The following vulnerabilities were found and fixed in Mozilla Firefox:

• "moz_bug_r_a4" and "shutdown" discovered that Firefox was improperly cloning base objects (MFSA 2005-56).
• Michael Krax reported that Firefox was not correctly handling JavaScript URLs from external applications (MFSA 2005-53), and that the "Set as wallpaper" function in versions 1.0.3 and 1.0.4 could be abused to load JavaScript (MFSA 2005-47).
• Several researchers reported ways to trick Firefox into accepting events generated by web content (MFSA 2005-45).
• Kohei Yoshino discovered a new way to inject script from the sidebar panel using data: (MFSA 2005-49).
• "moz_bug_r_a4" reported that Firefox failed to validate XHTML DOM nodes properly (MFSA 2005-55), and that XBL scripts ran even when Javascript is disabled (MFSA 2005-46).
• "shutdown" discovered a possibly exploitable crash in InstallVersion.compareTo (MFSA 2005-50).
• Finally, Secunia discovered that a child frame can call top.focus() even if the framing page comes from a different origin and has overridden the focus() routine (MFSA 2005-52), and that the frame injection spoofing bug fixed in 1.0.2 was mistakenly reintroduced in 1.0.3 and 1.0.4 (MFSA 2005-51).