What's new in Firefox 1.0.4
Last updated May 12, 2005.
Most of the changes in Firefox 1.0.4 were security fixes.
Security hole fixes
- Sites whitelisted for extension installation can execute arbitrary
code by abusing a security hole in the extension-installation dialog.
Regression in Firefox 1.0.3. Firefox only (not in Mozilla suite).
- 290949 - <link> tag still allows to execute arbitrary code without user interaction (variant of 290036, which was fixed in Firefox 1.0.3).
- 290908 - (Security hole involving new Script(). Regression in Firefox 1.0.3.)
- 290982 - (Security hole involving jar:, view-source: protocols)
- 293671 - (Security hole involving nested jar:, view-source: protocols)
All other fixes in Firefox 1.0.4