What's new in Firefox 1.0.4

Last updated May 12, 2005.

Most of the changes in Firefox 1.0.4 were security fixes.

Security hole fixes

• 292691#c5 - XSS security hole involving frames and javascript: URLs. Regression in Firefox 1.0.3.
• 292691#c14 - Sites whitelisted for extension installation can execute arbitrary code by abusing a security hole in the extension-installation dialog. Regression in Firefox 1.0.3. Firefox only (not in Mozilla suite).
• 290949 - <link> tag still allows to execute arbitrary code without user interaction (variant of 290036, which was fixed in Firefox 1.0.3).
• 290908 - (Security hole involving new Script(). Regression in Firefox 1.0.3.)
• 290982 - (Security hole involving jar:, view-source: protocols)
• 293671 - (Security hole involving nested jar:, view-source: protocols)

All other fixes in Firefox 1.0.4

• 290777 - Regression in defining getters on prototypes in content script. (aka The Firefox 1.0.3 DHTML regression.)
• 290476 - js_AllocStack doesn't clear space it returns.
• 280137 - [OS/2] Get rid of PMWINX dependency.
• 272369 - [S390] firefox -register results in SIGSEGV.
• 264324 - [S390] Incorrect defines in s390/s390x.

More information

• Changelog for previous release (1.0.3)
• Changelogs for other releases
• Daily changelog
• All bugs with the fixed-aviary1.0.4 keyword
• Checkins on branch AVIARY_1_0_1_20050124_BRANCH during the approximate period of time between Firefox 1.0.3 and Firefox 1.0.4