe!edgehtml.dll!SBidiAnalysis։։GetCharProperties.png ├── Microsoft Edge issue 9370061.URL └── repro.html ├── 2016-10-19 AVR։NULL+0x10 1fa.bfa @ iexplore.exe!mshtml.dll!CDoc։։UpdateDesignMode ├── repro.html ├── x64 AVR։NULL+0x10 1fa.bfa @ iexplore.exe!mshtml.dll!CDoc։։UpdateDesignMode.html ├── x64 AVR։NULL+0x10 1fa.bfa @ iexplore.exe!mshtml.dll!CDoc։։UpdateDesignMode.png ├── x86 AVR։NULL+0xC 21f.1fa @ iexplore.exe!mshtml.dll!COmWindowProxy։։Markup.html └── x86 AVR։NULL+0xC 21f.1fa @ iexplore.exe!mshtml.dll!COmWindowProxy։։Markup.png ├── 2016-10-20 Assert 0d9.96b @ firefox.exe!xul.dll!gfxFontGroup։։GetDefaultFont ├── Mozilla Firefox bug 1311612.URL ├── Source։ gfx ⁄ thebes ⁄ gfxTextRun.cpp line 1847.URL ├── repro.svg ├── x86 Assert 0d9.96b @ firefox.exe!xul.dll!gfxFontGroup։։GetDefaultFont.html └── x86 Assert 0d9.96b @ firefox.exe!xul.dll!gfxFontGroup։։GetDefaultFont.png ├── 2016-10-21#1 RecursiveCall 984.8ae @ microsoftedgecp.exe!edgehtml.dll!BuildTransition ├── RecursiveCall 3b5.4ca @ microsoftedgecp.exe!edgehtml.dll!DllEnumClassObjects.html ├── RecursiveCall 3b5.4ca @ microsoftedgecp.exe!edgehtml.dll!DllEnumClassObjects.png ├── RecursiveCall 984.8ae @ microsoftedgecp.exe!edgehtml.dll!BuildTransition.html ├── RecursiveCall 984.8ae @ microsoftedgecp.exe!edgehtml.dll!BuildTransition.png └── repro.html ├── 2016-10-21#2 RecursiveCall a3f.efa @ microsoftedgecp.exe!edgehtml.dll!AnimationPostProcessUnitValue ├── RecursiveCall a3f.efa @ microsoftedgecp.exe!edgehtml.dll!AnimationPostProcessUnitValue.html ├── RecursiveCall a3f.efa @ microsoftedgecp.exe!edgehtml.dll!AnimationPostProcessUnitValue.png └── repro.svg ├── 2016-10-21#3 AVR։NULL+N 983.653 @ microsoftedgecp.exe!edgehtml.dll!CElement։։ApplyInnerOuterFormats ├── Microsoft Edge issue 9457946.URL ├── repro.html ├── x64 AVR։NULL+8 983.653 @ microsoftedgecp.exe!edgehtml.dll!CElement։։ApplyInnerOuterFormats.html ├── x64 AVR։NULL+8 983.653 @ microsoftedgecp.exe!edgehtml.dll!CElement։։ApplyInnerOuterFormats.png ├── x86 AVR։NULL+4 983.653 @ microsoftedgecp.exe!edgehtml.dll!CElement։։ApplyInnerOuterFormats.html └── x86 AVR։NULL+4 983.653 @ microsoftedgecp.exe!edgehtml.dll!CElement։։ApplyInnerOuterFormats.png ├── 2016-10-24 Assert 9c8.c88 @ microsoftedgecp.exe!edgehtml.dll!Tree։։TreeWriter։։Notify_BeforeRemoveNode_Safe ├── Assert 9c8.c88 @ microsoftedgecp.exe!edgehtml.dll!Tree։։TreeWriter։։Notify_BeforeRemoveNode_Safe.html ├── Assert 9c8.c88 @ microsoftedgecp.exe!edgehtml.dll!Tree։։TreeWriter։։Notify_BeforeRemoveNode_Safe.png ├── Microsoft Edge issue 9515677.URL └── repro.svg ├── 2016-10-25 Assert 314.33f @ microsoftedgecp.exe!edgehtml.dll!Tree։։STextPosition։։CompareCrossDocument ├── Assert 314.33f @ microsoftedgecp.exe!edgehtml.dll!Tree։։STextPosition։։CompareCrossDocument.html ├── Assert 314.33f @ microsoftedgecp.exe!edgehtml.dll!Tree։։STextPosition։։CompareCrossDocument.png ├── Microsoft Edge issue 9515683.URL └── repro.html ├── 2016-10-26 AVR։NULL+N 843.433 @ iexplore.exe!mshtml.dll!CSelectedControlAdorner։։DrawToSurface ├── AVR։NULL+0x18 843.433 @ iexplore.exe!mshtml.dll!CSelectedControlAdorner։։DrawToSurface.html ├── AVR։NULL+0x18 843.433 @ iexplore.exe!mshtml.dll!CSelectedControlAdorner։։DrawToSurface.png ├── AVR։NULL+0xC 843.433 @ iexplore.exe!mshtml.dll!CSelectedControlAdorner։։DrawToSurface.html ├── AVR։NULL+0xC 843.433 @ iexplore.exe!mshtml.dll!CSelectedControlAdorner։։DrawToSurface.png └── repro.svg ├── 2016-10-27 Assert c99.d84 @ microsoftedgecp.exe!edgehtml.dll!Edit։։Selection։։SetBoundaryPositions ├── Assert c99.d84 @ microsoftedgecp.exe!edgehtml.dll!Edit։։Selection։։SetBoundaryPositions.html ├── Assert c99.d84 @ microsoftedgecp.exe!edgehtml.dll!Edit։։Selection։։SetBoundaryPositions.png ├── Microsoft Edge issue 9564413.URL └── repro.html ├── 2016-10-28 AVR։NULL+0x28 935.267 @ microsoftedgecp.exe!edgehtml.dll!Layout։։ContainerBox։։UpdateDisplayNode ├── AVR։NULL+0x1C 3eb.935 @ microsoftedgecp.exe!edgehtml.dll!CDispNode։։NodeReader.html ├── AVR։NULL+0x28 935.267 @ microsoftedgecp.exe!edgehtml.dll!Layout։։ContainerBox։։UpdateDisplayNode.html ├── AVR։NULL+0x28 935.267 @ microsoftedgecp.exe!edgehtml.dll!Layout։։ContainerBox։։UpdateDisplayNode.png ├── Microsoft Edge issue 9573413.URL └── repro.html ├── 2016-10-31 AVR։NULL+4 e09.0b4 @ microsoftedgecp.exe!edgehtml.dll!Layout։։Patchable〈...〉։։Readable ├── repro.svg ├── x64 AVR։NULL+8 825.0b4 @ microsoftedgecp.exe!edgehtml.dll!Layout։։Patchable〈...〉։։Readable.html ├── x64 AVR։NULL+8 825.0b4 @ microsoftedgecp.exe!edgehtml.dll!Layout։։Patchable〈...〉։։Readable.png ├── x86 AVR։NULL+4 e09.0b4 @ microsoftedgecp.exe!edgehtml.dll!Layout։։Patchable〈...〉։։Readable.html └── x86 AVR։NULL+4 e09.0b4 @ microsoftedgecp.exe!edgehtml.dll!Layout։։Patchable〈...〉։։Readable.png └── 2016-11-10#2 MisalignedFree[0x212]+8 6c5.639 @ explorer.exe!thumbcache.dll!CThumbnailCache.._GetThumbnailInternal ├── Analysis.md └── MisalignedFree[0x212]+8 6c5.639 @ explorer.exe!thumbcache.dll!CThumbnailCache.._GetThumbnailInternal.html /.gitignore: -------------------------------------------------------------------------------- 1 | \#* 2 | *.lnk 3 | #*.URL 4 | *.zip 5 | details.txt 6 | -------------------------------------------------------------------------------- /2014-03-02 MSIE 11 MSHTML BaseCSSParser..RecordProperty OOBR/repro.