* Use Lightning in seamonkey tar ball, 2.0pre.
Changelog:
SeaMonkey-specific changes
SeaMonkey can be set as default client/browser on Mac and Linux now.
See the changes page for minor changes.
Mozilla platform changes
The new IonMonkey compiler improves JavaScript performance.
Preliminary support for WebRTC has been added.
Image quality has been improved through a new HTML scaling algorithm.
CSS3 Flexbox has been implemented.
Support for new DOM property window.devicePixelRatio has been added.
Support for @supports has been added (disabled for now).
Startup time has been improved through smart handling of signed extension certificates.
HTML5: Support for W3C touch events has been implemented, taking the place of MozTouch events
Insecure content loading has been disabled on HTTPS pages (see bug 62178).
Responsiveness for users on proxies has been improved.
Fixed several stability issues.
Fixed in SeaMonkey 2.15
MFSA 2013-20 Mis-issued TURKTRUST certificates
MFSA 2013-19 Use-after-free in Javascript Proxy objects
MFSA 2013-18 Use-after-free in Vibrate
MFSA 2013-17 Use-after-free in ListenerManager
MFSA 2013-16 Use-after-free in serializeToStream
MFSA 2013-15 Privilege escalation through plugin objects
MFSA 2013-14 Chrome Object Wrapper (COW) bypass through changing prototype
MFSA 2013-13 Memory corruption in XBL with XML bindings containing SVG
MFSA 2013-12 Buffer overflow in Javascript string concatenation
MFSA 2013-11 Address space layout leaked in XBL objects
MFSA 2013-10 Event manipulation in plugin handler to bypass same-origin policy
MFSA 2013-09 Compartment mismatch with quickstubs returned values
MFSA 2013-08 AutoWrapperChanger fails to keep objects alive during garbage collection
MFSA 2013-07 Crash due to handling of SSL on threads
MFSA 2013-06 Touch events are shared across iframes
MFSA 2013-05 Use-after-free when displaying table with many columns and column groups
MFSA 2013-04 URL spoofing in addressbar during page loads
MFSA 2013-03 Buffer Overflow in Canvas
MFSA 2013-02 Use-after-free and buffer overflow issues found using Address Sanitizer
MFSA 2013-01 Miscellaneous memory safety hazards (rv:18.0/ rv:10.0.12 / rv:17.0.2)
Changelog:
The Select Addresses dialog came up blank if opened from a Compose window with a single To/Cc/Bcc field filled in (bug 814770).
A change to the User Agent string has been reverted since it caused some website incompatibilities (bug 816749).
Information failed to show on the message header pane under certain circumstances (bug 803322).
The display quality of fonts could be perceived as bad when Cleartype was turned off on Windows (bug 814101).
The permissions database was not read completely if it included an invalid entry (bug 814554).
* Patches are synced with xulrunner-17.0, and regen patches
* Update Mozilla Lightning to 1.9
Changelog:
SeaMonkey-specific changes
None (see changes page for minor changes).
Mozilla platform changes
OS X 10.6 is now the minimum supported Mac version.
JavaScript Maps and Sets are now iterable.
SVG FillPaint and StrokePaint have been implemented.
The sandbox attribute has been implemented for iframes, enabling increased security.
Fixed several stability issues.
Security fixes
Fixed in SeaMonkey 2.14
MFSA 2012-106 Use-after-free, buffer overflow, and memory corruption issues found using Address Sanitizer
MFSA 2012-105 Use-after-free and buffer overflow issues found using Address Sanitizer
MFSA 2012-103 Frames can shadow top.location
MFSA 2012-101 Improper character decoding in HZ-GB-2312 charset
MFSA 2012-100 Improper security filtering for cross-origin wrappers
MFSA 2012-99 XrayWrappers exposes chrome-only properties when not in chrome compartment
MFSA 2012-97 XMLHttpRequest inherits incorrect principal within sandbox
MFSA 2012-96 Memory corruption in str_unescape
MFSA 2012-94 Crash when combining SVG text on path with CSS
MFSA 2012-93 evalInSanbox location context incorrectly applied
MFSA 2012-92 Buffer overflow while rendering GIF images
MFSA 2012-91 Miscellaneous memory safety hazards (rv:17.0/ rv:10.0.11)
* Update enigmail to 1.4.5
* Update Mozilla Lightning to 1.8
Changelog:
SeaMonkey-specific changes
None.
