Mozilla features fully compliant standards support including HTML 4.0, XML, CSS, and DOM, and is small, fast, and modular. Since its inception, Mozilla has been built using open source, meaning that the source code is publicly available. Mozilla's interface employs the standard browsing paradigm with back, forward, and refresh buttons. It is skinnable, meaning you can download new looks for it. It features the ability to disable unrequested pop-up windows on Web sites. Mozilla also lets you open multiple browser windows and display multiple Web pages in a single tabbed window at the same time. New features in version 1.7 include a new cross-platform NTLM authentication module, security improvements, and crash fixes.
- The "send page" function can overrun the heap on very long links. With compelling content that people will want to forward to all their friends and the right link this could be used to execute arbitrary code.
- A stack buffer overrun in VCard display routines could be exploited to run arbitrary code supplied by the attacker. Workaround: Disable in-line display of attachments, don't open VCard attachments.
- Responses from a malicious POP3 mail server can trigger heap overruns that can be exploited to run arbitrary code.
News source: mozilla.org