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | -------------------------------------------------------------------------------- /2014-04-01 MSIE 9 MSHTML CAttrArray UAF/repro.html: -------------------------------------------------------------------------------- 1 | 2 | 10 | -------------------------------------------------------------------------------- /2014-05-02 MSIE 11 MSHTML CView..CalculateImageImmunity UAF/hasChildNodes.html: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /2014-05-02 MSIE 11 MSHTML CView..CalculateImageImmunity UAF/repro.html: -------------------------------------------------------------------------------- 1 | 8 | -------------------------------------------------------------------------------- /2014-05-14 MSIE 9 MSHTML CMarkup..ReloadInCompatView UAF/repro.html: -------------------------------------------------------------------------------- 1 | 2 | 5 | 6 | 7 | -------------------------------------------------------------------------------- /2014-07-09 MSIE 9 MSHTML CPtsTextParaclient..CountApes OOB read/repro1.html: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /2014-07-09 MSIE 9 MSHTML CPtsTextParaclient..CountApes OOB read/repro2-helper.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 9 | 10 | 11 | 12 | 13 | 14 | -------------------------------------------------------------------------------- /2014-07-09 MSIE 9 MSHTML CPtsTextParaclient..CountApes OOB read/repro2.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | -------------------------------------------------------------------------------- /2015-08-30#1 AVR.NULL 1ff.228 @ iexplore.exe!mshtml.dll!CTsfTextStore..Initialize/AVR.NULL+4#N 868.1ff iexplore.exe!mshtml.dll!Tree..ElementNode..GetCElement.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SkyLined/Bugs/11951f09fc26c2e9c00822f8d415a14c12a6136d/2015-08-30#1 AVR.NULL 1ff.228 @ iexplore.exe!mshtml.dll!CTsfTextStore..Initialize/AVR.NULL+4#N 868.1ff iexplore.exe!mshtml.dll!Tree..ElementNode..GetCElement.html -------------------------------------------------------------------------------- /2015-08-30#1 AVR.NULL 1ff.228 @ iexplore.exe!mshtml.dll!CTsfTextStore..Initialize/AVR.NULL+4#N 868.1ff iexplore.exe!mshtml.dll!Tree..ElementNode..GetCElement.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SkyLined/Bugs/11951f09fc26c2e9c00822f8d415a14c12a6136d/2015-08-30#1 AVR.NULL 1ff.228 @ iexplore.exe!mshtml.dll!CTsfTextStore..Initialize/AVR.NULL+4#N 868.1ff iexplore.exe!mshtml.dll!Tree..ElementNode..GetCElement.png -------------------------------------------------------------------------------- /2015-08-30#1 AVR.NULL 1ff.228 @ iexplore.exe!mshtml.dll!CTsfTextStore..Initialize/AVR;NULL+0x10 iexplore.exe!MSHTML.dll!Tree;;ElementNode;;GetCElement AF0F.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SkyLined/Bugs/11951f09fc26c2e9c00822f8d415a14c12a6136d/2015-08-30#1 AVR.NULL 1ff.228 @ iexplore.exe!mshtml.dll!CTsfTextStore..Initialize/AVR;NULL+0x10 iexplore.exe!MSHTML.dll!Tree;;ElementNode;;GetCElement AF0F.html -------------------------------------------------------------------------------- /2015-08-30#1 AVR.NULL 1ff.228 @ iexplore.exe!mshtml.dll!CTsfTextStore..Initialize/repro.html: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /2015-08-30#1 AVR.NULL 1ff.228 @ iexplore.exe!mshtml.dll!CTsfTextStore..Initialize/repro2.html: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /2015-08-30#10 1207w - MSIE 10 AVR.NULL+0xA iexplore.exe!MSHTML.dll!HtmlLayout..Element..LastContentChild D7D8A4/repro.html: -------------------------------------------------------------------------------- 1 |
x -------------------------------------------------------------------------------- /2015-08-30#11 1207x - MSIE 10 AVR.NULL iexplore.exe!MSHTML.dll!CCollectionCache..CompareName 8C1AB7/repro.html: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /2015-08-30#12 1207y - MSIE 10 AVR;NULL+0x29 iexplore.exe!MSHTML.dll!CMarkup;;ReparentDirectChildren FEDB53/repro.html: -------------------------------------------------------------------------------- 1 |
  • -------------------------------------------------------------------------------- /2015-08-30#13 1207z - MSIE 8 AVR;NULL iexplore.exe!mshtml.dll!CStringTable;;Find B8534E/MSIE 8 AVR;NULL iexplore.exe!mshtml.dll!CStringTable;;Find B8534E.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SkyLined/Bugs/11951f09fc26c2e9c00822f8d415a14c12a6136d/2015-08-30#13 1207z - MSIE 8 AVR;NULL iexplore.exe!mshtml.dll!CStringTable;;Find B8534E/MSIE 8 AVR;NULL iexplore.exe!mshtml.dll!CStringTable;;Find B8534E.html -------------------------------------------------------------------------------- /2015-08-30#13 1207z - MSIE 8 AVR;NULL iexplore.exe!mshtml.dll!CStringTable;;Find B8534E/repro.html: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /2015-08-30#14 1173m - MSIE 8 AVR;NULL+0x84 iexplore.exe!mshtml.dll!CMarkup;;EmbedPointers 9BE518/repro.html: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /2015-08-30#15 1501N - MSIE 9,10,11 AVR;NULL iexplore.exe!MSHTML.dll!CDoc;;GetComputedStyle 82F0CA/1501N - MSIE 10 - MSHTML CDoc..GetComputedStyle NULL ptr Microsoft Connect.URL: -------------------------------------------------------------------------------- 1 | [InternetShortcut] 2 | URL=https://connect.microsoft.com/IE/feedback/details/1115527/1501n-msie-10-mshtml-cdoc-getcomputedstyle-null-ptr 3 | IDList= 4 | -------------------------------------------------------------------------------- /2015-08-30#15 1501N - MSIE 9,10,11 AVR;NULL iexplore.exe!MSHTML.dll!CDoc;;GetComputedStyle 82F0CA/AVR;NULL iexplore.exe!MSHTML.dll!CDoc;;GetComputedStyle 82F0.