module list hidden. There really is no point in keeping them global.
Ideally, this would be using the normal linker set logic, but that's a
more involved change.
Changelog:
Based on xulrunner 41.0
Security fixes:
2015-114 Information disclosure via the High Resolution Time API
2015-113 Memory safety errors in libGLES in the ANGLE graphics library
2015-112 Vulnerabilities found through code inspection
2015-111 Errors in the handling of CORS preflight request headers
2015-110 Dragging and dropping images exposes final URL after redirects
2015-109 JavaScript immutable property enforcement can be bypassed
2015-108 Scripted proxies can access inner window
2015-107 Out-of-bounds read during 2D canvas display on Linux 16-bit color depth systems
2015-106 Use-after-free while manipulating HTML media content
2015-105 Buffer overflow while decoding WebM video
2015-104 Use-after-free with shared workers and IndexedDB
2015-103 URL spoofing in reader mode
2015-102 Crash when using debugger with SavedStacks in JavaScript
2015-101 Buffer overflow in libvpx while parsing vp9 format video
2015-100 Arbitrary file manipulation by local user through Mozilla updater
2015-99 Site attribute spoofing on Android by pasting URL with unknown scheme
2015-98 Out of bounds read in QCMS library with ICC V4 profile attributes
2015-97 Memory leak in mozTCPSocket to servers
2015-96 Miscellaneous memory safety hazards (rv:41.0 / rv:38.3)
It might still be possible that pkgsrc needs adjustments for gmp loading
if/when we adopt some gmp packages, but until then they serve no purpose
and in fact appear to be harmful. Fixes Firefox startup error message:
addons.manager ERROR Exception calling provider GMPProvider.startup
* Remove unused PLIST.enigmail.
Changelog:
System Requirements, Installation and Uninstallation
Before installing, make sure your computer meets the system
requirements. SeaMonkey 2.35 will no longer offer to migrate your
data from SeaMonkey 1.x or Mozilla 1.x at the first start after
installation (bug 689437). In order to upgrade from such an old
version, install the last SeaMonkey 2.0 release first, do the
one-time profile upgrade, uninstall SeaMonkey 2.0 and then install
your target release (e.g. this one).
You can find more details about installation, profile data and
uninstallation in our install and uninstall document.
Extensions (Add-ons) and Themes
Extensions installed under SeaMonkey 1.x are not migrated to
SeaMonkey 2, and may not be compatible for reinstalling in this
version due to major changes in our architecture. Please report
any issues to the maintainer of the extension. Extensions and Themes
for SeaMonkey 2.35 can be installed from the SeaMonkey Add-Ons
website or the "Get Add-Ons" section in the Add-ons Manager.
Extensions with binary components such as Lightning, Enigmail and
HTML Validator only work on certain platforms (e.g. Windows).
Furthermore they need to be adjusted for each new SeaMonkey release,
which also means that an old version of such an add-on can break
SeaMonkey if you disabled compatibility checking (which e.g. happens
when you install the Add-on Compatibility Reporter add-on).
For Lightning, please check the Stable Releases section on the
Calendar Versions page. Alternatively check the Lightning add-on
page (Development Channel at the bottom of the page).
For Enigmail, please refer to the Enigmail Nightly Builds page.
For HTML Validator you need to check whether the Firefox version
that appears on SeaMonkey's about: page is listed on the 0.9x
download page. Note that only Windows is supported at this
time.
SeaMonkey 2.29 dropped support for the legacy JavaScript Debugger
interface (JSD1). Hence add-ons that relied on it, like the JavaScript
Debugger (Venkman) that came bundled with SeaMonkey, or Firebug
1.x, have stopped working. While Venkman has been discontinued,
Firebug can simply be upgraded to a more recent version (2.x) which
supports the new JSD2 interface. If you are searching for a Venkman
replacement (especially for debugging SeaMonkey itself or add-ons),
have a look at the Tiny JavaScript Debugger add-on.
Known Issues
This list covers some of the known problems with SeaMonkey 2.35.
Please read this before reporting any new bugs.
The SSL 3.0 encryption protocol is disabled by default due to
security concerns (bug 1076983). Legacy websites may still rely
on it and will not work with the newer TLS 1.x protocols. SSL
3.0 support can be re-enabled in Preferences under Privacy &
Security, SSL.
Lightning does not work with SeaMonkey when icaljs is enabled,
which it is by default (bug 1081534). As a workaround, disable
icaljs by setting the calendar.icaljs pref to false in
about:config.
The Remember Passwords add-on breaks password handling. Please
disable or uninstall this add-on using the Add-ons Manager.
