Release Notes | Fixed Security Issues | FTP
Java(TM) SE Runtime Environment 6 Update 5 has been released, which may fix some crashes.
Bugs fixed for Firefox 2.0.0.13: ~43 in total (~6 crashers, ~12 regressions and ~1 privacy-related bugs)
General
295922 [Core:Security: UI]-Client Auth “select cert automatically” is considered a privacy issue [Win]
#332807 [Core:Layout]-Don’t press on if the content flush called Destroy() [All]
336303 [Core:Security]-[FIX]nsPrincipal::GetOrigin should dig into nested URIs [Lin]
345529 [Core:Preferences: Backend]-crash removing an observer during an nsPref:changed notification [@ pref_DoCallback] (node is 0xdddddddd) [All]
384871 [Core:Layout]-[1.8 branch] Crash [@ DocumentViewerImpl::Destroy] with popup as root element, setting autoPosition and reloading [Win]
386376 [Core:Networking: HTTP]-Impossible to implement a content sniffer in JS due to recursive GetService calls (nsIContentSniffer, JavaScript) [All]
387084 [Firefox:Page Info]-”View Page Info” is broken [Win]
387390 [Core:Security]-The fix for bug 384750 can be circumvented [All]
390813 [Core:XP Toolkit/Widgets: XUL]-Overlay scripts compiled using principal of first document sourcing overlay [All]
393432 [Core:HTML: Parser]-Firefox crashes sometimes if you click the back button on www.userfriendly.org [@ DummyParserRequest::Cancel 334d84da] [Win]
399286 [Core:GFX: Mac]-port fix for mac large image crasher to 1.8 branch [Mac]
399589 [Core:Security: PSM]-PSM + tip of NSS, error ‘SECAlgorithmIDTemplate’ not declared [Lin]
405783 [Core:Event Handling]-Midas crashes [@ GetNearestCapturingView] when iframe style is changed during editing [All]
406686 [Core:General]-I can still steal your bank login (spoofing using , take 2) [Lin]
409796 [Core:File Handling]-No pictures shown in saved file (file name and folder name, containing that file, is in cyrillic) [All]
411092 [Core:XPConnect]-XPCNativeWrapper pollution using setTimeout() [All]
411093 [Core:XPConnect]-XPCNativeWrapper pollution using Function constructor [All]
415034 [Core:Networking: HTTP]-Referer spoofing by including ‘@’ in URL [All]
415700 [Firefox:Search]-Search engine aliases can “take over” the location bar [All]
415827 [Core:Layout]-Crash when zooming [Win]
416202 [Core:Security: PSM]-1.8 branch only: Upgrade to NSS_3_11_5_WITH_CKBI_1_65_RTM [All]
416463 [Core:XPCOM]-Mozilla 1.8 fails to compile with gcc 4.3 [Lin]
416896 [Core:Style System (CSS)]-[FIX]2.0.0.12 causes elements not to be recognised when inspected in firebug [Win]
417086 [Firefox:General]-Use of colon (:) in hash/anchor part of chrome URL when using window.open results in an error. [Win]
417421 [Firefox:Toolbars]-Loss of back forward buttons when switching between 1.8 and 1.9 [All]
417605 [Core:XPCOM]-Change BeOS to invoke improved code [BeO]
417780 [Firefox:File Handling]-content-disposition with filename containing “./” attempts to create temporary file called “/tmp” [Lin]
#419718 [Core:Canvas]-Extend canvas checks [All]
DOM
384750 [Core:DOM]-Arbitrary code execution by polluting implicit XPCNativeWrapper (without using eval) [All]
390261 [Core:DOM: Core]-document.adoptNode() throws NOT_IMPLEMENTED in Gecko 1.8 [All]
403168 [Core:DOM]-XSS by using XMLHttpRequest and event handler [Win]
409349 [Core:DOM: Mozilla Extensions]-Can get globalStorage objects for partial IP addresses [All]
417617 [Core:DOM]-DOMParser.parseFromString in Greasemonkey script causes “ASSERTION: Should have inner window here!” [All]
JavaScript Engine
353962 [Core:JavaScript Engine]-Firefox 2.0 often hangs in Intel Mac OS X 10.4.7 [Mac]
382509 [Core:JavaScript Engine]-Disallow indirect eval [All]
411025 [Core:JavaScript Engine]-GC hazard in JS_CompileUCFunctionForPrincipals [All]
412926 [Core:JavaScript Engine]-JS_ValueToId(cx, JSVAL_NULL) should return atom for ‘null’ string [All]
414755 [Core:JavaScript Engine]-Missing SAVE_SP_AND_PC in STORE_(NUMBER|INT|UINT) [All]
415030 [Core:JavaScript Engine]-Security check in js_ValueToFunctionObject uses the wrong principal [All]
416354 [Core:JavaScript Engine]-Missing SAVE_SP_AND_PC in JSOP_NEG [All]
416628 [Core:JavaScript Engine]-O(n^2) blowup due to overlong cx->tempPool arena list [All]
416705 [Core:JavaScript Engine]-throw from xml filter leaves pending block objects unput [Lin]
417377 [Core:JavaScript Engine]-Missed SAVE_SP_AND_PC in JSOP_YIELD [All]
