diff --git a/browser/base/content/contentAreaUtils.js b/browser/base/content/contentAreaUtils.js
index b70778c9f79..29d5c058dd5 100644
--- a/browser/base/content/contentAreaUtils.js
+++ b/browser/base/content/contentAreaUtils.js
@@ -105,10 +105,18 @@ function markLinkVisited(href, linkNode)
.getService(Components.interfaces.nsIGlobalHistory);
if (!globalHistory.isVisited(href)) {
globalHistory.addPage(href);
- var oldHref = linkNode.href;
- linkNode.href = "";
- linkNode.href = oldHref;
- }
+ var oldHref = linkNode.getAttribute("href");
+ if (typeof oldHref == "string") {
+ // Use setAttribute instead of direct assignment.
+ // (bug 217195, bug 187195)
+ linkNode.setAttribute("href", "");
+ linkNode.setAttribute("href", oldHref);
+ }
+ else {
+ // Converting to string implicitly would be a
+ // minor security hole (similar to bug 202994).
+ }
+ }
}
function urlSecurityCheck(url, doc)
diff --git a/browser/components/prefwindow/content/pref-advanced.xul b/browser/components/prefwindow/content/pref-advanced.xul
index 6bba808d612..82f7aea278d 100644
--- a/browser/components/prefwindow/content/pref-advanced.xul
+++ b/browser/components/prefwindow/content/pref-advanced.xul
@@ -185,9 +185,7 @@
#ifdef PROVISIONAL_SECURITY_UI
- This section is PROVISIONAL and will change or disappear in future releases!
- It exists here now only to provide this functionality where no other access point
- is available.
+ &securityUIDisclaimer.label;
&certselect.description;
@@ -227,9 +225,7 @@
- This section is PROVISIONAL and will change or disappear in future releases!
- It exists here now only to provide this functionality where no other access point
- is available.
+ &securityUIDisclaimer.label;
&validation.crl.description;
diff --git a/browser/components/prefwindow/locale/pref-advanced.dtd b/browser/components/prefwindow/locale/pref-advanced.dtd
index dd39aaec517..9dc2a3ee433 100644
--- a/browser/components/prefwindow/locale/pref-advanced.dtd
+++ b/browser/components/prefwindow/locale/pref-advanced.dtd
@@ -19,6 +19,8 @@
+
+