Mozilla 1.7.3 is a security update to Mozilla 1.7 that fixes a several
security vulnerabilities.
#93 "Send page" heap overrun (258005)
#92 javascript clipboard access (257523)
#91 Privilege request confusion (253942)
#90 Buffer overflow when displaying VCard (257314)
#89 BMP integer overflow (255067)
#88 javascript: link dragging (250862)
#87 non-ascii hostname heap overrun (256316)
#86 Malicious POP3 server III (245066, 226669)
#85 Wrong file permissions after installing on Linux (231083, 235781)
#84 Wrong file permissions in linux archive (254303)
See the page bellow for detail
http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3
It has (probably long since) been replaced by configuration checks
in mozilla's configure script. The resulting source still compiles
and works on netbsd-1-5 / i386.
gcc version 3+.
. generally reduce diffs to Linux version
. retain compatibility with older ABI (AIX-like) thanks to useful comments
from Charles Hannum
Thanks to Matthew Green for the fruitful discussion. This should address
PR#23240 as far as mozilla is concerned.
New features and fixes
Browser
* A new option to prevent sites from using JavaScript to block the
browser's context menu.
* Password Manager has a "show passwords" mode which will display
saved passwords. You will need to enter your master password if
you are using one.
* The "Set As Wallpaper" feature now has a confirmation dialog.
* Linux GTK2 builds have improved support for OS themes.
* Cookie dialogs have been reworked to make them more usable.
* Date handling, especially on OS X, has been improved.
* It is now possible to fine-tune Mozilla's pop-up blocking using
two preferences (dom.popup_maximum and dom.popup_allowed_events)
but there's no UI for that yet. Even without a UI, users should
notice a greater variety of pop-ups blocked (primarily mouseover
pop-ups) and a limit of 20 or so open at one time - regardless
of whether pop-up blocking is active. This will provide some
protection from sites that open hundreds of windows in a loop.
* Downloaded files are now moved to the target directory as soon
as the user selects the desired location. This was the
frequently reported bug 55690.
* There is now user interface to activate Smooth Scrolling
(Preferences -> Appearance).
* Mozilla now supports basic FTP upload.
Mail
* Many improvements to Palm Sync.
* IMAP IDLE support has been added.
* Support for "MSN Authentication" and Secure Password
* Authentication using SSPI NTLM auth for SMTP and POP3.
* A new preference to "always use the default character encoding
for replies" rather than using the encoding of the message being
replied to.
* Improvements to performance of downloading, viewing, and saving
mail messages.
* Support for multiple identities on the same mail account. See
the Multiple Identity Support documentation for more details.
* Support for relative paths for mail folders in prefs.js. This
makes it easier to copy profiles around without having to fix up
prefs.js afterwards.
* You can now edit address lists containing "Last, First" style
names.
* When composing mail, you can now use the up and down arrow keys
to scroll through the To/Cc/Bcc list.
* All Mozilla LDAP queries now default to using LDAPv3
(previously, they used LDAPv2). Mozilla should gracefully fall
back to v2 if v3 isn't found.
Chatzilla
* Chatzilla now supports zooming of fonts with keyboard shortcuts
(Ctrl + and Ctrl -), as well as with the View menu.
* Improved date handling; using the date/time format for the
locale.
* Support for the /ignore command.
* The ability to change the font family and size.
* Working custom sounds on Windows and Linux.
* Improvements to the preferences panel and the user interface for
half-op mode.
Under the Hood
* Size and performance have improved dramatically with this
release. When compared to Mozilla 1.6, Mozilla 1.7 is 7% faster at
startup, is 8% faster to open a window, has 9% faster page
loading, and is 5% smaller in binary size.
* A long-standing bug with CSS backgrounds on table elements has
been fixed (standards mode only).
* Support for Kerberos HTTP authentication using GSSAPI (benefits
Unix-like platforms including Linux and OS X).
