Patch the various recently reported security vulnerabilities in Mozilla.

This is being done instead of the update to 1.7.3 since the update breaks
all dependent ports, and that many changes is not a good thing to do during
a freeze.

This update covers the following Mozilla bugs:

245066
226669
250862
255067
256316
257317
258005

Thanks to nectar for scraping all of these patches together.

Obtained from:	Mozilla CVS
Approved by:	portmgr (implicit)

1 files changed, 22 insertions, 0 deletions

diff --git a/www/mozilla/files/patch-250862 b/www/mozilla/files/patch-250862
new file mode 100644
index 000000000000..05423dc84195
--- /dev/null
+++ b/www/mozilla/files/patch-250862
@@ -0,0 +1,22 @@
+Index: mozilla/xpfe/communicator/resources/content/contentAreaDD.js
+===================================================================
+RCS file: /cvsroot/mozilla/xpfe/communicator/resources/content/contentAreaDD.js,v
+retrieving revision 1.32
+retrieving revision 1.32.88.1
+diff -u -r1.32 -r1.32.88.1
+--- xpfe/communicator/resources/content/contentAreaDD.js	10 Jul 2002 01:23:50 -0000	1.32
++++ xpfe/communicator/resources/content/contentAreaDD.js	27 Aug 2004 01:13:39 -0000	1.32.88.1
+@@ -53,8 +53,11 @@
+     {
+       var url = transferUtils.retrieveURLFromData(aXferData.data, aXferData.flavour.contentType);
+ 
+-      // valid urls don't contain spaces ' '; if we have a space it isn't a valid url so bail out
+-      if (!url || !url.length || url.indexOf(" ", 0) != -1) 
++      // valid urls don't contain spaces ' '; if we have a space it
++      // isn't a valid url, or if it's a javascript: or data: url,
++      // bail out
++      if (!url || !url.length || url.indexOf(" ", 0) != -1 ||
++          /^\s*(javascript|data):/.test(url))
+         return;
+ 
+       switch (document.firstChild.getAttribute('windowtype')) {