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SkyLined/Bugs/11951f09fc26c2e9c00822f8d415a14c12a6136d/2015-08-30#15 1501N - MSIE 9,10,11 AVR;NULL iexplore.exe!MSHTML.dll!CDoc;;GetComputedStyle 82F0CA/AVR;NULL iexplore.exe!MSHTML.dll!CDoc;;GetComputedStyle 82F0.html -------------------------------------------------------------------------------- /2015-08-30#15 1501N - MSIE 9,10,11 AVR;NULL iexplore.exe!MSHTML.dll!CDoc;;GetComputedStyle 82F0CA/repro.html: -------------------------------------------------------------------------------- 1 | x
    x -------------------------------------------------------------------------------- /2015-09-15 microsoftedgecp.exe!edgehtml.dll!C(Generated)Element։։ComputeFormatsVirtual/RecursiveCall 653.b28/repro.html: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /2015-09-15 microsoftedgecp.exe!edgehtml.dll!C(Generated)Element։։ComputeFormatsVirtual/RecursiveCall 653.be6/repro.html: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /2015-09-15 microsoftedgecp.exe!edgehtml.dll!C(Generated)Element։։ComputeFormatsVirtual/RecursiveCall dcb.801/repro.html: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /2015-09-23 1223u - Edge AVR.NULL+0x4 microsoftedgecp.exe!chakra.dll!Js..JavascriptError..Is E748/repro.html: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /2015-09-24 AVR.NULL 4df.0e2 @ iexplore.exe!mshtml.dll!CInclusionWalker..NextBranch/repro.html: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /2015-09-25 1226r - MSIE 8 03FC AVR.NULL+X iexplore.exe!mshtml.dll!CTableRowGroupBlock..RowCount/03FC AVR.NULL+X iexplore.exe!mshtml.dll!CTableRowGroupBlock..RowCount.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SkyLined/Bugs/11951f09fc26c2e9c00822f8d415a14c12a6136d/2015-09-25 1226r - MSIE 8 03FC AVR.NULL+X iexplore.exe!mshtml.dll!CTableRowGroupBlock..RowCount/03FC AVR.NULL+X iexplore.exe!mshtml.dll!CTableRowGroupBlock..RowCount.html -------------------------------------------------------------------------------- /2015-09-25 1226r - MSIE 8 03FC AVR.NULL+X iexplore.exe!mshtml.dll!CTableRowGroupBlock..RowCount/repro.html: -------------------------------------------------------------------------------- 1 | x -------------------------------------------------------------------------------- /2015-09-28 MSIE 11 AVR;NULL+0x10 MSHTML bla bla bla 0FCD/6CCD AVR.NULL+X iexplore.exe!MSHTML.dll!CLSRenderer..RenderLine.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SkyLined/Bugs/11951f09fc26c2e9c00822f8d415a14c12a6136d/2015-09-28 MSIE 11 AVR;NULL+0x10 MSHTML bla bla bla 0FCD/6CCD AVR.NULL+X iexplore.exe!MSHTML.dll!CLSRenderer..RenderLine.html -------------------------------------------------------------------------------- /2015-09-28 MSIE 11 AVR;NULL+0x10 MSHTML bla bla bla 0FCD/repro.html: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /2015-09-29 1217x - Firefox IntOverflow firefox.exe!xul.dll!nthChildGenericMatches 8775/1206105 – nth-child integer overflow.URL: -------------------------------------------------------------------------------- 1 | [InternetShortcut] 2 | URL=https://bugzilla.mozilla.org/show_bug.cgi?id=1206105 3 | IDList= 4 | -------------------------------------------------------------------------------- /2015-09-29 1217x - Firefox IntOverflow firefox.exe!xul.dll!nthChildGenericMatches 8775/IntOverflow firefox.exe!xul.dll!nthChildGenericMatches EF75.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SkyLined/Bugs/11951f09fc26c2e9c00822f8d415a14c12a6136d/2015-09-29 1217x - Firefox IntOverflow firefox.exe!xul.dll!nthChildGenericMatches 8775/IntOverflow firefox.exe!xul.dll!nthChildGenericMatches EF75.html -------------------------------------------------------------------------------- /2015-09-29 1217x - Firefox IntOverflow firefox.exe!xul.dll!nthChildGenericMatches 8775/repro.html: -------------------------------------------------------------------------------- 1 | x -------------------------------------------------------------------------------- /2015-10-06#2 1244r - Chrome AE7E13F067118BAA48AD RecursiveCall chrome.exe!chrome_child.dll!`anonymous namespace'..call_new_handler/Chromoium 539907.url: -------------------------------------------------------------------------------- 1 | [{000214A0-0000-0000-C000-000000000046}] 2 | Prop3=19,11 3 | [InternetShortcut] 4 | IDList= 5 | URL=https://code.google.com/p/chromium/issues/detail?id=539907 6 | -------------------------------------------------------------------------------- /2015-10-06#2 1244r - Chrome AE7E13F067118BAA48AD RecursiveCall chrome.exe!chrome_child.dll!`anonymous namespace'..call_new_handler/repro.html: -------------------------------------------------------------------------------- 1 | x
    

