From 9117080c8cad1c52d48353ffa32ca6aef1e4d28a Mon Sep 17 00:00:00 2001 From: Joe Marcus Clarke Date: Tue, 28 Sep 2004 03:24:41 +0000 Subject: Patch the various recently reported security vulnerabilities in Mozilla. This is being done instead of the update to 1.0 PR 1 since we're in a ports freeze, and too many big changes is not a good idea. This update covers the following Mozilla bugs: 250862 255067 256316 Thanks to nectar for scraping all of these patches together. Obtained from: Mozilla CVS Approved by: portmgr (implicit) --- www/firefox/files/patch-250862 | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 www/firefox/files/patch-250862 (limited to 'www/firefox/files/patch-250862') diff --git a/www/firefox/files/patch-250862 b/www/firefox/files/patch-250862 new file mode 100644 index 000000000000..05423dc84195 --- /dev/null +++ b/www/firefox/files/patch-250862 @@ -0,0 +1,22 @@ +Index: mozilla/xpfe/communicator/resources/content/contentAreaDD.js +=================================================================== +RCS file: /cvsroot/mozilla/xpfe/communicator/resources/content/contentAreaDD.js,v +retrieving revision 1.32 +retrieving revision 1.32.88.1 +diff -u -r1.32 -r1.32.88.1 +--- xpfe/communicator/resources/content/contentAreaDD.js 10 Jul 2002 01:23:50 -0000 1.32 ++++ xpfe/communicator/resources/content/contentAreaDD.js 27 Aug 2004 01:13:39 -0000 1.32.88.1 +@@ -53,8 +53,11 @@ + { + var url = transferUtils.retrieveURLFromData(aXferData.data, aXferData.flavour.contentType); + +- // valid urls don't contain spaces ' '; if we have a space it isn't a valid url so bail out +- if (!url || !url.length || url.indexOf(" ", 0) != -1) ++ // valid urls don't contain spaces ' '; if we have a space it ++ // isn't a valid url, or if it's a javascript: or data: url, ++ // bail out ++ if (!url || !url.length || url.indexOf(" ", 0) != -1 || ++ /^\s*(javascript|data):/.test(url)) + return; + + switch (document.firstChild.getAttribute('windowtype')) { -- cgit v1.2.3