Release Notes | Fixed Security Issues | FTP
Bugs fixed for Firefox 2.0.0.2: ~159 in total (~21 crashers, 2 memory leaks and 4 privacy-related bugs.)
General Landings
216751 [Core:Preferences: Backend]-general.config.filename set in user’s prefs.js overrides setting in all.js [All]
253125 [Core:XPCOM]-cleanup gratuitous use of NS_ERROR_FACTORY_REGISTER_AGAIN [All]
58543 [Firefox:Password Manager]-Disabling form autocomplete prevents selecting from multiple saved logins [All]
286933 [Toolkit:Autocomplete]-Enter that selects autocomplete entry should be hidden from page scripts [All]
296394 [Firefox:Startup and Profile System]-Firefox should not complain about -console command line argument [Win]
298960 [Firefox:Startup and Profile System]–remote can no longer handle commas or quotes [All]
314980 [Core:HTML: Parser]-DOM element.getAttribute() method error (CAttributeToken::SanitizeKey()) [All]
315473 [Core:Parser]-Replace NUL characters in bad places with a character that is less confusing. [All]
326864 [Core:XUL]-Fix crash in XULPopupListenerImpl::PreLaunchPopup() [All]
330256 [Core:Java to XPCOM Bridge]-Namespace/package for interfaces? [All]
339933 [Firefox:Build Config]-Cannot package static build using make 3.81 [Lin]
340895 [Firefox:Session Restore]-Move SessionStore preferences to firefox.js [All]
341872 [Firefox:Download Manager]-Download manager leaks helperApps [All]
345277 [Core:Security: PSM]-When “Certificate Viewer” is shut, the object leaks [All]
346787 [Toolkit:XUL Widgets]-add textbox binding with support for spellcheck [All]
347230 [Firefox:File Handling]-Minimal “Save”-only dialog shown for files with discoverable types (known file extensions) [All]
347852 [Core:Network]-Make sure to not use the same disk cache data block for different URIs. [All]
351798 [Core:SVG]-Path mouseover fires outside svg [Win]
351950 [Core:XPCOM]-nsLocalFileUnix has “access”(system call) problem on Solaris [Sol]
353089 [Firefox:OS Integration]-Fix / remove ddeexec hack [Win]
354199 [Firefox:Phishing Protection]-firefox fetches a key from sb.google.com in local list mode [All]
354634 [Firefox:General]-Failed to load XPCOM component: globalstore.js [Mac]
355071 [Firefox:OS Integration]-Flash stops keyboard input in other FF windows (TSM doc problem) [Mac]
356493 [Core:SVG]-”svg:textpath” ignores presence of “svg:transform” attribute [Lin]
357736 [Core:Plug-ins]-Firefox 2 and Flash: regression with caret animation in text fields [Win]
358415 [Core:Editor]-Crash [@ nsHTMLCSSUtils::GetCSSInlinePropertyBase] when inputing title of new blog entry on blogger.com before page is entirely loaded up [Win]
359012 [Firefox:General]-Wrong host added to whitelist when xpi linked to in a frame on a different server [Win]
359107 [Firefox:Preferences]-suspected forgery Google TOS refusal renders other choices un-reachable (can’t change anti-phishing providers without agreeing to a EULA) [All]
359393 [Core:Event Handling]-Wrong target reported for the scroll event [Win]
359880 [Firefox:Search]-Add param “aq=t” to the Google search engine spec [All]
360511 [Core:Embedding: Docshell]-[FIX]Going back to page with URL hash (#foo) doesn’t show hash part [All]
360526 [Core:Security: PSM]-Cert not imported - Feedback prompt sometimes does not work [All]
360528 [Core:Security: PSM]-Can no longer import trusted email cert [All]
360572 [Firefox:Search]-deleting a previous search entry does not work if a search suggestion is shown [All]
360645 [Core:Cairo]-clamp the number of vertices for a pen to reasonable value [All]
361030 [Firefox:Bookmarks]-Bookmarks refresh problem due to JS error code [All]
361298 [Core:Widget]-Don’t allow overlarge custom cursors [All]
362547 [Core:XML]-Crash in SAXReader with doctype missing public, system ID’s [Mac]
362627 [Firefox:Toolbars]-Keyboard shortcuts to close Mac toolbar customization sheet don’t work [Mac]
362701 [Core:MathML]-[FIX] does not respect floats [All]