You cannot set up a new Sync account or pair a device anymore
(bug 998807). Workaround: Use an older version of SeaMonkey
for such tasks for now.
Data loss warning: If you use a profile with this or any later
version and then try to go back to SeaMonkey 2.0, SeaMonkey
will rename your history file to places.sqlite.corrupt and
create a new places.sqlite file, effectively resetting your
browsing history. This is because the internal format changed
and the upgrade process only works in one direction. Additionally,
running MailNews with local folders and POP3 mail filters may
produce summary files that are not correctly read by previous
versions of SeaMonkey. If you decide to go back to a previous
version of SeaMonkey, you should delete the .msf files for your
local folders and POP3 accounts or repair the folders using
the folder properties dialog in order to avoid potential data
loss.
After creating a news account through clicking a news URL, the
MailNews account wizard may be broken (the account type will
always be News). To work around the problem, set the
mail.server.serverX.valid pref (where X is the internal number
of the corresponding news account) to true in about:config, or
delete the invalid news account (bug 521861).
Web pages may appear differently in the MailNews feed reader
than in the browser (bug 662907). Workaround: Add a "noscript
{display:none}" rule to your userContent.css (note that the
Stylish add-on cannot be used here since it does not integrate
with the MailNews feed reader).
Select Element by Click doesn't flash the element in DOM
Inspector on Windows if hardware acceleration is enabled (bug
594299).
The option "When opening a bookmark group" / "Replace existing
tabs" under Preferences / Tabbed Browsing does not have an
effect anymore (bug 664101).
Lightning keyboard shortcuts for accessing the calendar tab
from within the MailNews window or from the main menu
(Ctrl+Shift+C/D) do not work. (bug 514512).
If you try to start SeaMonkey using a locked profile, it will
crash (see bug 573369).
Some synaptic touch pads are unable to vertical scroll (see
bug 622410).
Under certain conditions, scrolling and text input may be jerky
(see bug 711900).
Mac OS X and Windows: Citrix Receiver no longer works. As a
workaround, mark the plugin as Always Enable in the Add-ons
Manager (see bug 1025627).
Windows:
Norton/Symantec anti-virus scanners may report that some
parts of SeaMonkey (e.g. the file freebl3.dll) are suspicious.
If you downloaded SeaMonkey from one of the official download
sites, this is a false alarm. You might experience problems
with secure websites when this happens. To fix the issue,
instruct your anti-virus software to ignore these files
(and move them out of quarantine) and/or switch to another
anti-virus software and reinstall SeaMonkey.
Linux:
The cursor may change to "drag & drop" mode in the mail
window, causing a hang (bug 736811).
Mac:
When hardware acceleration is off, background colors in
the UI (toolbar, status bar etc.) might not update correctly
when you switch focus from/to a window. Users running Macs
with certain older hardware (e.g. Intel GMA 950) will
experience this even if they haven't turned off hardware
acceleration in Preferences (Appearance/Content) (bug
626096).
Troubleshooting
Some questions are asked more frequently than others. Have a
look at the SeaMonkey FAQ. Maybe your particular problem has
already been solved.
Some anti-virus software keeps detectine installer so that its
contents can run and install SeaMonkey. That technology is
widely used and probably can be used to compress bad as well
as good software, but the 7-Zip code itself is perfectly safe.
Mozilla scans all our files routinely when putticanned by the
same mechanisms.
Poorly designed or incompatible extensions can cause problems
with SeaMonkey, including make it crash, slow down page display,
etc. If you encounter strange problems relating to parts of
SeaMonkey no longer working, the etc, you may be suffering
from Extension or Theme trouble. Restart SeaMonkey in Safe
Mode. On Windows, start using the "Safe Mode" shortcut created
in your Start menu or by running seamonkey.exe -safe-mode. On
Linux, start with ./seamonkey -safe-mode and on Mac OS X, run:
cd /Applications/SeaMonkey.app/Contents/MacOS/
./seamonkey-bin -safe-mode
When started in Safe Mode all extensions are disabled and the
Default theme is used. Disable the Extension/Theme that is
causing trouble and then start normally.
If you uninstall an extension that is installed with your user
profile (i.e. you installed it from a Web page) and then wish
to install it for all user profiles using the -install-global-extension
command line flag, you must restart SeaMonkey once to cleanse
the profile extensions datasource of traces of that extension
before installing with the switch. If you do not do this you
may end up with a jammed entry in the Extensions list and will
be unable to install the extension globally.
If you encounter strange problems relating to bookmarks,
downloads, window placement, toolbars, history, or other
settings, it is recommended that you try creating a new profile
and attempting to reproduce the problem before filing bugs.
