Security Advisories for Firefox 1.0

Firefox 1.0 is unsupported. Please upgrade to the latest version.

Impact key

• Critical Vulnerability can be used to run attacker code and install software, requiring no user interaction beyond normal browsing.
• High Vulnerability can be used to gather sensitive data from sites in other windows or inject data or code into those sites, requiring no more than normal browsing actions.
• Moderate Vulnerabilities that would otherwise be High or Critical except they only work in uncommon non-default configurations or require the user to perform complicated and/or unlikely steps.
• Low Minor security vulnerabilities such as Denial of Service attacks, minor data leaks, or spoofs. (Undetectable spoofs of SSL indicia would have "High" impact because those are generally used to steal sensitive data intended for other sites.)

# Fixed in Firefox 1.0.8

• 2006-27 Table Rebuilding Code Execution Vulnerability
• 2006-25 Privilege escalation through Print Preview
• 2006-24 Privilege escalation using crypto.generateCRMFRequest
• 2006-23 File stealing by changing input type
• 2006-22 CSS Letter-Spacing Heap Overflow Vulnerability
• 2006-19 Cross-site scripting using .valueOf.call()
• 2006-18 Mozilla Firefox Tag Order Vulnerability
• 2006-17 cross-site scripting through window.controllers
• 2006-16 Accessing XBL compilation scope via valueOf.call()
• 2006-15 Privilege escalation using a JavaScript function's cloned parent
• 2006-14 Privilege escalation via XBL.method.eval
• 2006-13 Downloading executables with "Save Image As..."
• 2006-12 Secure-site spoof (requires security warning dialog)
• 2006-11 Crashes with evidence of memory corruption (rv:1.8)
• 2006-10 JavaScript garbage-collection hazard audit
• 2006-09 Cross-site JavaScript injection using event handlers
• 2006-05 Localstore.rdf XML injection through XULDocument.persist()
• 2006-03 Long document title causes startup denial of service
• 2006-01 JavaScript garbage-collection hazards

# Fixed in Firefox 1.0.7

• 2005-59 Command-line handling on Linux allows shell execution
• 2005-58 Firefox 1.0.7 / Mozilla Suite 1.7.12 Vulnerability Fixes
• 2005-57 IDN heap overrun using soft-hyphens

# Fixed in Firefox 1.0.5

• 2005-56 Code execution through shared function objects
• 2005-55 XHTML node spoofing
• 2005-54 Javascript prompt origin spoofing
• 2005-53 Standalone applications can run arbitrary code through the browser
• 2005-52 Same origin violation: frame calling top.focus()
• 2005-51 The return of frame-injection spoofing
• 2005-50 Exploitable crash in InstallVersion.compareTo
• 2005-49 Script injection from Firefox sidebar panel using data:
• 2005-48 Same-origin violation with InstallTrigger callback
• 2005-47 Code execution via "Set as Wallpaper"
• 2005-46 XBL scripts ran even when Javascript disabled
• 2005-45 Content-generated event vulnerabilities

# Fixed in Firefox 1.0.4

• 2005-44 Privilege escalation via non-DOM property overrides
• 2005-43 "Wrapped" javascript: urls bypass security checks
• 2005-42 Code execution via javascript: IconURL

# Fixed in Firefox 1.0.3

• 2005-41 Privilege escalation via DOM property overrides
• 2005-40 Missing Install object instance checks
• 2005-39 Arbitrary code execution from Firefox sidebar panel II
• 2005-38 Search plugin cross-site scripting
• 2005-37 Code execution through javascript: favicons
• 2005-36 Cross-site Scripting through global scope pollution
• 2005-35 Showing blocked javascript: popup uses wrong privilege context
• 2005-34 PLUGINSPAGE privileged javascript execution
• 2005-33 Javascript "lambda" replace exposes memory contents

# Fixed in Firefox 1.0.2

• 2005-32 Drag and drop loading of privileged XUL
• 2005-31 Arbitrary code execution from Firefox sidebar panel
• 2005-30 GIF heap overflow parsing Netscape extension 2

# Fixed in Firefox 1.0.1

• 2005-29 Internationalized Domain Name (IDN) homograph spoofing
• 2005-28 Unsafe /tmp/plugtmp directory exploitable to erase user's files
• 2005-27 Plugins can be used to load privileged content
• 2005-26 Cross-site scripting by dropping javascript: link on tab
• 2005-25 Image drag and drop executable spoofing
• 2005-24 HTTP auth prompt tab spoofing
• 2005-23 Download dialog source spoofing
• 2005-22 Download dialog spoofing using Content-Disposition header
• 2005-21 Overwrite arbitrary files downloading .lnk twice
• 2005-20 XSLT can include stylesheets from arbitrary hosts
• 2005-19 Autocomplete data leak
• 2005-18 Memory overwrite in string library
• 2005-17 Install source spoofing with user:pass@host
• 2005-16 Spoofing download and security dialogs with overlapping windows
• 2005-15 Heap overflow possible in UTF8 to Unicode conversion
• 2005-14 SSL "secure site" indicator spoofing
• 2005-13 Window Injection Spoofing

# Fixed in Firefox 1

• 2005-12 javascript: Livefeed bookmarks can steal cookies
• 2005-09 Browser responds to proxy auth request from non-proxy server (ssl/https)
• 2005-08 Synthetic middle-click event can steal clipboard contents
• 2005-07 Script-generated event can download without prompting
• 2005-05 Input stealing from other tabs
• 2005-04 Secure site lock can be spoofed with view-source:
• 2005-03 Secure site lock can be spoofed with a binary download
• 2005-02 Opened attachments are temporarily saved world-readable
• 2005-01 Link opened in new tab can load a local file