--------------------------------------------------------------------------------
/2015-12-09 1302s - Edge - A469 AVR.NULL microsoftedgecp.exe!EDGEHTML.dll!CJScript9Holder..FastVarToDispatch/repro.html:
--------------------------------------------------------------------------------
1 | 
2 | 


--------------------------------------------------------------------------------
/2015-12-10 1302t - Edge - 8A2F AVR.NULL+EVEN microsoftedgecp.exe!EDGEHTML.dll!CPDFHelper..SetReplacedSize/repro.html:
--------------------------------------------------------------------------------
1 | 


--------------------------------------------------------------------------------
/2015-12-11#1 AVR։NULL+0x10 2c6.581 @ microsoftedgecp.exe!edgehtml.dll!Layout։։LayoutBox։։GetRangeRectsForChildBox/repro.html:
--------------------------------------------------------------------------------
1 | xx
    


--------------------------------------------------------------------------------
/2015-12-11#2 1302v - Edge - D473 AVR.NULL microsoftedgecp.exe!EDGEHTML.dll!Tree..STextPosition..CalculateCP/repro.html:
--------------------------------------------------------------------------------
1 | x
    


--------------------------------------------------------------------------------
/2015-12-11#2 AVR.NULL b45.796 @ microsoftedgecp.exe!edgehtml.dll!Tree..STextPosition..CalculateCP/EdgeHTML issue - NULL b45.796 @ microsoftedgecp.exe!edgehtml.dll!TreeSTextPositionCalculateCP.URL:
--------------------------------------------------------------------------------
1 | [InternetShortcut]
2 | URL=https://developer.microsoft.com/en-us/microsoft-edge/platform/issues/7305623/
3 | IDList=
4 | 


--------------------------------------------------------------------------------
/2015-12-11#2 AVR.NULL b45.796 @ microsoftedgecp.exe!edgehtml.dll!Tree..STextPosition..CalculateCP/repro.html:
--------------------------------------------------------------------------------
1 | 
    /
7 | 
8 | 
9 | 


--------------------------------------------------------------------------------
/2016-01-08 EF0F AVR.Free iexplore.exe!MSHTML.dll!CDataset..RemoveItem/EF0F AVR.Free iexplore.exe!MSHTML.dll!CDataset..RemoveItem.html:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SkyLined/Bugs/11951f09fc26c2e9c00822f8d415a14c12a6136d/2016-01-08 EF0F AVR.Free iexplore.exe!MSHTML.dll!CDataset..RemoveItem/EF0F AVR.Free iexplore.exe!MSHTML.dll!CDataset..RemoveItem.html


--------------------------------------------------------------------------------
/2016-02-11 1217r - MSIE 11 - AVR.Arbitrary iexplore.exe!jscript9.dll!HostDispatch..CallInvoke FC65/repro.html:
--------------------------------------------------------------------------------
1 | 


--------------------------------------------------------------------------------
/2016-02-11 1257n - MSIE 8-11 3806 AVW.Arbitrary iexplore.exe!MSHTML.dll!CBase..VersionedGetDispID/1.html:
--------------------------------------------------------------------------------
1 | 
2 | 


--------------------------------------------------------------------------------
/2016-02-11 1257n - MSIE 8-11 3806 AVW.Arbitrary iexplore.exe!MSHTML.dll!CBase..VersionedGetDispID/2.html:
--------------------------------------------------------------------------------
1 | 


--------------------------------------------------------------------------------
/2016-02-11 1257n - MSIE 8-11 3806 AVW.Arbitrary iexplore.exe!MSHTML.dll!CBase..VersionedGetDispID/3806 AVW.Arbitrary iexplore.exe!MSHTML.dll!CBase..VersionedGetDispID.html:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SkyLined/Bugs/11951f09fc26c2e9c00822f8d415a14c12a6136d/2016-02-11 1257n - MSIE 8-11 3806 AVW.Arbitrary iexplore.exe!MSHTML.dll!CBase..VersionedGetDispID/3806 AVW.Arbitrary iexplore.exe!MSHTML.dll!CBase..VersionedGetDispID.html


--------------------------------------------------------------------------------
/2016-02-11 1257n - MSIE 8-11 3806 AVW.Arbitrary iexplore.exe!MSHTML.dll!CBase..VersionedGetDispID/MSIE 8/4A52 AVR.Arbitrary iexplore.exe!mshtml.dll!ReleaseInterface.html:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SkyLined/Bugs/11951f09fc26c2e9c00822f8d415a14c12a6136d/2016-02-11 1257n - MSIE 8-11 3806 AVW.Arbitrary iexplore.exe!MSHTML.dll!CBase..VersionedGetDispID/MSIE 8/4A52 AVR.Arbitrary iexplore.exe!mshtml.dll!ReleaseInterface.html


--------------------------------------------------------------------------------
/2016-02-11 1257n - MSIE 8-11 3806 AVW.Arbitrary iexplore.exe!MSHTML.dll!CBase..VersionedGetDispID/MSIE 8/4A52 AVR.OOB+EVEN iexplore.exe!mshtml.dll!ReleaseInterface.html:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SkyLined/Bugs/11951f09fc26c2e9c00822f8d415a14c12a6136d/2016-02-11 1257n - MSIE 8-11 3806 AVW.Arbitrary iexplore.exe!MSHTML.dll!CBase..VersionedGetDispID/MSIE 8/4A52 AVR.OOB+EVEN iexplore.exe!mshtml.dll!ReleaseInterface.html


--------------------------------------------------------------------------------
/2016-02-11 1257n - MSIE 8-11 3806 AVW.Arbitrary iexplore.exe!MSHTML.dll!CBase..VersionedGetDispID/MSIE 8/repro.html:
--------------------------------------------------------------------------------
1 | 
2 | 
6 | 


--------------------------------------------------------------------------------
/2016-02-11 1257n - MSIE 8-11 3806 AVW.Arbitrary iexplore.exe!MSHTML.dll!CBase..VersionedGetDispID/MSIE9/0A69 AVR.OOB iexplore.exe!d2d1.dll!DrawingContext..FlushBatch.html:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SkyLined/Bugs/11951f09fc26c2e9c00822f8d415a14c12a6136d/2016-02-11 1257n - MSIE 8-11 3806 AVW.Arbitrary iexplore.exe!MSHTML.dll!CBase..VersionedGetDispID/MSIE9/0A69 AVR.OOB iexplore.exe!d2d1.dll!DrawingContext..FlushBatch.html


--------------------------------------------------------------------------------
/2016-02-11 1257n - MSIE 8-11 3806 AVW.Arbitrary iexplore.exe!MSHTML.dll!CBase..VersionedGetDispID/MSIE9/1A69 AVR.NULL iexplore.exe!msls31.dll!LsGetHihLsimethods.html:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SkyLined/Bugs/11951f09fc26c2e9c00822f8d415a14c12a6136d/2016-02-11 1257n - MSIE 8-11 3806 AVW.Arbitrary iexplore.exe!MSHTML.dll!CBase..VersionedGetDispID/MSIE9/1A69 AVR.NULL iexplore.exe!msls31.dll!LsGetHihLsimethods.html