Create a new profile by running SeaMonkey with the -P command
line argument, choose the "Manage Profiles" button and then
choose "Create Profile...". Migrate your settings files
(Bookmarks, Saved Passwords, etc) over one by one, checking
each time to see if the problems resurface. If you do find a
particular profile data file is causing a problem, file a bug
and attach the file.
* gnome option is broken. Disable it.
Changelog:
What's New in SeaMonkey 2.33
SeaMonkey 2.33 contains the following major changes relative to SeaMonkey 2.32.1:
SeaMonkey-specific changes
Security notification bars now feature tracking controls.
The tracking/privacy preferences pane has been updated.
Mozilla platform changes
The Flash protected-mode sandbox has been disabled on Windows in order to evaluate the stability impact of protected mode.
Insecure RC4 ciphers are no longer accepted whenever possible.
Certificates with 1024-bit RSA keys have been phased out.
A subset of the Media Source Extensions (MSE) API has been implemented in order to allow native HTML5 playback on YouTube. Full support is on the way.
The performance of the new ES6 generator functions has been improved.
Also see Firefox 36 for Developers.
Fixed several stability issues.
Bugs fixed in this release
SeaMonkey bugs
Thunderbird bugs (including both shared MailNews- and Thunderbird-only bugs)
Relevant security fixes are listed on Security Advisories for SeaMonkey.
* Security advisories are not available yet.
Changelog:
What's New in SeaMonkey 2.32.1
Mostly regression fixes, including:
MailNews feeds not updating
Selected profile in Profile Manager not remembered
Opening a bookmark folder in tabs on Linux
Troubleshooting Information (about:support) with the Modern theme
What's New in SeaMonkey 2.32
SeaMonkey 2.32 contains the following major changes relative to SeaMonkey 2.31:
SeaMonkey-specific changes
The Spell Check dialog is now resizable.
Generational Garbage Collection has been enabled.
Mozilla platform changes
Improved handling of dynamic styling changes to increase responsiveness.
Implemented HTTP Public Key Pinning Extension (for enhanced authentication of encrypted connections).
Reduced resource usage for scaled images.
Also see Firefox 35 for Developers.
Fixed several stability issue
Fixed in SeaMonkey 2.32
2015-09 XrayWrapper bypass through DOM objects
2015-08 Delegated OCSP responder certificates failure with id-pkix-ocsp-nocheck extension
2015-06 Read-after-free in WebRTC
2015-05 Read of uninitialized memory in Web Audio
2015-04 Cookie injection through Proxy Authenticate responses
2015-03 sendBeacon requests lack an Origin header
2015-02 Uninitialized memory use during bitmap rendering
2015-01 Miscellaneous memory safety hazards (rv:35.0 / rv:31.4)
Changelog:
# What's New in SeaMonkey 2.31
SeaMonkey 2.31 contains the following major changes relative to SeaMonkey 2.30:
## SeaMonkey-specific changes
Text zoom is now available in Composer.
GStreamer and PulseAudio support has been re-enabled on Linux.
## Mozilla platform changes
Support for H264 (MP4) is now built in on Mac OS X Snow Leopard (10.6) and newer through native APIs.
HTTP/2 (draft14) and ALPN have been implemented.
Added ability to recover from a locked process in the "SeaMonkey is already running" dialog on Windows.
Added ECDH support for WebCrypto.
The console.table function has been added to the Error Console.
CSS transitions start correctly now when started at the same time as changes to display, position, overflow, and similar properties.
Also see Firefox 34 for Developers.
Fixed several stability issues.
# Security fixes
Fixed in SeaMonkey 2.31
2014-91 Privileged access to security wrapped protected objects
2014-89 Bad casting from the BasicThebesLayer to BasicContainerLayer
2014-88 Buffer overflow while parsing media content
2014-87 Use-after-free during HTML5 parsing
2014-86 CSP leaks redirect data via violation reports
2014-85 XMLHttpRequest crashes with some input streams
2014-84 XBL bindings accessible via improper CSS declarations
2014-83 Miscellaneous memory safety hazards (rv:34.0 / rv:31.3)
Changelog:
SeaMonkey-specific changes
The delimiter for forwarded messages can now be configured.
An option to not strip signatures on reply has been added to prevent top signatures from deleting the body.
Add to Searchbar (search-engine autodiscovery) was implemented.
The location bar tooltip now shows the complete current URL in case it is displayed only partially.
See the changes page for a more complete overview.
Mozilla platform changes
The Gamepad API has been finalized and enabled (learn more).
navigator.plugins is no longer enumerable, for user privacy.
ECMAScript Internationalization API has been enabled.
'box-sizing' (dropping the -moz- prefix) has been implemented.
SharedWorker is now enabled by default.
