Security hole fixes:

22183 - Display hostname in title bar when address bar is hidden, to reduce the impact of the fact that web sites are allowed to spoof address bars.

260560 - Security and download dialogs can be spoofed by covering them partially using popup windows.

262887 - Secunia background tab security issues (SA12712).

273699 - 2 Frame Injection Vulnerabilities (popup blocking race condition & onunload event mis-firing).

275417 - Download dialog source spoofing (SA13599).

279945 - Image drag and drop allows to create executable files.

280056 - When dropping a javascript link to a tab, the script runs in the security context of the site currently displayed in the tab.

280603 - "New Updates Avail" popup in bottom right-hand corner pops up endlessly / excessive hits on update service.

280664 - Using Flash and the -moz-opacity filter you can get access to about:config and make the user silently change values.

282270 - Display IDN URLs as punycode by default (controlled by a hidden pref).