--------------------------------------------------------------------------------
/2016-02-11 1257n - MSIE 8-11 3806 AVW.Arbitrary iexplore.exe!MSHTML.dll!CBase..VersionedGetDispID/MSIE9/2F6C AVR.NULL+EVEN iexplore.exe!ole32.dll!CopyToMQI.html:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SkyLined/Bugs/11951f09fc26c2e9c00822f8d415a14c12a6136d/2016-02-11 1257n - MSIE 8-11 3806 AVW.Arbitrary iexplore.exe!MSHTML.dll!CBase..VersionedGetDispID/MSIE9/2F6C AVR.NULL+EVEN iexplore.exe!ole32.dll!CopyToMQI.html


--------------------------------------------------------------------------------
/2016-02-11 1257n - MSIE 8-11 3806 AVW.Arbitrary iexplore.exe!MSHTML.dll!CBase..VersionedGetDispID/MSIE9/34E3 AVR.NULL+EVEN iexplore.exe!MSHTML.dll!CDXFont..Initialize.html:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SkyLined/Bugs/11951f09fc26c2e9c00822f8d415a14c12a6136d/2016-02-11 1257n - MSIE 8-11 3806 AVW.Arbitrary iexplore.exe!MSHTML.dll!CBase..VersionedGetDispID/MSIE9/34E3 AVR.NULL+EVEN iexplore.exe!MSHTML.dll!CDXFont..Initialize.html


--------------------------------------------------------------------------------
/2016-02-11 1257n - MSIE 8-11 3806 AVW.Arbitrary iexplore.exe!MSHTML.dll!CBase..VersionedGetDispID/MSIE9/7F69 AVE.NULL iexplore.exe!MSHTML.dll!CBase..ContextInvokeEx.html:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SkyLined/Bugs/11951f09fc26c2e9c00822f8d415a14c12a6136d/2016-02-11 1257n - MSIE 8-11 3806 AVW.Arbitrary iexplore.exe!MSHTML.dll!CBase..VersionedGetDispID/MSIE9/7F69 AVE.NULL iexplore.exe!MSHTML.dll!CBase..ContextInvokeEx.html


--------------------------------------------------------------------------------
/2016-02-11 1257n - MSIE 8-11 3806 AVW.Arbitrary iexplore.exe!MSHTML.dll!CBase..VersionedGetDispID/MSIE9/__7F69 AVE.Free iexplore.exe!MSHTML.dll!CBase..ContextInvokeEx.html:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SkyLined/Bugs/11951f09fc26c2e9c00822f8d415a14c12a6136d/2016-02-11 1257n - MSIE 8-11 3806 AVW.Arbitrary iexplore.exe!MSHTML.dll!CBase..VersionedGetDispID/MSIE9/__7F69 AVE.Free iexplore.exe!MSHTML.dll!CBase..ContextInvokeEx.html


--------------------------------------------------------------------------------
/2016-02-11 1257n - MSIE 8-11 3806 AVW.Arbitrary iexplore.exe!MSHTML.dll!CBase..VersionedGetDispID/MSIE9/__7F69 AVE.OOB iexplore.exe!MSHTML.dll!CBase..ContextInvokeEx.html:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SkyLined/Bugs/11951f09fc26c2e9c00822f8d415a14c12a6136d/2016-02-11 1257n - MSIE 8-11 3806 AVW.Arbitrary iexplore.exe!MSHTML.dll!CBase..VersionedGetDispID/MSIE9/__7F69 AVE.OOB iexplore.exe!MSHTML.dll!CBase..ContextInvokeEx.html


--------------------------------------------------------------------------------
/2016-02-11 1257n - MSIE 8-11 3806 AVW.Arbitrary iexplore.exe!MSHTML.dll!CBase..VersionedGetDispID/repro.html:
--------------------------------------------------------------------------------
 1 | 
 2 | 
10 | MSHTML!CBase::ContextInvokeEx+0x4d77


--------------------------------------------------------------------------------
/2016-02-11 1257n - MSIE 8-11 3806 AVW.Arbitrary iexplore.exe!MSHTML.dll!CBase..VersionedGetDispID/repro.svg:
--------------------------------------------------------------------------------
1 | 


--------------------------------------------------------------------------------
/2016-02-11 1257n - MSIE 8-11 3806 AVW.Arbitrary iexplore.exe!MSHTML.dll!CBase..VersionedGetDispID/target.html:
--------------------------------------------------------------------------------
1 | 


--------------------------------------------------------------------------------
/2016-02-26 MSIE 9 USER32 SmartStretchDIBits OOB read/24EE AVR.OOB+ODD iexplore.exe!USER32.dll!SmartStretchDIBits.html:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SkyLined/Bugs/11951f09fc26c2e9c00822f8d415a14c12a6136d/2016-02-26 MSIE 9 USER32 SmartStretchDIBits OOB read/24EE AVR.OOB+ODD iexplore.exe!USER32.dll!SmartStretchDIBits.html


--------------------------------------------------------------------------------
/2016-02-26 MSIE 9 USER32 SmartStretchDIBits OOB read/pGenerateICO.cmd:
--------------------------------------------------------------------------------
1 | @ECHO OFF
2 | IF EXIST "repro.ico" (
3 |   DEL "repro.ico"
4 | )
5 | CALL PYTHON "pGenerateICO.py" "repro.ico"
6 | CALL "\dev\py\headsup\headsup.cmd" "repro.ico"


--------------------------------------------------------------------------------
/2016-02-26 MSIE 9 USER32 SmartStretchDIBits OOB read/repro.html:
--------------------------------------------------------------------------------
1 | 
2 | 


--------------------------------------------------------------------------------
/2016-02-26 MSIE 9 USER32 SmartStretchDIBits OOB read/repro.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SkyLined/Bugs/11951f09fc26c2e9c00822f8d415a14c12a6136d/2016-02-26 MSIE 9 USER32 SmartStretchDIBits OOB read/repro.ico


--------------------------------------------------------------------------------
/2016-02-26 MSIE 9 USER32 SmartStretchDIBits OOB read/test.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SkyLined/Bugs/11951f09fc26c2e9c00822f8d415a14c12a6136d/2016-02-26 MSIE 9 USER32 SmartStretchDIBits OOB read/test.ico


--------------------------------------------------------------------------------
/2016-03-12 1301q - Edge - B00B AVR.OOB+EVEN microsoftedgecp.exe!msvcrt.dll!memcpy_s/09EE AVR.NULL+EVEN microsoftedgecp.exe!EDGEHTML.dll!CTreePos..GetMarkup.html:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SkyLined/Bugs/11951f09fc26c2e9c00822f8d415a14c12a6136d/2016-03-12 1301q - Edge - B00B AVR.OOB+EVEN microsoftedgecp.exe!msvcrt.dll!memcpy_s/09EE AVR.NULL+EVEN microsoftedgecp.exe!EDGEHTML.dll!CTreePos..GetMarkup.html