CSS3 variables have been implemented.
Console object is now available in Web Workers.
Promises have been enabled by default.
<input type="number"> has been implemented and enabled.
<input type="color"> has been implemented and enabled.
Fixed several stability issues.
Fixed in SeaMonkey 2.26.1
MFSA 2014-54 Buffer overflow in Gamepad API
MFSA 2014-53 Buffer overflow in Web Audio Speex resampler
MFSA 2014-52 Use-after-free with SMIL Animation Controller
MFSA 2014-51 Use-after-free in Event Listener Manager
MFSA 2014-49 Use-after-free and out of bounds issues found using Address Sanitizer
MFSA 2014-48 Miscellaneous memory safety hazards (rv:30.0 / rv:24.6)
Fixed in SeaMonkey 2.26
MFSA 2014-47 Debugger can bypass XrayWrappers with JavaScript
MFSA 2014-46 Use-after-free in nsHostResolve
MFSA 2014-45 Incorrect IDNA domain name matching for wildcard certificates
MFSA 2014-44 Use-after-free in imgLoader while resizing images
MFSA 2014-43 Cross-site scripting (XSS) using history navigations
MFSA 2014-42 Privilege escalation through Web Notification API
MFSA 2014-41 Out-of-bounds write in Cairo
MFSA 2014-39 Use-after-free in the Text Track Manager for HTML video
MFSA 2014-38 Buffer overflow when using non-XBL object as XBL
MFSA 2014-37 Out of bounds read while decoding JPG images
MFSA 2014-36 Web Audio memory corruption issues
MFSA 2014-34 Miscellaneous memory safety hazards (rv:29.0 / rv:24.5)
* Change enigmail build mechanism
Changelog:
2.25:
SeaMonkey-specific changes
Newsgroup names can now be entered using autocompletion.
See the changes page for a more complete overview.
Mozilla platform changes
The Gamepad API has been finalized and enabled (learn more).
VP9 video decoding has been implemented.
Support for Opus in WebM was added.
Volume control for HTML5 audio/video has been added.
Mac OS X Notification Center support has been added for web notifications.
Support for spdy/2 has been removed.
Support for multi-line flexbox in layout has been added.
Support for the MathML 2.0 mathvariant attribute has been added.
Background thread hang reporting has been added.
<input type=color> has been implemented and enabled.
Fixed several stability issues.
Fixed in SeaMonkey 2.25
MFSA 2014-32 Out-of-bounds write through TypedArrayObject after neutering
MFSA 2014-31 Out-of-bounds read/write through neutering ArrayBuffer objects
MFSA 2014-30 Use-after-free in TypeObject
MFSA 2014-29 Privilege escalation using WebIDL-implemented APIs
MFSA 2014-28 SVG filters information disclosure through feDisplacementMap
MFSA 2014-27 Memory corruption in Cairo during PDF font rendering
MFSA 2014-26 Information disclosure through polygon rendering in MathML
MFSA 2014-23 Content Security Policy for data: documents not preserved by session restore
MFSA 2014-22 WebGL content injection from one domain to rendering in another
MFSA 2014-20 onbeforeunload and Javascript navigation DOS
MFSA 2014-19 Spoofing attack on WebRTC permission prompt
MFSA 2014-18 crypto.generateCRMFRequest does not validate type of key
MFSA 2014-17 Out of bounds read during WAV file decoding
MFSA 2014-16 Files extracted during updates are not always read only
MFSA 2014-15 Miscellaneous memory safety hazards (rv:28.0 / rv:24.4)
2.24:
SeaMonkey-specific changes
The DoNotTrack and Prompt on Sanitize preferences are now kept in sync.
A pref (mailnews.p7m_external) has been added to allow users to choose an alternate application/pkcs7-mime handling.
Support for Atom Threading Extensions (RFC 4685) has been added.
Migrating profiles from Thunderbird supports the new signons file format now (support for the old format has been dropped).
Autocomplete drop-downs (e.g. used on the Location Bar and Open Location dialog) now show favicons for their entries.
The account name is now displayed in the status bar for all messages when checking mail.
IMAP alert messages now show the server of the corresponding mail account.
Newsgroup names are now searched for all search strings combined (AND-search) on the subscribe dialog.
See the changes page for a more complete overview.
Mozilla platform changes
Removed support for importing logins from the legacy signons.txt format, including the Base64 conversion (bug 717490).
Enabled support for TLS 1.2 (RFC 5246) by default (bug 861266).
Added support for the SPDY 3.1 protocol.
Added ability to reset style sheets using all:unset.
Added support for scrolled fieldsets (overflow property support, bug 261037).
Implemented allow-popups directive for iframe sandbox, enabling increased security (bug 766282).