* Support for smb:// URLs using the gnome-vfs library (only
enabled in GTK2+XFT Linux builds).
* Support for server push of XML documents using
multipart/x-mixed-replace and XMLHttpRequest.
* Liveconnect now works when a Java applet's codebase is in a
different domain.
* Support for the CSS3 opacity property.
* Mozilla adds support for the onbeforeunload event. This lets web
application developers add code that alerts the user about
potential data-loss when closing a web application, or when
leaving a HTML page with potentially sensitive information.
* This release has a new SVG backend. The feature is not yet
enabled in the mozilla.org releases but developers may wish to
compile with this feature enabled.
* Mozilla handles dynamic style changes much better (see bug 15608
for details.)
* Mozilla has upgraded the NSS libraries to version 3.9. NSS 3.9
passes all the NISCC SSL/TLS and S/MIME tests (1.6 million test
cases of invalid input data) without crashes or memory leaks.
- New features and Fixes from release notes:
* One of the most requested Mozilla Mail features, an option to
separate the Recipient and Sender columns in the thread pane, has been
implemented.
* Another frequently requested MailNews feature, a preference for
placing the user's signature above the quoted text, has been added.
* "Remove from server after x days" has been implemented for POP3 mail
accounts.
* vCard support has been added to Mozilla Mail.
* Mozilla 1.6 includes a new cross-platform NTLM authentication
mechanism. This feature brings NTLM authentication to the non-Windows
Mozilla users for the first time and also delivers more robust and
featureful NTLM support to users of older Windows versions.
* Ask Jeeves searching has been added to Mozilla 1.6.
* "Translate Page" functionality has returned to this release of Mozilla.
* The View Source window now has reload functionality.
* Several security-related bugs were fixed in 1.6
* Chatzilla 0.9.48 has been merged, which adds RPL_ISUPPORT support,
halfop mode support, and properly masks key and password dialogs.
* Many crash bugs have been fixed.
* One step closer to the kitchen sink, about:about has been
implemented. Typing about:about in the address field will give the
user a nice list of available about:s.
* The opacity implementation was completely revamped to properly
change the opacity of all descendants as a group.
* CSS inheritance has been updated to work per CSS2.1 (computed values
are inherited).
- pkgsrc specific changes
* add option to build with gtk2 (not completed yet)(from Jeremy C. Reed)
* make mathml optional (for MozillaThunderbird)
New Features and Fixes
* Mozilla now includes a spellchecker for MailNews and Composer.
* Additional MailNews improvements include:
o Users can add header lines to *every* message sent out via a
certain identity.
o A common application hang with SSL-encrypted SMTP
connections has been fixed.
o Printing of the attachments list is now supported.
o Users can now mark message as read by date.
* Many great improvements to Mozilla Composer including:
o Better resizing for images, tables, and absolutely
positioned objects.
o Support for absolutely positioned objects, movable on the
canvas using the mouse.
o Support for z-index management.
o "Snap to grid" when moving an absolutely positioned object.
o Source View now uses an editor instead of a simple textarea
(allows find and replace).
o Numerous fixes in caret management, inline styles handling,
and CSS styles handling.
* Improvements to tabbed browsing, including:
o Tabs are now replaced when a bookmark group is loaded. This
can be changed to the old "append" behavior in the Tabbed
browsing preferences.
o Back and Forward navigation for tabbed browsing and bookmark
groups has been improved. Users can now use the back button
after loading a bookmark group to restore the previous set of tabs.
o Closing a window with multiple tabs now prompts the user
with a confirmation dialog (which can be disabled for future
close operations).
* ChatZilla, Mozilla's internet relay chat (IRC) client, has had a
major overhaul bringing logging and many additional improvements.
* DOM Inspector can now display the #document node (the document root).
* It is now possible to jump from the JavaScript console to the
relevant line in the View Source Window.
* Mozilla's view source now displays line and column numbers in the
status bar.