362716 [Core:XBL]-[FIX]crash in [@ nsXBLPrototypeHandler::AppendHandlerText] [All]
362788 [Firefox:Phishing Protection]-New Firefox versions result in a new pref entry for rc4 key [All]
362837 [Core:Security]-[FIX]Different-domain subframe can’t document.write/document.open to itself (DHTML Menu does not display when using masked domains) [All]
362868 [Core:GFX]-Branch builds on modern linux will use system cairo unintentionally [Lin]
363070 [Core:Build Config]-Upgrade NSS on trunk and branches [All]
363791 [Core:XP Toolkit/Widgets: Trees]-Crash [@ nsTreeBodyFrame::PrefillPropertyArray] involving removal of [All]
363849 [Core:Disability Access APIs]-Stack overflow in nsHTMLComboboxAccessible::GetDescription() [All]
363960 [Core:Editor]-Crash when clicking on the image inside a designMode-enabled IFRAME [@ nsHTMLEditor::SetShadowPosition] [All]
364037 [Core:XSLT]-xsl:copy-of a xsl:variable which contains a node crashes mozilla [All]
364158 [Core:Plug-ins]-New version of JEP (0.9.6), please land on trunk and branches [Mac]
364297 [Firefox:Build Config]-Change default home page search and default search engine for Fx 2.0 series [All]
364412 [Firefox:Software Update]-Crash when updating in nsIncrementalDownload::OnStartRequest, attempting to allocate a huge amount of memory (was “[Mac] Crash when updating from FF 2->2.0.0.1″) [All]
364474 [Core:XPConnect]-Exception… “Could not convert Native argument” when referencing embed element that has Zylom plugin loaded [Win]
364518 [Core:Widget: Win32]-mouse scroll wheel stopped working since Fx 2.0.0.1 [Win]
364599 [Mozilla Localizations:de-AT / German-Austria]-Some new created profile files are write protected, for example bookmarks.html and localstore.rdf [All]
364972 [Firefox:Session Restore]-[SessionStore] allow SessionStore to work without writing data to disk [All]
365005 [Other Applications:Reporter]-Infamous red XUL error for menu_HelpPopup_reportertoolmenu when using differently localized builds [Win]
365234 [Core:XP Toolkit/Widgets: XUL]-Scrolled items in listbox are invisible (Firefox profile manager doesn’t show 6+ profiles correctly) [All]
365394 [Firefox:Tabbed Browser]-Address bar no longer focused when closing the last tab [All]
366082 [Core:Plug-ins]-Possible Remote Code Execution from adobe reader (mem corruption) [Win]
366084 [Firefox:Keyboard Navigation]-Numeric accesskeys still conflicting with tab switching [Lin]
366112 [Core:XBL]-[FIX]Crash with naked [@ nsNativeScrollbarFrame::Hookup] [@ nsIFrame::GetContent] [Mac]
366113 [Core:Build Config]-mozilla-plugin.pc should not depend on mozilla-xpcom.pc [Lin]
366191 [Firefox:Extension/Theme Manager]-Something tries to MITM Firefox’s automatic connection to addons.mozilla.org, resulting in an annoying expired-certificate dialog [Win]
366302 [Firefox:Session Restore]-[SessionStore] only one text element/text area is saved [All]
366410 [Core:Widget: Gtk]-ff/tb crashes when gtk settings are changed [@nsLookAndFeel::InitColors()] [Lin]
366617 [Core:Java to XPCOM Bridge]-Crash when running JavaXPCOM in IBM JVM [All]
367084 [Firefox:Software Update]-updater will fail to apply any complete updates if *any* files are “read only” [Win]
367203 [Core:Widget: Gtk]-gtk2 dnd implementation broken [Lin]
368661 [Firefox:Installer]-on install, remove the updates directory, updates.xml and the active-update.xml file [Win]
368714 [Core:XPConnect]-[FIX]Sandbox evaluation should handle branch callbacks [All]
369102 [Firefox:Installer]-semi-support installing 1.5.0.x back over 2.0.0.x (after a major update), and 2.0.x back over 3.0.x [Win]
369151 [Firefox:Session Restore]-Restored blank tabs can’t be reopened once they’re closed [All]
369410 [Core:Java to XPCOM Bridge]-Provide API for wrapping XPCOM and Java objects [All]
369427 [Firefox:Security]-Showing a blocked pop-up bypasses CheckLoadURI (can load file: URLs) [All]
