What's new in Firefox 1.0.1

Last updated March 5, 2005.

Most of the changes in Firefox 1.0.1 were security fixes and stability fixes.

Security hole fixes

• 22183 - Display hostname in title bar when address bar is hidden, to reduce the impact of the fact that web sites are allowed to spoof address bars.
• 260560 - Security and download dialogs can be spoofed by covering them partially using popup windows.
• 262887 - Secunia background tab security issues (SA12712).
• 273699 - 2 Frame Injection Vulnerabilities (popup blocking race condition & onunload event mis-firing).
• 275417 - Download dialog source spoofing (SA13599).
• 279945 - Image drag and drop allows to create executable files.
• 280056 - When dropping a javascript link to a tab, the script runs in the security context of the site currently displayed in the tab.
• 280603 - "New Updates Avail" popup in bottom right-hand corner pops up endlessly / excessive hits on update service.
• 280664 - Using Flash and the -moz-opacity filter you can get access to about:config and make the user silently change values.
• 282270 - Display IDN URLs as punycode by default (controlled by a hidden pref).

More security holes fixed in Firefox 1.0.1 were made public after Firefox 1.0.1 is released. They are listed on the known-vulnerabilities page but not here.

Notable bug fixes

• 229706 - Unattended install asks for installation folder.
• 233625 - Uninstalling deleted non-Firefox folders (after installing to C:\Program Files\).
• 98564 - Caret overlaps the last character in textfield (if positioned after the last char).
• 271473 - Decouple services on update.mozilla.org.
• 280603 - "New Updates Avail" popup in bottom right-hand corner pops up endlessly / excessive hits on update service.
• 236596 - Form element cannot get focus when loaded by XML/XSLT page.
• 262822 - FIPS can't be enabled.
• 261934 - Regression: network.standard-url.encode.utf8 and network.enableIDN prefs are ignored.
• 242845 - [Mac] Firefox disk image should use .dmg internal zlib-compression, not .dmg.gz.
• 180309 - [Linux] Crash while loading page with MS .fon font.

More information

• Changelog for previous release (1.0)
• Changelogs for other releases
• Daily changelog
• CVS Branch: AVIARY_1_0_1_20050124_BRANCH (apparently created from the Thunderbird 1.0 tag on the Aviary branch, not from the Aviary branch as of Jan 24.)