Unprefixed CSS cursor keywords -moz-grab and -moz-grabbing (bug 880672).
Added support for ES6 generators in SpiderMonkey (blog post).
Implemented support for mathematical function Math.hypot() in ES6 (bug 896264).
Added dashed line support on Canvas (bug 768067).
Fixed Azure/Skia content rendering on Linux (bug 740200).
Fixed several stability issues.
Fixed in SeaMonkey 2.24
MFSA 2014-13 Inconsistent JavaScript handling of access to Window objects
MFSA 2014-12 NSS ticket handling issues
MFSA 2014-11 Crash when using web workers with asm.js
MFSA 2014-09 Cross-origin information leak through web workers
MFSA 2014-08 Use-after-free with imgRequestProxy and image proccessing
MFSA 2014-07 XSLT stylesheets treated as styles in Content Security Policy
MFSA 2014-05 Information disclosure with *FromPoint on iframes
MFSA 2014-04 Incorrect use of discarded images by RasterImage
MFSA 2014-03 UI selection timeout missing on download prompts
MFSA 2014-02 Clone protected content with XBL scopes
MFSA 2014-01 Miscellaneous memory safety hazards (rv:27.0 / rv:24.3)
Changelog:
SeaMonkey-specific changes
Download progress is now shown in the Mac OS X app dock icon.
EXIF orientation is now being used when displaying attached images in MailNews.
"This folder is being processed... to get messages." alerts on active MailNews folders now identify the account or folder.
MailNews notifications have a new look.
See the changes page for a more complete overview.
Mozilla platform changes
All plugins, with the exception of recent Flash plugins, now default to click-to-play.
The password manager now supports script-generated password fields.
Support for H.264 on Linux is now available if the appropriate GStreamer plugins are installed.
Support for MP3 decoding on Windows XP has been added, completing MP3 support across Windows OS versions.
The CSP implementation now supports multiple policies, including the case of both an enforced and Report-Only policy, per the spec.
There is no longer a prompt when websites use appcache.
Support for the CSS image orientation property has been added.
IndexedDB can now be used as an "optimistic" storage area so it does not require any prompts and data is stored in a pool with LRU eviction policy, in short temporary storage.
When displaying a standalone images, the EXIF orientation information contained within the JPEG image is now matched (bug 298619).
Page load times have been improved due to no longer decoding images that are not visible (bug 847223).
Support for the AudioToolbox MP3 backend has been added on Mac OS X (bug 914479).
Fixed several stability issues.
Fixed in SeaMonkey 2.23
MFSA 2013-117 Mis-issued ANSSI/DCSSI certificate
MFSA 2013-116 JPEG information leak
MFSA 2013-115 GetElementIC typed array stubs can be generated outside observed typesets
MFSA 2013-114 Use-after-free in synthetic mouse movement
MFSA 2013-113 Trust settings for built-in roots ignored during EV certificate validation
MFSA 2013-112 Linux clipboard information disclosure though selection paste
MFSA 2013-111 Segmentation violation when replacing ordered list elements
MFSA 2013-110 Potential overflow in JavaScript binary search algorithms
MFSA 2013-109 Use-after-free during Table Editing
MFSA 2013-108 Use-after-free in event listeners
MFSA 2013-107 Sandbox restrictions not applied to nested object elements
MFSA 2013-106 Character encoding cross-origin XSS attack
MFSA 2013-104 Miscellaneous memory safety hazards (rv:26.0 / rv:24.2)
* Add mozilla-chatzilla option for chatzilla (and some JavaScript
development tools, I cannot separate them.)
Changelog:
Fixed in SeaMonkey 2.22.1
MFSA 2013-103 Miscellaneous Network Security Services (NSS) vulnerabilities
* Add forgotten patch for NetBSD's cpuset(3), fix build
* Use __fstat50 etc instead of fstat on NetBSD. Based on martin@'s patch
for firefox 27.0.
Restore session is recovered on NetBSD/amd64.
Changelog:
SeaMonkey-specific changes
Sorting messages by date can now be configured to look at the thread root instead of the newest message in it (pref: mailnews.sort_threads_by_root).
Plugins doorhangers now allow to activate different plugin types independently.
The proxy popup is now also available from the MailNews main window.
A new Recipients column has been added that shows all recipients (To, CC, BCC).
The default HTML5 audio/video player controls allow to change the playback rate now.
A "Validate this page" entry has been added to Tools/Web Development.
The Firefox devtools debugger can now be used to debug SeaMonkey remotely.
See the changes page for a more complete overview.
Mozilla platform changes
Web Audio support has been added.
CSS3 background-attachment:local support to control background scrolling has been implemented.
