a. The com_search XSS patch files. This originally came from a German forum so use at your own risk. This vulnerability was discovered in January 2011, after the "end of life" of Joomla 1.0.x which means that this patch is not "official"
b. A few files that you'll need to update for running Joomla 1.0.x on PHP 5.3.x - these are the only files I needed to replace because I do not use the core SEF functions in Joomla, I use sh404sef instead. If you are using Joomla 1.0 with its core SEF funtions, there are more files you'll need to update, I'd start your process with reading this article:
These files and information are provided without guarantee and you should proceed at your own risk. Be sure to backup first...