Rough Changelog for SeaMonkey 1.1.10

This is a list of bugs pulled from Bugzilla. It's a "rough" list because I didn't verify each bug on the list as actually having been fixed in the 1.1.10 development cycle and I may have missed some that were; I just used the smartest Bugzilla queries I could devise. It's not perfect but if you're interested in what got fixed since SeaMonkey 1.1.9 this is probably the best place to start. -Robert

421689 Mozilla won't build with XCode 3.1
432311 branch landing of bug#351476 (conversion of line endings in browser/EULA)
414982 Use gcZeal setting in nsJSEnvironment, as we once did with WAY_TOO_MUCH_GC
417994 navigator object does not fully reflect user agent settings
424188 [FIX]Possible to exploit relative xul:script URIs in signed jars
423541 Arbitrary file upload via originalTarget and DOM Range
416751 rich text editor no longer in designmode when navigating back
411433 file location URL in directory listing should be HTML escaped
286661 can't install extensions over ssl, fails with message "Download error"
397093 Faulty .properties file results in uninitialized memory being used
428606 New version of JEP (, please land on trunk and branch
305073 FIREFOX caused an invalid page fault [@ MSVCRT.DLL + 0xd16a]
308429 make tooMuchGC dynamic (runtime gczeal option)
356378 "invalid getter usage" or assertion failure with "var x; x getter= function () { };"
371292 Crash [@ js_AtomToPrintableString]
380833 Crash during GC after uneval (involves E4X, mysterious sharp variable)
401188 Thread-unsafe updates to sub-atomic rt->gc{Poke,Zeal}
418128 Yet another GC hazard with ++/-- in js_Interpret
423042 js.c Print should flush
425576 Crash on login to Excite Japan Blog ( after updating to Firefox [@ js_MarkGCThing]
425594 new branch top crash [@ js_GC] maybe also crash [@ js_MarkGCThing][@js_GetGCThingFlags]
426628 Land dynamic gczeal on 1.8 branch
427185 JS Assertion from hell with gczeal 2
428669 Crash testcase for bug 425576
431489 js_DecompileCode should not print if Decompile failed
334514 FrameArena::~FrameArena should assert that it's empty
439735 exploitable crash at nsBlockFrame::DrainOverflowLines
421715 canvas.2dcontext.putImageData(array[undefined]) causes a crash [@ JS_GetProperty]
347367 crash when print preview is opened on a certain file styled with meda=print [@ BasicTableLayoutStrategy::CalcPctAdjTableWidth]
378027 Printing crash [@ nsCellMap::GetCellInfoAt] Exception: EXC_BAD_INSTRUCTION (0x0002)
424291 Crash [@ nsCellMap::SetNextSibling] while trying to print
430814 Crash [@ nsStyleContext::GetStyleDisplay] while trying to print
90584 charset=... must be applied to non-MIME Subject:/From:/To:/etc. fields
236389 Don't set type/creator codes for any saved/downloaded files
417957 Setting mail.auth_login and mail.server.default.auth_login to false breaks IMAP after restart
422118 Crash reading malformed zip [@nsZipArchive::BuildFileList]
408329 Mac OS X Java Plugin (JEP) - LiveConnect can still use document.domain bypass to create arbitrary socket connections
418645 Visible Region Notify message does not work when scrolling client window
436575 Moz apps experience unkillable hangs after installing Mac OS X 10.5.3 (loading VerifiedDownloadPlugin.plugin)
418356 [FIX]It's unsafe to use mozIJSSubScriptLoader.loadSubScript() with non-chrome urls or chrome urls whose scheme/host part contain uppercase characters
419846 Non-chrome XUL documents can load chrome scripts from the fastload file
428672 XSS using an event handler attached to the outer window
432591 Fix for bug 428672 can be circumvented by using XUL element
433328 XSS using <script> element in unloaded document
439035 Same-origin check in nsXMLHttpRequest::OnChannelRedirect() can be circumvented
440308 XSS by using XMLHttpRequest and onreadystatechange handler
413161 nsIPrincipal needs a stricter origin
240261 [1.8 branch] peer-trusted certs can use alt names to spoof
431819 IMAP/POP/SMTP/LDAP with SSL client auth, Thunderbird repeatedly prompts for client certificate
421622 XMLHttpRequest from chrome content clears Referer header
391178 Crash [@ nsCSSFrameConstructor::FindFrameWithContent] with XUL trees, position:fixed
419350 [ia64] build failure using gcc 4.3
390788 Accessing innerWidth of a tabbrowser contentWindow throws NS_ERROR_XPC_SECURITY_MANAGER_VETO
323508 Favicon (error icon) in Bookmark not updated
423182 changes the default MOZ_ZIP_FORMAT from .tar.gz to .zip
438941 Update SeaMonkey version number on GECKO181_20080612_RELBRANCH
431184 Composer badly handles XHTML documents
436670 default color constants should be vars in EdColorProps.js
390295 Searchplugin with digit in url cuts off url
416282 Seamonkey/xpfe needs patch for bug 376473
403059 Dropdown list for "File Selected Message" is double spaced; arrows are missing.
429731 Changing new tab preference to home page in new profile results in chrome://navigator-region/locale/
427216 Make tools menu popup match other applications
282660 Crash [@ jsds_NotifyPendingDeadScripts] ds->script is null