Many new ES6 functions have been implemented.
iframe document content can now be specified inline.
Fixed several stability issues.
Fixed in SeaMonkey 2.22
MFSA 2013-102 Use-after-free in HTML document templates
MFSA 2013-101 Memory corruption in workers
MFSA 2013-100 Miscellaneous use-after-free issues found through ASAN fuzzing
MFSA 2013-98 Use-after-free when updating offline cache
MFSA 2013-97 Writing to cycle collected object during image decoding
MFSA 2013-96 Improperly initialized memory and overflows in some JavaScript functions
MFSA 2013-95 Access violation with XSLT and uninitialized data
MFSA 2013-94 Spoofing addressbar though SELECT element
MFSA 2013-93 Miscellaneous memory safety hazards (rv:25.0 / rv:24.1 / rv:17.0.10)
Changelog:
SeaMonkey-specific changes
Implemented an option to thread messages received by date.
Allowed deletion of news posts by default.
Implemented optional taskbar preview-per-tab.
Added support (permission prompt) for desktop notifications.
Added Isn't operator for searching by Priority.
See the changes page for a more complete overview.
Mozilla platform changes
Support for new scrollbar style on Mac OS X 10.7 and newer.
Accessibility related improvements on using pinned tabs (bug 577727).
Major SVG rendering improvements around Image tiling and scaling (bug 600207).
Removed support for sherlock files that are loaded from application or profile directory.
Support for W3C touch events disabled (bug 888304).
Fixed several stability issues.
Fixed in SeaMonkey 2.21
MFSA 2013-92 GC hazard with default compartments and frame chain restoration
MFSA 2013-91 User-defined properties on DOM proxies get the wrong "this" object
MFSA 2013-90 Memory corruption involving scrolling
MFSA 2013-89 Buffer overflow with multi-column, lists, and floats
MFSA 2013-88 compartment mismatch re-attaching XBL-backed nodes
MFSA 2013-85 Uninitialized data in IonMonkey
MFSA 2013-83 Mozilla Updater does not lock MAR file after signature verification
MFSA 2013-82 Calling scope for new Javascript objects can lead to memory corruption
MFSA 2013-81 Use-after-free with select element
MFSA 2013-80 NativeKey continues handling key messages after widget is destroyed
MFSA 2013-79 Use-after-free in Animation Manager during stylesheet cloning
MFSA 2013-78 Integer overflow in ANGLE library
MFSA 2013-77 Improper state in HTML5 Tree Builder with templates
MFSA 2013-76 Miscellaneous memory safety hazards (rv:24.0 / rv:17.0.9)
* Merge SunOS patches from www/firefox.
Changelog:
SeaMonkey-specific changes
The Content Security Policy (CSP) 1.0 parser has been enabled.
The Mixed Content Blocker has been enabled, blocking insecure active content loads on HTTPS pages.
New mail alert information can be customized now (Preferences/Mail & Newsgroups/Notifications).
A confirmation prompt has been introduced to protect against accidental permanent data loss when force-deleting messages using Shift+Del.
MailNews Save As Template supports multiple selections now.
The size on disk is now shown for newsgroup folders.
See the changes page for a more complete overview.
Mozilla platform changes
Added support for scrollbar style in Mac OS X 10.7 and newer.
Enabled mixed content blocking to protects users from man-in-the-middle attacks and eavesdroppers on HTTPS pages (learn more).
Improved about:memory's functional UI.
Enabled DXVA2 on Windows Vista+ to accelerate H.264 video decoding.
Simplified interface for notifications of plugin installation.
Enabled users to switch the search provider across the entire browser.
CSP policies using the standard syntax and semantics will now be enforced.
Implemented the HTML5 <input type="range"> form control.
Added unprefixed requestAnimationFrame.
Dropped blink effect from CSS rule text-decoration:blink and completely removed <blink> element.
Fixed several stability issues.
Fixed in SeaMonkey 2.20
MFSA 2013-75 Local Java applets may read contents of local file system
MFSA 2013-74 Firefox full and stub installer DLL hijacking
MFSA 2013-73 Same-origin bypass with web workers and XMLHttpRequest
MFSA 2013-72 Wrong principal used for validating URI for some Javascript components
MFSA 2013-71 Further Privilege escalation through Mozilla Updater
MFSA 2013-70 Bypass of XrayWrappers using XBL Scopes
MFSA 2013-69 CRMF requests allow for code execution and XSS attacks
MFSA 2013-68 Document URI misrepresentation and masquerading
MFSA 2013-67 Crash during WAV audio file decoding
MFSA 2013-66 Buffer overflow in Mozilla Maintenance Service and Mozilla Updater
MFSA 2013-65 Buffer underflow when generating CRMF requests
MFSA 2013-64 Use after free mutating DOM during SetBody
MFSA 2013-63 Miscellaneous memory safety hazards (rv:23.0 / rv:17.0.8)
* Update enigmail to 1.5.2.
