Mozilla Firefox 1.0.1 released (Security hole and bug fixes)
Most of the changes in Firefox 1.0.1 were security fixes and stability fixes.
Security hole fixes
22183 - Display hostname in title bar when address bar is hidden, to reduce the impact of the fact that web sites are allowed to spoof address bars.
260560 - Security and download dialogs can be spoofed by covering them partially using popup windows.
262887 - Secunia background tab security issues (SA12712).
273699 - 2 Frame Injection Vulnerabilities (popup blocking race condition & onunload event mis-firing).
275417 - Download dialog source spoofing (SA13599).
279945 - Image drag and drop allows to create executable files.
280056 - When dropping a javascript link to a tab, the script runs in the security context of the site currently displayed in the tab.
280603 - "New Updates Avail" popup in bottom right-hand corner pops up endlessly / excessive hits on update service.
280664 - Using Flash and the -moz-opacity filter you can get access to about:config and make the user silently change values.
282270 - Display IDN URLs as punycode by default (controlled by a hidden pref).
Notable bug fixes
229706 - Unattended install asks for installation folder.
233625 - Uninstalling deleted non-Firefox folders (after installing to C:\Program Files\).
98564 - Caret overlaps the last character in textfield (if positioned after the last char).
271473 - Decouple services on update.mozilla.org.
280603 - "New Updates Avail" popup in bottom right-hand corner pops up endlessly / excessive hits on update service.
236596 - Form element cannot get focus when loaded by XML/XSLT page.
262822 - FIPS can't be enabled.
261934 - Regression: network.standard-url.encode.utf8 and network.enableIDN prefs are ignored.
242845 - [Mac] Firefox disk image should use .dmg internal zlib-compression, not .dmg.gz.
180309 - [Linux] Crash while loading page with MS .fon font.
http://www.squarefree.com/burningedge/releases/1.0.1.html
Download Mozilla Firefox 1.0.1 to take advantage of security fixes.