This is a tracker bug for all mozilla-firefox 1.0.3 fixes: MFSA 2005-33 Javascript "lambda" replace exposes memory contents https://bugzilla.mozilla.org/show_bug.cgi?id=288688 / CAN-2005-0989 MFSA 2005-34 javascript: PLUGINSPAGE code execution https://bugzilla.mozilla.org/show_bug.cgi?id=288556 https://bugzilla.mozilla.org/show_bug.cgi?id=289171 MFSA 2005-35 Showing blocked javascript: popup uses wrong privilege context https://bugzilla.mozilla.org/show_bug.cgi?id=289204 MFSA 2005-36 Cross-site scripting through global scope pollution (details withheld) https://bugzilla.mozilla.org/show_bug.cgi?id=289675 MFSA 2005-37 Code execution through javascript: favicons (firelinking) https://bugzilla.mozilla.org/show_bug.cgi?id=290036 MFSA 2005-38 Search plugin cross-site scripting (firesearching) https://bugzilla.mozilla.org/show_bug.cgi?id=290037 MFSA 2005-39 Arbitrary code execution from Firefox sidebar panel II https://bugzilla.mozilla.org/show_bug.cgi?id=290079 MFSA 2005-40 Missing Install object instance checks https://bugzilla.mozilla.org/show_bug.cgi?id=290162 MFSA 2005-41 Privilege escalation via DOM property overrides (details withheld) https://bugzilla.mozilla.org/show_bug.cgi?id=289074 https://bugzilla.mozilla.org/show_bug.cgi?id=289083 https://bugzilla.mozilla.org/show_bug.cgi?id=289961 Mozilla team, please bump
Bumped on x86. Arch maintainers please follow suit!
Stable on ppc.
stable on amd64
Stable on hppa.
Stable on SPARC.
Stable on alpha.
Stable on ia64.
GLSA 200504-18 arm should mark stable to benefit from GLSA