* A quicksearch filter has been implemented for about:config.
* Gecko now supports setting color for <HR>.
* The '::' notation for CSS pseudo-elements is now supported. The old
':' notation is still supported only for pseudo-elements in CSS2
(:first-line, :first-letter, :before, :after) and the various
:-moz-tree-* pseudo-elements.
* Unstyled XML display has been improved.
* Some Windows GDI problems in Mozilla have been resolved.
* A common problem collapsing the URL bar popup on Windows has been fixed.
* Mozilla has improved performance, stability, standards support and
Web compatibility.
New Features and Fixes
- Mozilla's bookmarks have been overhauled. Bookmarks now include a
root level folder, the ability to have two differently named bookmarks
pointing at the same location, site icons in the Bookmark Manager and
Bookmarks Sidebar, and separators now have support for labels.
- Composer now supports click and drag dynamic image and table
resizing. If an image is selected or if the caret is placed inside a
table, eight resizing handles appear and allow to resize the
image/table with a simple click/drag/release. In the case of an image,
the resizing is done real-time and a semi-opaque shadow of the image
at its target size is shown during resizing. A tooltip shows in
real-time the target size in pixels, and the relative change in pixels
too.
- Mail now has junk-mail context menu items, a "delete junk mail" menu
item and many other usability improvements for junk-mail controls.
- Pop-up blocking has been streamlined to improve usability.
- Users can now specify "blank page," "home page," or "Last page
visited" for each of first window, new window and new tab.
- Users can now specify default font, size and color for HTML mail compose.
- Image blocking/disabling is now more flexible and users can "view
image" to see blocked or not loaded images.
- Proxy auto-config (PAC) failover has been implemented
- Mozilla 1.4 contains thousands of additional bugfixes, including
changes to improve performance, stability, web site compatability,
standards support, and usability.
And change PREFIX from /usr/X11R6 to /usr/pkg.
what's new from release notes
* Mozilla Mail has junk-mail classification. With some initial
"training" the client can identify and segregate spam messages from
good messages. To see more about Mozilla's junk-mail classification,
visit the Mozilla Spam Filtering page.
* Newsgroup filters have been implemented.
* An initial implementation of rich text editing controls has landed
in Mozilla for 1.3.1. See the rich text editing page for more
information.
* Image auto sizing allows a user to toggle between full-sized images
and images sized to fit the browser window. To give it a try, load a
large image into the browser window or size the window to be much
smaller. Now clicking on the image will alternate between auto-sized
and full-sized. The feature can be disabled (or enabled) from the
Appearance panel in Preferences.
* Users can now "dynamically" switch profiles. To give it a try, from
the tools menu select "Switch Profile..."
* Find as you type, formerly known as type ahead find, has a new
preferences panel (Advanced: Keyboard Navigation).
* When installed, Chatzilla now has a normal Mozilla preferences panel.
* Mozilla 1.3.1 also includes fixes for performance, standards
compliance and site compatibility.
* Mozilla has a new splash screen. We already know. Please don't
report this to Bugzilla. Thanks.
linker seemingly does not pass the rpath down from binaries to shared
libs, resulting in libs not being able to find other libs they require.
patch from taya@, tested on FreeBSD 5.0.
What's new from release notes
* Mozilla Mail has junk-mail classification. With some initial
"training" the client can identify and segregate spam messages from
good messages. To see more about Mozilla's junk-mail classification,
visit the Mozilla Spam Filtering page.
* Newsgroup filters have been implemented.
* An initial implementation of Mozilla Midas, rich text editing
controls, has landed in Mozilla for 1.3. See the Midas page for more
information.
* Image auto sizing allows a user to toggle between full-sized images
and images sized to fit the browser window. To give it a try, load a
large image into the browser window or size the window to be much
smaller. Now clicking on the image will alternate between auto-sized
and full-sized. The feature can be disabled (or enabled) from the
Appearance panel in Preferences.