Mozilla platform changes
JavaScript responsiveness has been improved through incremental garbage collection.
CSS3 Animations, Transitions, Transforms and Gradients have been unprefixed.
MD5 is no longer supported as a hash algorithm in digital signatures.
The Opus codec is now support by default.
The reverse CSS3 animation direction has been implemented.
Per tab reporting is now available in about:memory.
Fixed several stability issues.
* Update Mozilla Lightning to 1.7
* Update Enigmail to 1.4.4 (functionality is not tested yet; should
be updated)
* Regen patches
Changelog:
SeaMonkey-specific changes
None.
Mozilla platform changes
Added support for SPDY networking protocol v3.
Implemented WebGL enhancements, including compressed textures for better performance.
Optimized memory usage for add-ons.
Implemented the CSS word-break property.
Implemented high precision event timer.
HTML5: Added native support for the Opus audio codec.
HTML5: Added support for the source element media attribute.
HTML5: Added support for the audio element and video element played attribute.
Fixed several stability issues.
Fixed in SeaMonkey 2.12
MFSA 2012-70 Location object security checks bypassed by chrome code
MFSA 2012-69 Incorrect site SSL certificate data display
MFSA 2012-68 DOMParser loads linked resources in extensions when parsing text/html
MFSA 2012-65 Out-of-bounds read in format-number in XSLT
MFSA 2012-64 Graphite 2 memory corruption
MFSA 2012-63 SVG buffer overflow and use-after-free issues
MFSA 2012-62 WebGL use-after-free and memory corruption
MFSA 2012-61 Memory corruption with bitmap format images with negative height
MFSA 2012-59 Location object can be shadowed using Object.defineProperty
MFSA 2012-58 Use-after-free issues found using Address Sanitizer
MFSA 2012-57 Miscellaneous memory safety hazards (rv:15.0/ rv:10.0.7)
* Use Lightning 1.6 release
* Enigmail is not tested fully
Changelog: from http://www.seamonkey-project.org/releases/seamonkey2.11/
SeaMonkey-specific changes
A click-to-play option (off by default for now) has been implemented for plugins.
Mozilla platform changes
The Pointer Lock API has been implemented.
A new API to prevent your display from sleeping is available.
New text-transform and font-variant CSS improvements have been made for Turkic languages and Greek.
Fixed several stability issues.
Changelog: from http://www.seamonkey-project.org/releases/seamonkey2.10/
SeaMonkey-specific changes
The domain name is highlighted in the location bar by default now, configurable in Preferences.
The amount of tabs to be restored concurrently can be configured in Preferences now.
News username and password auth dialogs have been combined and show for which server the prompt is now.
Mozilla platform changes
The new minimum supported Windows version is now XP SP2, Windows 2000 support has been dropped.
The SPDY protocol now enabled by default for faster browsing on supported sites
The column-fill CSS property has been implemented.
Experimental support for ECMAScript 6 Map and Set objects has been implemented.
Support for the CSS3 background-position property extended syntax has been added.
The :invalid pseudo-class can now be applied to the <form> element.
The CSS turn <angle> unit is now supported.
Fixed several stability issues.
* Remove unused option.
* Restore jemalloc option.
Changelog:
* The File and Move Bookmarks dialogs are resizable now.
* HTML5 videos that do not start automatically show a large play button now.
* Add-ons Sync can now be configured without the Add-ons Sync Prefs add-on.
* Pasting a URL from the clipboard into the Download Manager window will
download it.
* Plugins can be disabled for the whole suite now in addition to
Mail & Newsgroups only.
* View Source now has line numbers.
* Line breaks are now supported in the title attribute.
* Find in Page search results are scrolled into view now.
* The column-fill CSS property has been implemented.
* Support for the text-align-last CSS property has been added.
* Experimental support for ECMAScript 6 Map and Set objects has been
implemented.
* Fixed several stability issues.
These patches enable optimizations that allow video play w/o stuttering.
Other i386 and x86_64 platforms need the same optimizations, so this is
only a partial fix of the PR.
Based on the mozilla-5.0 branch.
SeaMonkey 2.2 contains the following major changes relative to SeaMonkey 2.1:
Windows: Bundled extensions/add-ons are no longer optional in SeaMonkey's
installer.
Archive options can now be changed from the Copies & Folders Account Settings pane.
