The Mozilla Foundation has released version 1.0.1 of the popular open-source Firefox browser. Check out the homepage or jump straight to the download (win32).
An unofficial changelog:
- Security fixes
- Display hostname in title bar when address bar is hidden, to reduce the impact of the fact that web sites are allowed to spoof address bars.
- Security and download dialogs can be spoofed by covering them partially using popup windows.
- Secunia background tab security issues (SA12712).
- 2 Frame Injection Vulnerabilities (popup blocking race condition & onunload event mis-firing).
- Download dialog source spoofing (SA13599).
- Image drag and drop allows to create executable files.
- When dropping a javascript link to a tab, the script runs in the security context of the site currently displayed in the tab.
- “New Updates Avail” popup in bottom right-hand corner pops up endlessly / excessive hits on update service.
- Using Flash and the -moz-opacity filter you can get access to about:config and make the user silently change values.
- Display IDN URLs as punycode by default (controlled by a hidden pref).
- Notable bug fixes
- Unattended install asks for installation folder.
- Uninstalling deleted non-Firefox folders (after installing to
C:\Program Files\). - Caret overlaps the last character in textfield (if positioned after the last char).
- Decouple services on update.mozilla.org.
- “New Updates Avail” popup in bottom right-hand corner pops up endlessly / excessive hits on update service.
- Form element cannot get focus when loaded by XML/XSLT page.
- FIPS can’t be enabled.
- Regression: network.standard-url.encode.utf8 and network.enableIDN prefs are ignored.
- [Mac] Firefox disk image should use .dmg internal zlib-compression, not .dmg.gz.
- [Linux] Crash while loading page with MS .fon font.