369428 [Core:File Handling]-nsExternalAppHandler::SetUpTempFile uses a poor source of randomness, resulting in predictable filenames [All]
369451 [Firefox:OS Integration]-When setting default browser first clean up HKCU keys [Win]
369520 [Firefox:General]-Bon Echo nighty will not run on win9x [Win]
369552 [Firefox:Installer]-Uninstall reg key not removed on uninstall [Win]
370053 [Firefox:OS Integration]-Clicking a URL shortcut icon opens two instances of Firefox [Win]
370123 [Firefox:OS Integration]-Crash while starting Firefox with a Web-Shortcut and enabled Profile Manager [Win]
370126 [Firefox:Installer]-Wrong value written to EditFlags by NSIS installer? [Win]
370445 [Core:Networking]-Zalewski cookie setting / same-domain bypass vulnerability [All]
371321 [Core:Security]-memory corruption when onUnload is mixed with document.write()s [All]
DOM Landings
337716 [Core:DOM]-Swap two calls to avoid using a potentially dangling obj pointer [All]
353021 [Core:DOM]-crashes [@ PL_DHashTableOperate] removing from nsDOMClassInfo’s sExternallyReferencedTable [All]
361781 [Core:DOM: Mozilla Extensions]-nsIDomInternalWindow::GetAttention on GTK2 steals focus when the app has focus, blinks otherwise [Lin]
362446 [Core:DOM: Mozilla Extensions]-webapps storage should have size limits on the storage allowed per site [Lin]
364309 [Core:DOM]-Fix for bug 343168 has different behavior on different branches. [Lin]
364692 [Core:DOM]-[Fx 2.0.0.1/1.5.0.9 regression] Can’t view talkbacks on ynet.co.il [All]
364718 [Core:DOM: Events]-Crash [@ nsXULElement::HandleDOMEvent] [All]
368655 [Core:DOM]-Check with CAPS before executing in a sandbox [All]
368958 [Core:DOM]-Cross-window/openDialog object reference handling broken in post 2006-11-09 builds [Lin]
369157 [Core:DOM: Events]-[FIX]Clicking install themes button will toggle between save to disk and software installation window [All]
369413 [Core:DOM]-Check Lengths [All]
Layout Landings
332922 [Core:Layout]-better way of dealing with computed padding and margin [All]
337124 [Core:Layout: Tables]-Crash [@ nsTableRowGroupFrame::GetNumLines] with table-row-group/table-column-group [@ nsTableRowGroupFrame::IncrementalReflow] [Win]
343293 [Core:Layout]-Make ReconstructDocElementHierarchy work correctly even if we first blew away a pseudo which had the root as its content. [All]
344228 [Core:Layout]-Be careful with nsIScrollbarMediator references [All]
359371 [Core:Layout]-Handle reflows where we switch from constrained height to unconstrained, without losing frames [All]
362708 [Core:Layout]-Fix a Print Preview crash [All]
362724 [Core:Layout]-report frames currently on the overflow list as frames on a additional childlist to get their views reparented if a frame higher in the tree needs to reparent the views [All]
363235 [Core:Layout]-[FIX]Regression with display of image placeholders when an invalid protocol is used [All]
363813 [Core:Layout]-Don’t assume that just because the first frame in the overflow list has the right parent, all the frames in the list do. [All]
367243 [Core:Layout]-Don’t calculate stuff with dirty lists. [All]
367504 [Core:Layout]-Hang with -moz-inline-block, float (”yikes! spinning on a line over 1000 times!”) [All]
367906 [Core:Layout: Block and Inline]-[FIX]counter of CSS is broken [All]
JavaScript Engine Landings
313967 [Core:JavaScript Engine]-Performance issue when loading a very large script! [All]
347155 [Core:JavaScript Engine]-Crash due to too much recursion [@ js_FoldConstants] with deeply nested e4x literal [All]
351739 [Core:JavaScript Engine]-Memory leak in |JS_dtobasestr| (jsdtoa.c) [All]
354297 [Core:JavaScript Engine]-GC_MARK_DEBUG: getter/setter can be on index [All]
355497 [Core:JavaScript Engine]-Stack overflow with Array.slice, getter for “0″ [All]
362110 [Core:JavaScript Engine]-jsscope property sweeping still calls malloc in some cases [All]
363917 [Core:JavaScript Engine]-js_GC fails to clear cx->lastInternalResult root [All]
