This is a list of security issues which were fixed between the release of Mozilla 1.0 and the release of Mozilla 1.0.1. These bugs were also fixed in Mozilla 1.1. If you're using Mozilla 1.0 you are strongly encouraged to upgrade to Mozilla 1.0.1 or to Mozilla 1.1.
| BUG ID | Product | Component | Summary |
|---|---|---|---|
| 88183 | Browser | Plug-ins | navigator.plugins leaks path names |
| 104472 | Browser | Security | execution of scripts in the file: protocol from XUL using cgi |
| 125583 | Browser | Security | Disable automatic XLinks in Mail |
| 135267 | Browser | Security | Reading files cross-host using styles |
| 144228 | MailNews | Security | Malicious email breaks POP server connection |
| 146094 | Browser | Networking | Stealing third-party cookies through a proxy |
| 147754 | Browser | Security | XMLSerializer needs same-origin check |
| 148256 | Browser | XML | flawfinder warnings in XML Extras |
| 148269 | NSS | Libraries | flawfinder warnings in mozilla/security |
| 148520 | Browser | Password Manager | window.prompt is returning a saved password instead of prompting. |
| 149777 | Browser | Security | Node cloned from external, untrusted document and appended to chrome document. |
| 149943 | Browser | Security | Princeton-like exploit may be possible |
| 150339 | Browser | Internationalization | huge font crashes X Windows |
| 151933 | Browser | XML | xml:base should not allow setting chrome URLs |
| 152697 | Browser | Networking | no limit on the size of a HTTP header |
| 152725 | Browser | Cookies | Possible cookie stealing using javascript: URLs |
| 154030 | Browser | Security | HTML directory indexer doesn't html-escape url |
| 154240 | PSM | Client Libraries | No warning when redirecting https-http-https at http protocol level |
| 154930 | Browser | Security | document.domain abused to access hosts behind firewall |
| 155222 | Browser | Security | Heap corruption in PNG library |
| 157202 | Browser | Security | Exploitable (?) heap overrun in PNG |
| 157652 | Browser | JavaScript Engine | Crash, possible heap corruption in JS Array.prototype.sort |
| 157845 | Browser | DOM Events | Crash involving document.open() |
| 157989 | Browser | ImageLib | Possible heap corruption with 0-width GIF |
| 161721 | Browser | Installer | install in onkeypress for space key bypasses warning dialog |