Mozilla 1.7.3 is a security update to Mozilla 1.7 that fixes a several
security vulnerabilities.
#93 "Send page" heap overrun (258005)
#92 javascript clipboard access (257523)
#91 Privilege request confusion (253942)
#90 Buffer overflow when displaying VCard (257314)
#89 BMP integer overflow (255067)
#88 javascript: link dragging (250862)
#87 non-ascii hostname heap overrun (256316)
#86 Malicious POP3 server III (245066, 226669)
#85 Wrong file permissions after installing on Linux (231083, 235781)
#84 Wrong file permissions in linux archive (254303)
See the page bellow for detail
http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3
- lock icon and certificate spoof with onunload document.write
(Bugzilla#253121)
- Malicious certificates can permanently break HTTPS/SSL (Bugzilla#249004)
Support for Solaris x86 is not available due to lack of a precompiled
binary at this point of time.
The full list of changes can be found at:
http://www.mozilla.org/releases/mozilla1.7/README.html
Major browser changes since 1.6:
* A new option to prevent sites from using JavaScript to block the
browser's context menu.
* A new set of icons for files that are associated with Mozilla on
Windows.
* Password Manager has a "show passwords" mode which will display
saved passwords. You will need to enter your master password if
you are using one.
* The "Set As Wallpaper" feature now has a confirmation dialog.
* Linux GTK2 builds have improved support for OS themes.
* Cookie dialogs have been reworked to make them more usable.
* Date handling, especially on OS X, has been improved.
* It is now possible to fine-tune Mozilla's pop-up blocking using
two preferences (dom.popup_maximum and dom.popup_allowed_events)
but there's no UI for that yet. Even without a UI, users should
notice a greater variety of pop-ups blocked (primarily mouseover
pop-ups) and a limit of 20 or so open at one time - regardless of
whether pop-up blocking is active. This will provide some protection
from sites that open hundreds of windows in a loop.
* Downloaded files are now moved to the target directory as soon
as the user selects the desired location. This was the frequently
reported bug 55690.
* There is now user interface to activate Smooth Scrolling (Preferences
-> Appearance).
* Mozilla now supports basic FTP upload.
changes since 1.5:
* One of the most requested Mozilla Mail features, an option to
separate the Recipient and Sender columns in the thread pane, has been
implemented.
* Another frequently requested MailNews feature, a preference for
placing the user's signature above the quoted text, has been added.
* "Remove from server after x days" has been implemented for POP3 mail
accounts.
* vCard support has been added to Mozilla Mail.
* Mozilla 1.6 includes a new cross-platform NTLM authentication
mechanism. This feature brings NTLM authentication to the non-Windows
Mozilla users for the first time and also delivers more robust and
featureful NTLM support to users of older Windows versions.
* Ask Jeeves searching has been added to Mozilla 1.6.
* "Translate Page" functionality has returned to this release of Mozilla.
* The View Source window now has reload functionality.
* Several security-related bugs were fixed in 1.6
* Chatzilla 0.9.48 has been merged, which adds RPL_ISUPPORT support,
halfop mode support, and properly masks key and password dialogs.
* Many crash bugs have been fixed.
* One step closer to the kitchen sink, about:about has been
implemented. Typing about:about in the address field will give the
user a nice list of available about:s.
* The opacity implementation was completely revamped to properly
change the opacity of all descendants as a group.
* CSS inheritance has been updated to work per CSS2.1 (computed values
are inherited).
mozilla-bin/Makefile.common and mozilla-bin-nightly/Makefile.common.
the result is much less duplication and more consistent installations.
tested on NetBSD-current only (for now).
New Features and Fixes
* Mozilla now includes a spellchecker for MailNews and Composer.
* Additional MailNews improvements include:
o Users can add header lines to *every* message sent out via a
certain identity.
o A common application hang with SSL-encrypted SMTP
connections has been fixed.
o Printing of the attachments list is now supported.
o Users can now mark message as read by date.
* Many great improvements to Mozilla Composer including:
o Better resizing for images, tables, and absolutely
positioned objects.
o Support for absolutely positioned objects, movable on the
canvas using the mouse.
o Support for z-index management.
o "Snap to grid" when moving an absolutely positioned object.
o Source View now uses an editor instead of a simple textarea
(allows find and replace).
o Numerous fixes in caret management, inline styles handling,
and CSS styles handling.
* Improvements to tabbed browsing, including:
o Tabs are now replaced when a bookmark group is loaded. This
can be changed to the old "append" behavior in the Tabbed
browsing preferences.
o Back and Forward navigation for tabbed browsing and bookmark
groups has been improved. Users can now use the back button
after loading a bookmark group to restore the previous set of tabs.
o Closing a window with multiple tabs now prompts the user
with a confirmation dialog (which can be disabled for future
close operations).
* ChatZilla, Mozilla's internet relay chat (IRC) client, has had a
major overhaul bringing logging and many additional improvements.
* DOM Inspector can now display the #document node (the document root).
* It is now possible to jump from the JavaScript console to the
relevant line in the View Source Window.
* Mozilla's view source now displays line and column numbers in the
status bar.
* A quicksearch filter has been implemented for about:config.
* Gecko now supports setting color for <HR>.
* The '::' notation for CSS pseudo-elements is now supported. The old
':' notation is still supported only for pseudo-elements in CSS2
(:first-line, :first-letter, :before, :after) and the various
:-moz-tree-* pseudo-elements.
* Unstyled XML display has been improved.
* Some Windows GDI problems in Mozilla have been resolved.
* A common problem collapsing the URL bar popup on Windows has been fixed.
* Mozilla has improved performance, stability, standards support and
Web compatibility.
New Features and Fixes
- Mozilla's bookmarks have been overhauled. Bookmarks now include a
root level folder, the ability to have two differently named bookmarks
pointing at the same location, site icons in the Bookmark Manager and
Bookmarks Sidebar, and separators now have support for labels.
- Composer now supports click and drag dynamic image and table
resizing. If an image is selected or if the caret is placed inside a
table, eight resizing handles appear and allow to resize the
image/table with a simple click/drag/release. In the case of an image,
the resizing is done real-time and a semi-opaque shadow of the image
at its target size is shown during resizing. A tooltip shows in
real-time the target size in pixels, and the relative change in pixels
too.
- Mail now has junk-mail context menu items, a "delete junk mail" menu
item and many other usability improvements for junk-mail controls.
- Pop-up blocking has been streamlined to improve usability.
- Users can now specify "blank page," "home page," or "Last page
visited" for each of first window, new window and new tab.
- Users can now specify default font, size and color for HTML mail compose.
- Image blocking/disabling is now more flexible and users can "view
image" to see blocked or not loaded images.
- Proxy auto-config (PAC) failover has been implemented
- Mozilla 1.4 contains thousands of additional bugfixes, including
changes to improve performance, stability, web site compatability,
standards support, and usability.
Note that this package is not available for Solaris 7, as the
there is not yet any build for Solaris < 8.
