You are currently viewing a snapshot of www.mozilla.org taken on April 21, 2008. Most of this content is highly out of date (some pages haven't been updated since the project began in 1998) and exists for historical purposes only. If there are any pages on this archive site that you think should be added back to www.mozilla.org, please file a bug.
This is a list of security issues which were fixed between the release of Mozilla 1.0 and the release of Mozilla 1.0.1. These bugs were also fixed in Mozilla 1.1. If you're using Mozilla 1.0 you are strongly encouraged to upgrade to Mozilla 1.0.1 or to Mozilla 1.1.
| BUG ID | Product | Component | Summary |
|---|---|---|---|
| 88183 | Browser | Plug-ins | navigator.plugins leaks path names |
| 104472 | Browser | Security | execution of scripts in the file: protocol from XUL using cgi |
| 125583 | Browser | Security | Disable automatic XLinks in Mail |
| 135267 | Browser | Security | Reading files cross-host using styles |
| 144228 | MailNews | Security | Malicious email breaks POP server connection |
| 146094 | Browser | Networking | Stealing third-party cookies through a proxy |
| 147754 | Browser | Security | XMLSerializer needs same-origin check |
| 148256 | Browser | XML | flawfinder warnings in XML Extras |
| 148269 | NSS | Libraries | flawfinder warnings in mozilla/security |
| 148520 | Browser | Password Manager | window.prompt is returning a saved password instead of prompting. |
| 149777 | Browser | Security | Node cloned from external, untrusted document and appended to chrome document. |
| 149943 | Browser | Security | Princeton-like exploit may be possible |
| 150339 | Browser | Internationalization | huge font crashes X Windows |
| 151933 | Browser | XML | xml:base should not allow setting chrome URLs |
| 152697 | Browser | Networking | no limit on the size of a HTTP header |
| 152725 | Browser | Cookies | Possible cookie stealing using javascript: URLs |
| 154030 | Browser | Security | HTML directory indexer doesn't html-escape url |
| 154240 | PSM | Client Libraries | No warning when redirecting https-http-https at http protocol level |
| 154930 | Browser | Security | document.domain abused to access hosts behind firewall |
| 155222 | Browser | Security | Heap corruption in PNG library |
| 157202 | Browser | Security | Exploitable (?) heap overrun in PNG |
| 157652 | Browser | JavaScript Engine | Crash, possible heap corruption in JS Array.prototype.sort |
| 157845 | Browser | DOM Events | Crash involving document.open() |
| 157989 | Browser | ImageLib | Possible heap corruption with 0-width GIF |
| 161721 | Browser | Installer | install in onkeypress for space key bypasses warning dialog |