I was just looking at the known vulnerabilities page[1] to see what it had on it.... And the only thing it has is the XMLHttpRequest vulnerability that was such a big deal this past spring. At the time, there were promises made to actually update this page with security vulnerabilities when those became known and whatnot....
Now I know for a fact that there have been security vulnerabilities identified and fixes since then. Some of these have been publicly reported on BugTraq and the like. So my question is, "Why are these security vulnerabilities not listed on the security vulnerabilities page?" I feel that we are doing a grave disservice to our users, who may want to know if there is a security vulnerability in 1.1a, say, that is fixed in 1.1b..... [1] http://www.mozilla.org/projects/security/known-vulnerabilities.html