* Users can now "dynamically" switch profiles. To give it a try, from
the tools menu select "Switch Profile..."
* Find as you type, formerly known as type ahead find, has a new
preferences panel (Advanced: Keyboard Navigation).
* When installed, Chatzilla now has a normal Mozilla preferences panel.
* Mozilla 1.3 also includes fixes for performance, standards
compliance and site compatibility.
* Mozilla has a new splash screen. We already know. Please don't
report this to Bugzilla. Thanks
What's new from Release notes:
(See release notes for detail - http://www.mozilla.org/releases/mozilla1.2.1/)
Browser
* Type Ahead Find is a new feature that allows quick navigation when you type
a succession of characters in the browser, matching the text in one or more
links on the page.
* Building on Mozilla's customizability, you can now show toolbars as
text/icons/both (in the default Classic theme). We also have a few other
usability improvements like image selection visualization (image highlights
with system selection color when selected) and the removal of the confusing
toolbar grippies.
* Improvements to native look and feel in both the browser interface and
the browser content area. We now support most native GTK themes in Mozilla
which means that your Mozilla toolbars and other widgets will pick up
the GTK theme look and feel. We also support native look and feel for web
content like form controls under windowsXP.
* Making tabbed browsing even more useful, you can launch the browser with
a group of bookmarks as your start page. This loads several pages into tabs
at startup.
* Keyboard access is greatly improved including additional accesskeys for
menus, other ui elements and page elements.
* We have a new features that utilizes browser idle time to download
or prefetch documents that the user might visit in the near future.
* XML prettyprinting, similar to IEs default-view for XML is now available
in Mozilla.
Mail
* Mozilla Mail has a new "filter after the fact" capability so users can
create a filter and then run that filter on already downloaded mail.
Filter logging has also been implemented which allows power users to see
a log of all of the filter actions.
* In mail you can now select and copy text from message headers and you can
now drag and drop from the message search results window.
* Improved application and layout performance
* Improved stability
* Improved Web site compatibility
* Improved CSS, DOM and HTML standards support
* Distinct window icons for the different Mozilla applications (artwork contributed by Grayrest).
* Mozilla can now trigger MS DUN when started without a connection.
* Fullscreen mode for Mozilla on Linux (press F11).
* Browser tabs now close left to right (they used to close right to left).
* The tab bar now has a button for creating new tabs.
* All Search entry points now use your default search engine.
* Download Manager has been enabled as the default download view (with many improvements)
* Autocomplete in the location bar has more intelligent completion.
* The Linux File Picker has improved filtering and a new directory button.
* File extensions more accurately handled in downloads and we save the correct files when saving complete Web pages
* Drag and drop support has been greatly improved.
* View selection source: Context clicking on a selection now lets you view the HTML source for the selected area.
* Page info displays more page info with improved General and Media tab content.
* New button in prefs for making Mozilla the system default browser on MS Windows
* MathML is now enabled for Mozilla on Macintosh (it was already available on Windows and Linux).
* Mozilla now takes advantage of Quartz rendering for users of Mac OS X 10.1.5
* Better Bi-Di Arabic and Hebrew support including improved layout of Arabic pages on Linux and other platforms without their own Arabic shaping support.
* We have new layout performance enhancements targeted at DHTML.
* Mozilla now has support for the display of XBM images.
* Image and plug-in blocking for Mail & News
* Mozilla allows you to view HTML mail messages as plain text.
* You can now quote the current message in a Mail compose window with Quote Original under the options menu.
* The JavaScript Debugger has gone through a major development cycle. It now sports a palette of nine views which can be rearranged within the main window or docked in separate floating windows. It is also possible to create user-defined views and commands directly with JavaScript. More details are available in the FAQ, newsgroup, or IRC channel.
* Chatzilla has improved tab completion and can now join channels with Japanese names.