--------------------------------------------------------------------------------
/2016-03-12 1301q - Edge - B00B AVR.OOB+EVEN microsoftedgecp.exe!msvcrt.dll!memcpy_s/3D86 AVR.Arbitrary microsoftedgecp.exe!EDGEHTML.dll!CTreePos..RotateUp.html:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SkyLined/Bugs/11951f09fc26c2e9c00822f8d415a14c12a6136d/2016-03-12 1301q - Edge - B00B AVR.OOB+EVEN microsoftedgecp.exe!msvcrt.dll!memcpy_s/3D86 AVR.Arbitrary microsoftedgecp.exe!EDGEHTML.dll!CTreePos..RotateUp.html


--------------------------------------------------------------------------------
/2016-03-12 1301q - Edge - B00B AVR.OOB+EVEN microsoftedgecp.exe!msvcrt.dll!memcpy_s/B00B AV..OOB microsoftedgecp.exe!msvcrt.dll!memcpy_s.html:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SkyLined/Bugs/11951f09fc26c2e9c00822f8d415a14c12a6136d/2016-03-12 1301q - Edge - B00B AVR.OOB+EVEN microsoftedgecp.exe!msvcrt.dll!memcpy_s/B00B AV..OOB microsoftedgecp.exe!msvcrt.dll!memcpy_s.html


--------------------------------------------------------------------------------
/2016-03-12 1301q - Edge - B00B AVR.OOB+EVEN microsoftedgecp.exe!msvcrt.dll!memcpy_s/B00B AVR.Arbitrary microsoftedgecp.exe!msvcrt.dll!memcpy_s.html:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SkyLined/Bugs/11951f09fc26c2e9c00822f8d415a14c12a6136d/2016-03-12 1301q - Edge - B00B AVR.OOB+EVEN microsoftedgecp.exe!msvcrt.dll!memcpy_s/B00B AVR.Arbitrary microsoftedgecp.exe!msvcrt.dll!memcpy_s.html


--------------------------------------------------------------------------------
/2016-03-12 1301q - Edge - B00B AVR.OOB+EVEN microsoftedgecp.exe!msvcrt.dll!memcpy_s/B00B AVR.Free microsoftedgecp.exe!msvcrt.dll!memcpy_s.html:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SkyLined/Bugs/11951f09fc26c2e9c00822f8d415a14c12a6136d/2016-03-12 1301q - Edge - B00B AVR.OOB+EVEN microsoftedgecp.exe!msvcrt.dll!memcpy_s/B00B AVR.Free microsoftedgecp.exe!msvcrt.dll!memcpy_s.html


--------------------------------------------------------------------------------
/2016-03-12 1301q - Edge - B00B AVR.OOB+EVEN microsoftedgecp.exe!msvcrt.dll!memcpy_s/B00B AVR.OOB+EVEN microsoftedgecp.exe!msvcrt.dll!memcpy_s.html:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SkyLined/Bugs/11951f09fc26c2e9c00822f8d415a14c12a6136d/2016-03-12 1301q - Edge - B00B AVR.OOB+EVEN microsoftedgecp.exe!msvcrt.dll!memcpy_s/B00B AVR.OOB+EVEN microsoftedgecp.exe!msvcrt.dll!memcpy_s.html


--------------------------------------------------------------------------------
/2016-03-15 1247v - Edge - FAB7 AVR.Free microsoftedgecp.exe!EDGEHTML.dll!Tree..ANode..IsInTree/53CB OOM MicrosoftEdgeCP.exe!EDGEHTML.dll!CStr.._Alloc.html:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SkyLined/Bugs/11951f09fc26c2e9c00822f8d415a14c12a6136d/2016-03-15 1247v - Edge - FAB7 AVR.Free microsoftedgecp.exe!EDGEHTML.dll!Tree..ANode..IsInTree/53CB OOM MicrosoftEdgeCP.exe!EDGEHTML.dll!CStr.._Alloc.html


--------------------------------------------------------------------------------
/2016-03-15 1247v - Edge - FAB7 AVR.Free microsoftedgecp.exe!EDGEHTML.dll!Tree..ANode..IsInTree/FAB7 AVR.Free microsoftedgecp.exe!EDGEHTML.dll!Tree..ANode..IsInTree.html:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SkyLined/Bugs/11951f09fc26c2e9c00822f8d415a14c12a6136d/2016-03-15 1247v - Edge - FAB7 AVR.Free microsoftedgecp.exe!EDGEHTML.dll!Tree..ANode..IsInTree/FAB7 AVR.Free microsoftedgecp.exe!EDGEHTML.dll!Tree..ANode..IsInTree.html


--------------------------------------------------------------------------------
/2016-03-15 1247v - Edge - FAB7 AVR.Free microsoftedgecp.exe!EDGEHTML.dll!Tree..ANode..IsInTree/original repro/repro.html:
--------------------------------------------------------------------------------
1 | 
2 | 


--------------------------------------------------------------------------------
/2016-03-15 1247v - Edge - FAB7 AVR.Free microsoftedgecp.exe!EDGEHTML.dll!Tree..ANode..IsInTree/original repro/target.xhtml:
--------------------------------------------------------------------------------
 1 | 
 2 | 


--------------------------------------------------------------------------------
/2016-03-15 1247v - Edge - FAB7 AVR.Free microsoftedgecp.exe!EDGEHTML.dll!Tree..ANode..IsInTree/repro.html:
--------------------------------------------------------------------------------
1 | 


--------------------------------------------------------------------------------
/2016-03-17 1295u - Edge - 17DE AVR.Free microsoftedgecp.exe!EDGEHTML.dll!CTreePosGap..PartitionPointers/mini.html:
--------------------------------------------------------------------------------
1 | x


--------------------------------------------------------------------------------
/2016-04-05 - Edge - AVR.NULL+4.N e77.3bc @ microsoftedgecp.exe!edgehtml.dll!CssCalcExpressionHelpers..GetCalcCtxFromNode/repro.html:
--------------------------------------------------------------------------------
1 | 


--------------------------------------------------------------------------------
/2016-04-12 - Edge - AVR.NULL+4.N 92f.464 @ microsoftedgecp.exe!chakra.dll!Js..JavascriptError..Is/repro.html:
--------------------------------------------------------------------------------
1 | 
2 | 