Changelog:
SeaMonkey-specific changes
Mark -> As Read now checks the state of all selected messages instead of only the first one's.
Notifications for mixed content blocker have been implemented.
A new 3rd-party cookie restriction to visited websites option has been added to the Cookies pref pane.
The context menu Search option is now available for textareas and input fields.
Website storage mechanisms are now available in the Data Manager (localStorage, indexedDB, etc.).
"Open Containing Folder" is now already available during download.
See the changes page for minor changes.
Mozilla platform changes
asm.js optimizations (OdinMonkey) have been enabled for major performance improvements.
Improved WebGL rendering performance through asynchronous canvas updates.
Plain text files displayed within the browser will now word-wrap.
For user security, the Components object is no longer accessible from web content.
Improved memory usage and display time when rendering images.
The Pointer Lock API can now be used outside of fullscreen.
CSS3 Flexbox has been implemented and enabled by default.
The new Web Notifications API has been implemented.
Added clipboardData API for JavaScript access to a user's clipboard.
Support for new HTML5 <data> and <time> elements has been added.
Fixed several stability issues.
* Use common files for www/firefox.
SeaMonkey-specific changes
Basic Private Browsing support has been added (experimental for now).
Added support for safe browsing which blocks potentially malicious websites reported as attack sites (malware) or web forgeries (phishing).
Information like preview text, subject and sender can be shown in new mail notifications now.
See the changes page for minor changes.
Mozilla platform changes
CSS -moz-user-select:none selection has been changed to improve compatibility with -webkit-user-select:none (bug 816298).
Applied graphics-related performance improvements (bug 809821).
Removed E4X support from SpiderMonkey.
Added support for the <main> element.
Implemented scoped stylesheets.
Fixed some function keys not working when pressed (bug 833719).
Fixed several stability issues.
* I will check the build on NetBSD 5.2 later...
Changelog:
Continued performance improvements around common browser tasks (page loads, downloads, shutdown, etc.).
Continued implementation of draft ECMAScript 6 (clear() and Math.imul).
<canvas> now supports blend modes.
Various <audio> and <video> improvements have been implemented.
The Details button on the Crash Reporter has been fixed (bug 793972).
Fixed several stability issues.
Fixed in SeaMonkey 2.17
MFSA 2013-40 Out-of-bounds array read in CERT_DecodeCertPackage
MFSA 2013-39 Memory corruption while rendering grayscale PNG images
MFSA 2013-38 Cross-site scripting (XSS) using timed history navigations
MFSA 2013-37 Bypass of tab-modal dialog origin disclosure
MFSA 2013-36 Bypass of SOW protections allows cloning of protected nodes
MFSA 2013-35 WebGL crash with Mesa graphics driver on Linux
MFSA 2013-34 Privilege escalation through Mozilla Updater
MFSA 2013-31 Out-of-bounds write in Cairo library
MFSA 2013-30 Miscellaneous memory safety hazards (rv:20.0 / rv:17.0.5)
Fixed in SeaMonkey 2.16.1
MFSA 2013-29 Use-after-free in HTML Editor
* enigmail is broken
Changelog:
SeaMonkey-specific changes
Reply to List is now supported.
SSL-related warning prompts (leaving or entering a secure site, viewing mixed content) have been replaced by less intrusive, non-modal notification bars.
See the changes page for minor changes.
Mozilla platform changes
Image quality has been improved through a new HTML scaling algorithm.
Canvas elements can export their content as an image blob using canvas.toBlob() now.
CSS @page is now supported.
CSS viewport-percentage length units have been implemented (vh, vw, vmin and vmax).
CSS text-transform now supports full-width.
Fixed several stability issues.
Fixed in SeaMonkey 2.16
MFSA 2013-28 Use-after-free, out of bounds read, and buffer overflow issues found using Address Sanitizer
MFSA 2013-27 Phishing on HTTPS connection through malicious proxy
MFSA 2013-26 Use-after-free in nsImageLoadingContent
MFSA 2013-25 Privacy leak in JavaScript Workers
MFSA 2013-24 Web content bypass of COW and SOW security wrappers
MFSA 2013-23 Wrapped WebIDL objects can be wrapped again
MFSA 2013-22 Out-of-bounds read in image rendering
MFSA 2013-21 Miscellaneous memory safety hazards (rv:19.0 / rv:17.0.3)
* Remove or modify some patches that is obsolete or fixed in another way
like devel/xulrunner.
