Fix Firebird bugs

217195 (patch by Jesse Ruderman) - security hole in markLinkVisited (exploited with link.href usage)

219875 (patch by Mike Connor) - localize strings for provisional security UI in Advanced Options panel

browser/base/content/contentAreaUtils.js

@@ -105,10 +105,18 @@ function markLinkVisited(href, linkNode)
                                .getService(Components.interfaces.nsIGlobalHistory);
    if (!globalHistory.isVisited(href)) {
      globalHistory.addPage(href);
-     var oldHref = linkNode.href;
+     var oldHref = linkNode.getAttribute("href");
-     linkNode.href = "";
+     if (typeof oldHref == "string") {
-     linkNode.href = oldHref;
+       // Use setAttribute instead of direct assignment.
-   }    
+       // (bug 217195, bug 187195)
+       linkNode.setAttribute("href", "");
+       linkNode.setAttribute("href", oldHref);
+     }
+     else {
+       // Converting to string implicitly would be a 
+       // minor security hole (similar to bug 202994).
+     }
+   }
 }
 
 function urlSecurityCheck(url, doc) 

browser/components/prefwindow/content/pref-advanced.xul

@@ -185,9 +185,7 @@
     
 #ifdef PROVISIONAL_SECURITY_UI
     <expander id="certs" label="&certs.label;" open="false" persist="open" clearhidden="true">      
-      <description>This section is PROVISIONAL and will change or disappear in future releases!
+      <description>&securityUIDisclaimer.label;</description>
-                   It exists here now only to provide this functionality where no other access point
-                   is available.</description>
       <groupbox align="start">
         <caption label="&SSLClientAuthMethod;"/>
         <description>&certselect.description;</description>
@@ -227,9 +225,7 @@
     </expander>
     
     <expander id="validation" label="&validation.label;" open="false" persist="open" clearhidden="true">      
-      <description>This section is PROVISIONAL and will change or disappear in future releases!
+      <description>&securityUIDisclaimer.label;</description>
-                   It exists here now only to provide this functionality where no other access point
-                   is available.</description>
       <groupbox>
         <caption label="&validation.crl.label;"/>
         <description>&validation.crl.description;</description>

browser/components/prefwindow/locale/pref-advanced.dtd

@@ -19,6 +19,8 @@
 <!ENTITY linksOnlyTypeAheadFind.label "to search links only">
 
 <!-- PROVISIONAL SECURITY UI ONLY -->
+<!ENTITY securityUIDisclaimer.label   "This section is PROVISIONAL and will change or disappear in future releases! It exists here now only to provide this functionality where no other access point is available.">
+
 <!-- Certs -->
 <!ENTITY certs.label                  "Certificates">
 <!ENTITY SSLClientAuthMethod          "Client Certificate Selection">