Mozilla platform changes
CSS Animations are now supported.
Improved canvas, JavaScript, memory, and networking performance.
Improved standards support for HTML5, XHR, MathML, SMIL, and canvas.
Improved spell checking for some locales.
WebGL content can no longer load cross-domain textures.
Background tabs have setTimeout and setInterval clamped to 1000ms to improve
performance.
MFSA 2011-10 CSRF risk with plugins and 307 redirects
MFSA 2011-08 ParanoidFragmentSink allows javascript: URLs in chrome documents
MFSA 2011-07 Memory corruption during text run construction (Windows)
MFSA 2011-06 Use-after-free error using Web Workers
MFSA 2011-05 Buffer overflow in JavaScript atom map
MFSA 2011-04 Buffer overflow in JavaScript upvarMap
MFSA 2011-03 Use-after-free error in JSON.stringify
MFSA 2011-02 Recursive eval call causes confirm dialogs to evaluate to true
MFSA 2011-01 Miscellaneous memory safety hazards (rv:1.9.2.14/ 1.9.1.17)
MFSA 2010-84 XSS hazard in multiple character encodings
MFSA 2010-83 Location bar SSL spoofing using network error page
MFSA 2010-82 Incomplete fix for CVE-2010-0179
MFSA 2010-81 Integer overflow vulnerability in NewIdArray
MFSA 2010-80 Use-after-free error with nsDOMAttribute MutationObserver
MFSA 2010-79 Java security bypass from LiveConnect loaded via data: URL meta
refresh
MFSA 2010-78 Add support for OTS font sanitizer
MFSA 2010-77 Crash and remote code execution using HTML tags inside a XUL tree
MFSA 2010-76 Chrome privilege escalation with window.open and <isindex> element
MFSA 2010-75 Buffer overflow while line breaking after document.write with
long string
MFSA 2010-74 Miscellaneous memory safety hazards (rv:1.9.2.13/ 1.9.1.16)
Also:
Fixes for a number of non-security-relevant crashes, increasing the
stability of the whole platform and the Mail & Newsgroups part of SeaMonkey
* Message-ID searches on Google Groups work again
* Add-ons preferences button for Lightning should work now
* Security fixes:
MFSA 2010-63 Information leak via XMLHttpRequest statusText
MFSA 2010-62 Copy-and-paste or drag-and-drop into designMode document allows XSS
MFSA 2010-61 UTF-7 XSS by overriding document charset using <object> type
attribute
MFSA 2010-60 XSS using SJOW scripted function
MFSA 2010-58 Crash on Mac using fuzzed font in data: URL
MFSA 2010-57 Crash and remote code execution in normalizeDocument
MFSA 2010-56 Dangling pointer vulnerability in nsTreeContentView
MFSA 2010-55 XUL tree removal crash and remote code execution
MFSA 2010-54 Dangling pointer vulnerability in nsTreeSelection
MFSA 2010-53 Heap buffer overflow in nsTextFrameUtils::TransformText
MFSA 2010-52 Windows XP DLL loading vulnerability
MFSA 2010-51 Dangling pointer vulnerability using DOM plugin array
MFSA 2010-50 Frameset integer overflow vulnerability
MFSA 2010-49 Miscellaneous memory safety hazards (rv:1.9.2.9/ 1.9.1.12)
MFSA 2010-33 User tracking across sites using Math.random()
MFSA 2010-32 Content-Disposition: attachment ignored
if Content-Type: multipart also present
MFSA 2010-31 focus() behavior can be used to inject or steal keystrokes
MFSA 2010-30 Integer Overflow in XSLT Node Sorting
MFSA 2010-29 Heap buffer overflow in nsGenericDOMDataNode::SetTextInternal
MFSA 2010-28 Freed object reuse across plugin instances
MFSA 2010-27 Use-after-free error in nsCycleCollector::MarkRoots()
MFSA 2010-26 Crashes with evidence of memory corruption
MFSA 2010-25 Re-use of freed object due to scope confusion
* Security fixes (MFSA 2010-16 through MFSA 2010-24)
* Fixes for a number of non-security-relevant crashes, increasing the
stability of the whole platform and the Mail & Newsgroups part of SeaMonkey
* ChatZilla localization packs work again (Bug 540842)
* FTP file upload was fixed (Bug 467524)
* The internal help content was updated some more