363988 [Core:JavaScript Engine]-huge javascript crashes firefox [@ JS_GetPrivate()] [All]
364017 [Core:JavaScript Engine]-Assertion failure: map->vector && i length, at jsatom.c:919 [Lin]
364104 [Core:JavaScript Engine]-Array.indexOf endless loop [All]
364264 [Core:JavaScript Engine]-Assertion failure: pcdepth >= 0, at jsopcode.c:4737 - failure to handle JSOP_TRAP in js_DecompileValueGenerator [Win]
364350 [Core:JavaScript Engine]-free unitialized memory from js_DestroyRegExp in OOM conditions [Win]
364836 [Core:JavaScript Engine]-Assert fail in JS_ArenaRealloc (alignment issues) [All]
365851 [Core:JavaScript Engine]-get/set/call optimizations [All]
366292 [Core:JavaScript Engine]-__defineSetter__(”x”, …) changes x’s value to the string “__lookupSetter__” [All]
366396 [Core:JavaScript Engine]-”Assertion failure: !SPROP_HAS_STUB_GETTER(sprop)” with setter and %= [All]
366398 [Core:JavaScript Engine]-On Darwin, Makefile.ref using libtool incorrectly builds libjs.so as a static library [Mac]
366468 [Core:JavaScript Engine]-Trying to set a value on a property without a setter crashes (Assertion failure: !SPROP_HAS_STUB_SETTER(sprop), at m:/trunk/mozilla/js/src/jsobj.c:3697) [All]
366606 [Core:JavaScript Engine]-JS Assertion with Firebug 0.4.1 on branch build [All]
366869 [Core:JavaScript Engine]-js_ThreadDestructorCB calls JS_REMOVE_AND_INIT_LINK incorrectly, resulting in an infinite loop [All]
367589 [Core:JavaScript Engine]-”Assertion failure: !SPROP_HAS_STUB_SETTER(sprop) || (sprop->attrs & JSPROP_GETTER)” [All]
RSS Feed Landings
266904 [Firefox:RSS Discovery and Preview]-Discovered feeds aren’t cleared on loads in background tabs (refresh or drag and drop) [All]
340554 [Firefox:RSS Discovery and Preview]-Provide sanitized HTML content [All]
350273 [Firefox:RSS Discovery and Preview]-registerContentHandler should throw an exception for malformed URIs [All]
365570 [Firefox:RSS Discovery and Preview]-FeedWriter doesn’t work with handlers with chrome:// URI (throws exception when downloading favicon) [All]
357539 [Firefox:RSS Discovery and Preview]-Feed parser does not recognize lastBuildDate field [All]
361448 [Firefox:RSS Discovery and Preview]-Feed processor logs an exception when it hits an unknown element in atom:author [All]
363318 [Firefox:RSS Discovery and Preview]-loading a simple feed in Firefox feedreader is extremely slow compared to loading the same feed as live bookmark [All]
Vista-related Landings
333491 [Firefox:Installer]-FF installer icon looks bad on Windows Vista [Win]
336469 [Firefox:Installer]-use new APIs in Vista to register file and protocol handlers (installer) [Win]
351949 [Firefox:Software Update]-Automatic Update is not working for Vista users with limited account privilege and UAC (User Account Control) enabled [Win]
352424 [Firefox:General]-Use the Vista Default Application API [Win]
353944 [Firefox:Installer]-Add default values for file handlers if they don’t have a default value [Win]
354005 [Firefox:OS Integration]-Setting the app as the OS default is broken on Vista [Win]
354226 [Firefox:Software Update]-nsPostUpdateWin.js fails to update registry keys / log files after an update has been applied. [Win]
355650 [Firefox:OS Integration]-Resetting IE as the default browser after setting Firefox as the default browser breaks opening urls without IE running [Win]
364483 [Firefox:Software Update]-Firefox stays elevated after update [Win]
367540 [Toolkit:NSIS Installer]-When launching the app from the installer the app runs with elevated privileges [Win]
369048 [Firefox:Installer]-The installer should take over system wide defaults on install if the existing system wide default is for a firefox.exe [Win]
369125 [Firefox:Software Update]-updater.exe doesn’t have a good description (”updater”) [Win]
369314 [Firefox:Installer]-Trunk install takes over as default browser from a release build [Win]
