You are currently viewing a snapshot of taken on April 21, 2008. Most of this content is highly out of date (some pages haven't been updated since the project began in 1998) and exists for historical purposes only. If there are any pages on this archive site that you think should be added back to, please file a bug.

Recently fixed security issues

This is a list of security issues which were fixed between the release of Mozilla 1.0 and the release of Mozilla 1.0.1. These bugs were also fixed in Mozilla 1.1. If you're using Mozilla 1.0 you are strongly encouraged to upgrade to Mozilla 1.0.1 or to Mozilla 1.1.

BUG ID Product Component Summary
88183 Browser Plug-ins navigator.plugins leaks path names
104472 Browser Security execution of scripts in the file: protocol from XUL using cgi
125583 Browser Security Disable automatic XLinks in Mail
135267 Browser Security Reading files cross-host using styles
144228 MailNews Security Malicious email breaks POP server connection
146094 Browser Networking Stealing third-party cookies through a proxy
147754 Browser Security XMLSerializer needs same-origin check
148256 Browser XML flawfinder warnings in XML Extras
148269 NSS Libraries flawfinder warnings in mozilla/security
148520 Browser Password Manager window.prompt is returning a saved password instead of prompting.
149777 Browser Security Node cloned from external, untrusted document and appended to chrome document.
149943 Browser Security Princeton-like exploit may be possible
150339 Browser Internationalization huge font crashes X Windows
151933 Browser XML xml:base should not allow setting chrome URLs
152697 Browser Networking no limit on the size of a HTTP header
152725 Browser Cookies Possible cookie stealing using javascript: URLs
154030 Browser Security HTML directory indexer doesn't html-escape url
154240 PSM Client Libraries No warning when redirecting https-http-https at http protocol level
154930 Browser Security document.domain abused to access hosts behind firewall
155222 Browser Security Heap corruption in PNG library
157202 Browser Security Exploitable (?) heap overrun in PNG
157652 Browser JavaScript Engine Crash, possible heap corruption in JS Array.prototype.sort
157845 Browser DOM Events Crash involving
157989 Browser ImageLib Possible heap corruption with 0-width GIF
161721 Browser Installer install in onkeypress for space key bypasses warning dialog