Changelog:
Fixes in 2.15.2
Applications could not be removed from the "Application details" dialog under Preferences, Helper Applications (bug 826771).
View / Message Body As could show menu items out of context (bug 831348).
Fixes in 2.15.1
Problems involving HTTP proxy transactions have been fixed (bug list).
The Unity player crashed on Mac OS X (bug 828954).
* Use Lightning in seamonkey tar ball, 2.0pre.
Changelog:
SeaMonkey-specific changes
SeaMonkey can be set as default client/browser on Mac and Linux now.
See the changes page for minor changes.
Mozilla platform changes
The new IonMonkey compiler improves JavaScript performance.
Preliminary support for WebRTC has been added.
Image quality has been improved through a new HTML scaling algorithm.
CSS3 Flexbox has been implemented.
Support for new DOM property window.devicePixelRatio has been added.
Support for @supports has been added (disabled for now).
Startup time has been improved through smart handling of signed extension certificates.
HTML5: Support for W3C touch events has been implemented, taking the place of MozTouch events
Insecure content loading has been disabled on HTTPS pages (see bug 62178).
Responsiveness for users on proxies has been improved.
Fixed several stability issues.
Fixed in SeaMonkey 2.15
MFSA 2013-20 Mis-issued TURKTRUST certificates
MFSA 2013-19 Use-after-free in Javascript Proxy objects
MFSA 2013-18 Use-after-free in Vibrate
MFSA 2013-17 Use-after-free in ListenerManager
MFSA 2013-16 Use-after-free in serializeToStream
MFSA 2013-15 Privilege escalation through plugin objects
MFSA 2013-14 Chrome Object Wrapper (COW) bypass through changing prototype
MFSA 2013-13 Memory corruption in XBL with XML bindings containing SVG
MFSA 2013-12 Buffer overflow in Javascript string concatenation
MFSA 2013-11 Address space layout leaked in XBL objects
MFSA 2013-10 Event manipulation in plugin handler to bypass same-origin policy
MFSA 2013-09 Compartment mismatch with quickstubs returned values
MFSA 2013-08 AutoWrapperChanger fails to keep objects alive during garbage collection
MFSA 2013-07 Crash due to handling of SSL on threads
MFSA 2013-06 Touch events are shared across iframes
MFSA 2013-05 Use-after-free when displaying table with many columns and column groups
MFSA 2013-04 URL spoofing in addressbar during page loads
MFSA 2013-03 Buffer Overflow in Canvas
MFSA 2013-02 Use-after-free and buffer overflow issues found using Address Sanitizer
MFSA 2013-01 Miscellaneous memory safety hazards (rv:18.0/ rv:10.0.12 / rv:17.0.2)
Changelog:
The Select Addresses dialog came up blank if opened from a Compose window with a single To/Cc/Bcc field filled in (bug 814770).
A change to the User Agent string has been reverted since it caused some website incompatibilities (bug 816749).
Information failed to show on the message header pane under certain circumstances (bug 803322).
The display quality of fonts could be perceived as bad when Cleartype was turned off on Windows (bug 814101).
The permissions database was not read completely if it included an invalid entry (bug 814554).
* Patches are synced with xulrunner-17.0, and regen patches
* Update Mozilla Lightning to 1.9
Changelog:
SeaMonkey-specific changes
None (see changes page for minor changes).
Mozilla platform changes
OS X 10.6 is now the minimum supported Mac version.
JavaScript Maps and Sets are now iterable.
SVG FillPaint and StrokePaint have been implemented.
The sandbox attribute has been implemented for iframes, enabling increased security.
Fixed several stability issues.
Security fixes
Fixed in SeaMonkey 2.14
MFSA 2012-106 Use-after-free, buffer overflow, and memory corruption issues found using Address Sanitizer
MFSA 2012-105 Use-after-free and buffer overflow issues found using Address Sanitizer
MFSA 2012-103 Frames can shadow top.location
MFSA 2012-101 Improper character decoding in HZ-GB-2312 charset
MFSA 2012-100 Improper security filtering for cross-origin wrappers
MFSA 2012-99 XrayWrappers exposes chrome-only properties when not in chrome compartment
MFSA 2012-97 XMLHttpRequest inherits incorrect principal within sandbox
MFSA 2012-96 Memory corruption in str_unescape
MFSA 2012-94 Crash when combining SVG text on path with CSS
MFSA 2012-93 evalInSanbox location context incorrectly applied
MFSA 2012-92 Buffer overflow while rendering GIF images
MFSA 2012-91 Miscellaneous memory safety hazards (rv:17.0/ rv:10.0.11)