--------------------------------------------------------------------------------
/2016-04-13 - Edge - Assert 0c3.485 @ microsoftedgecp.exe!edgehtml.dll!Tree..TreeWriter..MoveNodeLegacy/EdgeHTML issue - Assert 0c3.485 @ microsoftedgecp.exe!edgehtml.dll!TreeTreeWriterMoveNodeLegacy.URL:
--------------------------------------------------------------------------------
1 | [InternetShortcut]
2 | URL=https://developer.microsoft.com/en-us/microsoft-edge/platform/issues/7196350/
3 | IDList=
4 | 


--------------------------------------------------------------------------------
/2016-04-13 - Edge - Assert 0c3.485 @ microsoftedgecp.exe!edgehtml.dll!Tree..TreeWriter..MoveNodeLegacy/repro.html:
--------------------------------------------------------------------------------
1 | 


--------------------------------------------------------------------------------
/2016-04-13 AVR.NULL 7f2.7dd @ microsoftedgecp.exe!edgehtml.dll!Tree..TreeReader..GetParentWithFilter/EdgeHTML issue - NULL+4N ad3.653 @ microsoftedgecp.exe!edgehtml.dll!CFormatInfoFindFormattingParent.URL:
--------------------------------------------------------------------------------
1 | [InternetShortcut]
2 | URL=https://developer.microsoft.com/en-us/microsoft-edge/platform/issues/7197018/
3 | IDList=
4 | 


--------------------------------------------------------------------------------
/2016-04-13 AVR.NULL 7f2.7dd @ microsoftedgecp.exe!edgehtml.dll!Tree..TreeReader..GetParentWithFilter/repro AVR.NULL 7f2.7dd.xhtml:
--------------------------------------------------------------------------------
1 | 


--------------------------------------------------------------------------------
/2016-04-13 AVR.NULL+4.N ad3.653 @ microsoftedgecp.exe!edgehtml.dll!CFormatInfo..FindFormattingParent/EdgeHTML issue - NULL+4N ad3.653 @ microsoftedgecp.exe!edgehtml.dll!CFormatInfoFindFormattingParent.URL:
--------------------------------------------------------------------------------
1 | [InternetShortcut]
2 | URL=https://developer.microsoft.com/en-us/microsoft-edge/platform/issues/7197018/
3 | IDList=
4 | 


--------------------------------------------------------------------------------
/2016-04-13 AVR.NULL+4.N ad3.653 @ microsoftedgecp.exe!edgehtml.dll!CFormatInfo..FindFormattingParent/repro AVR.NULL+4#N ad3.653.xhtml:
--------------------------------------------------------------------------------
1 | 
2 | 


--------------------------------------------------------------------------------
/2016-04-14#1 - Edge - AVR.NULL+4.N 1e9.328 @ microsoftedgecp.exe!edgehtml.dll!ParentNodeHelper/AVR.NULL+4#N 1e9.328 microsoftedgecp.exe!edgehtml.dll!ParentNodeHelper.html:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SkyLined/Bugs/11951f09fc26c2e9c00822f8d415a14c12a6136d/2016-04-14#1 - Edge - AVR.NULL+4.N 1e9.328 @ microsoftedgecp.exe!edgehtml.dll!ParentNodeHelper/AVR.NULL+4#N 1e9.328 microsoftedgecp.exe!edgehtml.dll!ParentNodeHelper.html


--------------------------------------------------------------------------------
/2016-04-14#1 - Edge - AVR.NULL+4.N 1e9.328 @ microsoftedgecp.exe!edgehtml.dll!ParentNodeHelper/EdgeHTML issue - NULL+4N ad3.653 @ microsoftedgecp.exe!edgehtml.dll!CFormatInfoFindFormattingParent.URL:
--------------------------------------------------------------------------------
1 | [InternetShortcut]
2 | URL=https://developer.microsoft.com/en-us/microsoft-edge/platform/issues/7197018/
3 | IDList=
4 | 


--------------------------------------------------------------------------------
/2016-04-14#1 - Edge - AVR.NULL+4.N 1e9.328 @ microsoftedgecp.exe!edgehtml.dll!ParentNodeHelper/repro AVR.NULL+4#N 1e9.328.xhtml:
--------------------------------------------------------------------------------
1 | 
2 | 


--------------------------------------------------------------------------------
/2016-04-14#2 - MSIE 9 - DF79 AVR.NULL+EVEN iexplore.exe!MSHTML.dll!HtmlLayout..FlowBoxBuilder..CompleteBoxSizing/repro.xhtml:
--------------------------------------------------------------------------------
1 | 


--------------------------------------------------------------------------------
/2016-04-14#3 - MSIE 10 - 47E2 AVR.NULL+EVEN iexplore.exe!MSHTML.dll!CTreeNode..ComputeFormats/47E2 AVR.NULL+EVEN iexplore.exe!MSHTML.dll!CTreeNode..ComputeFormats.html:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SkyLined/Bugs/11951f09fc26c2e9c00822f8d415a14c12a6136d/2016-04-14#3 - MSIE 10 - 47E2 AVR.NULL+EVEN iexplore.exe!MSHTML.dll!CTreeNode..ComputeFormats/47E2 AVR.NULL+EVEN iexplore.exe!MSHTML.dll!CTreeNode..ComputeFormats.html


--------------------------------------------------------------------------------
/2016-04-14#3 - MSIE 10 - 47E2 AVR.NULL+EVEN iexplore.exe!MSHTML.dll!CTreeNode..ComputeFormats/repro.html:
--------------------------------------------------------------------------------
1 | 
    


--------------------------------------------------------------------------------
/2016-04-15#1 - Edge - RecursiveCall dcb.5d7.9cf.25e.51e.fb7.7b4.c8e.f9f.020 @ microsoftedgecp.exe!edgehtml.dll!CGeneratedElement..ComputeForma/EdgeHTML issue - RecursiveCall dcb.5d7.9cf.25e.51e.fb7.7b4.c8e.f9f.020.URL:
--------------------------------------------------------------------------------
1 | [InternetShortcut]
2 | URL=https://developer.microsoft.com/en-us/microsoft-edge/platform/issues/7205560/
3 | IDList=
4 | 


--------------------------------------------------------------------------------
/2016-04-15#1 - Edge - RecursiveCall dcb.5d7.9cf.25e.51e.fb7.7b4.c8e.f9f.020 @ microsoftedgecp.exe!edgehtml.dll!CGeneratedElement..ComputeForma/repro.html:
--------------------------------------------------------------------------------
1 | 


--------------------------------------------------------------------------------
/2016-06-17#1 Assert 56c.5df @ microsoftedgecp.exe!edgehtml.dll!CDoc..TagIdFromETag/Assert 56c.5df @ microsoftedgecp.exe!edgehtml.dll!CDoc..TagIdFromETag - Microsoft Edge Development.URL:
--------------------------------------------------------------------------------
1 | [InternetShortcut]
2 | URL=https://developer.microsoft.com/en-us/microsoft-edge/platform/issues/7907226/
3 | IDList=
4 | 


