Fix Firebird bugs

217195 (patch by Jesse Ruderman) - security hole in markLinkVisited (exploited with link.href usage) 219875 (patch by Mike Connor) - localize strings for provisional security UI in Advanced Options panel
2003-09-23 19:34:25 +00:00 · 2003-09-23 19:34:25 +00:00 · b6cc06fec0
--- a/browser/base/content/contentAreaUtils.js
+++ b/browser/base/content/contentAreaUtils.js
@ -105,10 +105,18 @@ function markLinkVisited(href, linkNode)
                               .getService(Components.interfaces.nsIGlobalHistory);
   if (!globalHistory.isVisited(href)) {
     globalHistory.addPage(href);
-     var oldHref = linkNode.href;
-     linkNode.href = "";
-     linkNode.href = oldHref;
-   }    
+     var oldHref = linkNode.getAttribute("href");
+     if (typeof oldHref == "string") {
+       // Use setAttribute instead of direct assignment.
+       // (bug 217195, bug 187195)
+       linkNode.setAttribute("href", "");
+       linkNode.setAttribute("href", oldHref);
+     }
+     else {
+       // Converting to string implicitly would be a 
+       // minor security hole (similar to bug 202994).
+     }
+   }
 }

 function urlSecurityCheck(url, doc) 
--- a/browser/components/prefwindow/content/pref-advanced.xul
+++ b/browser/components/prefwindow/content/pref-advanced.xul
@ -185,9 +185,7 @@
    
 #ifdef PROVISIONAL_SECURITY_UI
    <expander id="certs" label="&certs.label;" open="false" persist="open" clearhidden="true">      
-      <description>This section is PROVISIONAL and will change or disappear in future releases!
-                   It exists here now only to provide this functionality where no other access point
-                   is available.</description>
+      <description>&securityUIDisclaimer.label;</description>
      <groupbox align="start">
        <caption label="&SSLClientAuthMethod;"/>
        <description>&certselect.description;</description>
@ -227,9 +225,7 @@
    </expander>
    
    <expander id="validation" label="&validation.label;" open="false" persist="open" clearhidden="true">      
-      <description>This section is PROVISIONAL and will change or disappear in future releases!
-                   It exists here now only to provide this functionality where no other access point
-                   is available.</description>
+      <description>&securityUIDisclaimer.label;</description>
      <groupbox>
        <caption label="&validation.crl.label;"/>
        <description>&validation.crl.description;</description>
--- a/browser/components/prefwindow/locale/pref-advanced.dtd
+++ b/browser/components/prefwindow/locale/pref-advanced.dtd
@ -19,6 +19,8 @@
 <!ENTITY linksOnlyTypeAheadFind.label "to search links only">

 <!-- PROVISIONAL SECURITY UI ONLY -->
+<!ENTITY securityUIDisclaimer.label   "This section is PROVISIONAL and will change or disappear in future releases! It exists here now only to provide this functionality where no other access point is available.">
+
 <!-- Certs -->
 <!ENTITY certs.label                  "Certificates">
 <!ENTITY SSLClientAuthMethod          "Client Certificate Selection">