The following vulnerabilities were found and fixed in the Mozilla Suite:

• "moz_bug_r_a4" and "shutdown" discovered that the Mozilla Suite was improperly cloning base objects (MFSA 2005-56).
• "moz_bug_r_a4" reported that the suite failed to validate XHTML DOM nodes properly (MFSA 2005-55).
• Secunia reported that alerts and prompts scripts are presented with the generic title [JavaScript Application] which could lead to tricking a user (MFSA 2005-54).
• Andreas Sandblad of Secunia reported that top.focus() can be called in the context of a child frame even if the framing page comes from a different origin and has overridden the focus() routine (MFSA 2005-52).
• Secunia reported that a frame-injection spoofing bug which was fixed in earlier versions, was accidently bypassed in Mozilla Suite 1.7.7 (MFSA 2005-51).
• "shutdown" reported that InstallVersion.compareTo() might be exploitable. When it gets an object rather than a string, the browser would generally crash with an access violation (MFSA 2005-50).
• Matthew Mastracci reported that by forcing a page navigation immediately after calling the install method can end up running in the context of the new page selected by the attacker (MFSA 2005-48).
• "moz_bug_r_a4" reported that XBL scripts run even when Javascript is disabled (MFSA 2005-46).
• Omar Khan, Jochen, "shutdown" and Matthew Mastracci reported that the Mozilla Suite incorrectly distinguished between true events like mouse clicks or keystrokes and synthetic events generated by a web content (MFSA 2005-45).