--------------------------------------------------------------------------------
/2016-06-17#1 Assert 56c.5df @ microsoftedgecp.exe!edgehtml.dll!CDoc..TagIdFromETag/Assert 56c.5df @ microsoftedgecp.exe!edgehtml.dll!CDoc..TagIdFromETag.html:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SkyLined/Bugs/11951f09fc26c2e9c00822f8d415a14c12a6136d/2016-06-17#1 Assert 56c.5df @ microsoftedgecp.exe!edgehtml.dll!CDoc..TagIdFromETag/Assert 56c.5df @ microsoftedgecp.exe!edgehtml.dll!CDoc..TagIdFromETag.html


--------------------------------------------------------------------------------
/2016-06-17#1 Assert 56c.5df @ microsoftedgecp.exe!edgehtml.dll!CDoc..TagIdFromETag/Assert 56c.5df @ microsoftedgecp.exe!edgehtml.dll!CDoc..TagIdFromETag.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SkyLined/Bugs/11951f09fc26c2e9c00822f8d415a14c12a6136d/2016-06-17#1 Assert 56c.5df @ microsoftedgecp.exe!edgehtml.dll!CDoc..TagIdFromETag/Assert 56c.5df @ microsoftedgecp.exe!edgehtml.dll!CDoc..TagIdFromETag.png


--------------------------------------------------------------------------------
/2016-06-17#1 Assert 56c.5df @ microsoftedgecp.exe!edgehtml.dll!CDoc..TagIdFromETag/repro.html:
--------------------------------------------------------------------------------
1 | 


--------------------------------------------------------------------------------
/2016-06-17#2 1350n - MSIE 11 CFBB AVR.Arbitrary iexplore.exe!jscript9.dll!JavascriptThreadService..EnumerateTrackingClient/SkyLined - CVE-2016-0199 MS16-063 MSIE 11 garbage collector attribute type confusion.URL:
--------------------------------------------------------------------------------
1 | [InternetShortcut]
2 | URL=http://blog.skylined.nl/20160617001.html
3 | IDList=
4 | 


--------------------------------------------------------------------------------
/2016-06-21 Magic value mitigations/1177r - verifier.dll AVrfDebugPageHeapAllocate incorrect memory initialization/2015-08-27 Chromium 525288/Chromium Issue 525288.URL:
--------------------------------------------------------------------------------
1 | [InternetShortcut]
2 | URL=https://code.google.com/p/chromium/issues/detail?id=525288
3 | IDList=
4 | 


--------------------------------------------------------------------------------
/2016-06-21 Magic value mitigations/1177r - verifier.dll AVrfDebugPageHeapAllocate incorrect memory initialization/2015-08-27 Chromium 525288/repro.html:
--------------------------------------------------------------------------------
 1 | 
 2 | 
 3 | 
11 | 


--------------------------------------------------------------------------------
/2016-06-21 Magic value mitigations/SkyLined - Magic values in 32-bit processes and 64-bit OS-es.URL:
--------------------------------------------------------------------------------
1 | [InternetShortcut]
2 | URL=http://blog.skylined.nl/20160621001.html
3 | IDList=
4 | 


--------------------------------------------------------------------------------
/2016-06-21 Magic value mitigations/repro.html:
--------------------------------------------------------------------------------
 1 | 
 2 | 
 3 | 
11 | 


--------------------------------------------------------------------------------
/2016-06-22#1 AVR.NULL+4.N 3eb.d47 @ iexplore.exe!mshtml.dll!CDispNode..NodeReader/AVR.NULL+4.N 3eb.d47 @ iexplore.exe!mshtml.dll!CDispNode..NodeReader.html:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SkyLined/Bugs/11951f09fc26c2e9c00822f8d415a14c12a6136d/2016-06-22#1 AVR.NULL+4.N 3eb.d47 @ iexplore.exe!mshtml.dll!CDispNode..NodeReader/AVR.NULL+4.N 3eb.d47 @ iexplore.exe!mshtml.dll!CDispNode..NodeReader.html


--------------------------------------------------------------------------------
/2016-06-22#1 AVR.NULL+4.N 3eb.d47 @ iexplore.exe!mshtml.dll!CDispNode..NodeReader/AVR.NULL+4.N 3eb.d47 @ iexplore.exe!mshtml.dll!CDispNode..NodeReader.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SkyLined/Bugs/11951f09fc26c2e9c00822f8d415a14c12a6136d/2016-06-22#1 AVR.NULL+4.N 3eb.d47 @ iexplore.exe!mshtml.dll!CDispNode..NodeReader/AVR.NULL+4.N 3eb.d47 @ iexplore.exe!mshtml.dll!CDispNode..NodeReader.png


--------------------------------------------------------------------------------
/2016-06-22#1 AVR.NULL+4.N 3eb.d47 @ iexplore.exe!mshtml.dll!CDispNode..NodeReader/repro.html:
--------------------------------------------------------------------------------
1 | 


--------------------------------------------------------------------------------
/2016-06-22#2 1312A - Chrome on x64 - createImageData arbitrary read&write/CVE-2014-1736.URL:
--------------------------------------------------------------------------------
1 | [InternetShortcut]
2 | URL=http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1736
3 | IDList=
4 | 


--------------------------------------------------------------------------------
/2016-06-22#2 1312A - Chrome on x64 - createImageData arbitrary read&write/Chromium 359802.URL:
--------------------------------------------------------------------------------
1 | [InternetShortcut]
2 | URL=https://code.google.com/p/chromium/issues/detail?id=359802
3 | IDList=
4 | 


--------------------------------------------------------------------------------
/2016-06-23 AVR.NULL+4.N a05.7ab @ microsoftedgecp.exe!edgehtml.dll!CMarkup..GetStylesheetMarkupContext/NULL+4N a05.7ab @ microsoftedgecp.exe!edgehtml.dll!CMarkupGetStylesheetMarkupContext - Microsoft Edge Development.URL:
--------------------------------------------------------------------------------
1 | [InternetShortcut]
2 | URL=https://developer.microsoft.com/en-us/microsoft-edge/platform/issues/7883724/
3 | IDList=
4 | 


--------------------------------------------------------------------------------
/2016-06-23 AVR.NULL+4.N a05.7ab @ microsoftedgecp.exe!edgehtml.dll!CMarkup..GetStylesheetMarkupContext/repro.html:
--------------------------------------------------------------------------------
1 |