96fab4a2b81189101231b12106823748c9a70a94: Bug 1419417 - Parse HTML to make sure that tags and attributes are properly closed. r=mkmelin,jorgk
Ben Bucksch <ben.bucksch@beonex.com> - Mon, 21 May 2018 18:44:41 +0200 - rev 23964
Push 14450 by mozilla@jorgk.com at Mon, 21 May 2018 16:57:08 +0000
Bug 1419417 - Parse HTML to make sure that tags and attributes are properly closed. r=mkmelin,jorgk This fixes the efail <http://efail.de> security bug, which opens a HTML tag or attribute in an HTML MIME part, then puts in a PGP-encrypted part, and then another HTML part with the closing quote or tag. This could be e.g. <img src=' or <form><textarea>, CSS URL or similar features that send out the following text as URL and therefore leak it to the attacker who crafted the email. The PGP part will then be decrypted and leak. The bug was that we just passed HTML through verbatim. The frontend does not have any further precautions, either. The correct solution here is to jail each MIME part into a separate <iframe type="content"> in the UI. However, we don't want one scrollbar for each MIME part, but one scroll for the entire body. <iframe seamless> would allow that, but it was never implemented in Firefox and is now dead. We might later find a workaround, but this is more work and can't be done short term. The fix here in libmime first parses the HTML that we get in the HTML MIME part, and then immediately serialized it again. That ensures that the HTML document is complete, syntactically correct, and all tags and attributes are properly closed, before we start with the next MIME part.
148c2d27abc3daa72f3cb3c3e2f8404e2f018f48: Bug 1457713 - Port bug 1456035: Change XPCOMUtils.generateQI to ChromeUtils.generateQI in mailnews. r=aceman
Jorg K <jorgk@jorgk.com> - Mon, 21 May 2018 00:59:53 +0200 - rev 23963
Push 14449 by mozilla@jorgk.com at Sun, 20 May 2018 23:01:17 +0000
Bug 1457713 - Port bug 1456035: Change XPCOMUtils.generateQI to ChromeUtils.generateQI in mailnews. r=aceman
bf2c27b81cae41c86ad9a4b74e7e700f6c8beb7d: Bug 1457713 - Port bug 1456035: Change XPCOMUtils.generateQI to ChromeUtils.generateQI in chat. r=aceman
Jorg K <jorgk@jorgk.com> - Mon, 21 May 2018 00:59:52 +0200 - rev 23962
Push 14449 by mozilla@jorgk.com at Sun, 20 May 2018 23:01:17 +0000
Bug 1457713 - Port bug 1456035: Change XPCOMUtils.generateQI to ChromeUtils.generateQI in chat. r=aceman
f378ff5bbc894ff9863dec27d27f99947726f096: Bug 1457713 - Port bug 1456035: Change XPCOMUtils.generateQI to ChromeUtils.generateQI in mail. r=aceman
Jorg K <jorgk@jorgk.com> - Mon, 21 May 2018 00:59:51 +0200 - rev 23961
Push 14449 by mozilla@jorgk.com at Sun, 20 May 2018 23:01:17 +0000
Bug 1457713 - Port bug 1456035: Change XPCOMUtils.generateQI to ChromeUtils.generateQI in mail. r=aceman
1dd08f49b8dd52533738f6471621097c3638e5ab: Bug 1462481 - Follow-up: fix "Context-Type", fix typo in comment and remove comment referencing future code. r=me
Jorg K <jorgk@jorgk.com> - Mon, 21 May 2018 00:19:38 +0200 - rev 23960
Push 14448 by mozilla@jorgk.com at Sun, 20 May 2018 22:24:43 +0000
Bug 1462481 - Follow-up: fix "Context-Type", fix typo in comment and remove comment referencing future code. r=me
adea31ed8649a834f44365f405df3abe64537600: Bug 1462994 - Port bug 1461216 to C-C: Remove preference extensions.minCompatibleAppVersion. r=jorgk
Richard Marti <richard.marti@gmail.com> - Sun, 20 May 2018 19:51:08 +0200 - rev 23959
Push 14448 by mozilla@jorgk.com at Sun, 20 May 2018 22:24:43 +0000
Bug 1462994 - Port bug 1461216 to C-C: Remove preference extensions.minCompatibleAppVersion. r=jorgk
d25496f177d2d761a36add59e07e2526c4e742f9: Bug 1462971 - Add the |-moz-box-pack: end;| only to the #header-view-toolbar. r=jorgk
Richard Marti <richard.marti@gmail.com> - Sun, 20 May 2018 12:43:34 +0200 - rev 23958
Push 14448 by mozilla@jorgk.com at Sun, 20 May 2018 22:24:43 +0000
Bug 1462971 - Add the |-moz-box-pack: end;| only to the #header-view-toolbar. r=jorgk
9c9d0d5d6c8292e20b06cc895ed3b97eb55afe4f: Bug 1462481 - fix white-space issues in mimethsa.cpp. rs=white-space-only
Jorg K <jorgk@jorgk.com> - Sat, 19 May 2018 22:42:29 +0200 - rev 23957
Push 14447 by mozilla@jorgk.com at Sat, 19 May 2018 20:49:02 +0000
Bug 1462481 - fix white-space issues in mimethsa.cpp. rs=white-space-only [skip-blame]
36e3c7e4c9b9e0284268e3d6f5ca205e89f0091c: Bug 1462481 - clean up MIME's HTML sanitizer class. r=mkmelin,jorgk
Ben Bucksch <ben.bucksch@beonex.com> - Thu, 17 May 2018 15:11:00 +0200 - rev 23956
Push 14447 by mozilla@jorgk.com at Sat, 19 May 2018 20:49:02 +0000
Bug 1462481 - clean up MIME's HTML sanitizer class. r=mkmelin,jorgk
a15a0e87508f534d79b93f3bcf78bb5a8c0c8f8a: Bug 1460721 - temporarily disable failing test test-font-chooser.js. rs=bustage-fix
Jorg K <jorgk@jorgk.com> - Sat, 19 May 2018 00:58:39 +0200 - rev 23955
Push 14446 by mozilla@jorgk.com at Fri, 18 May 2018 22:59:21 +0000
Bug 1460721 - temporarily disable failing test test-font-chooser.js. rs=bustage-fix
a9fc16e8d99b21aaf8078bc2e7b706439c2d4568: Bug 1460372 - Update .arcconfig to make history mutable. r=Fallen
Steven MacLeod <steven@smacleod.ca> - Wed, 09 May 2018 13:56:23 -0400 - rev 23954
Push 14445 by smacleod@mozilla.com at Fri, 18 May 2018 15:23:12 +0000
Bug 1460372 - Update .arcconfig to make history mutable. r=Fallen Reviewers: Fallen Reviewed By: Fallen Bug #: 1460372 Differential Revision: https://phabricator.services.mozilla.com/D1252
3e22d5df855ccef76aad32b1659a6beb069e47fe: Bug 1461026 - [macOS] Align font of folder pane to more macOS-like appearance. r=Paenglab
Nomis101 <Nomis101@web.de> - Wed, 16 May 2018 11:17:14 +0200 - rev 23953
Push 14444 by mozilla@jorgk.com at Thu, 17 May 2018 22:29:15 +0000
Bug 1461026 - [macOS] Align font of folder pane to more macOS-like appearance. r=Paenglab
4588a69b69625d0cce18b87bcf8e47210357a020: Port bug 1451050 - add to allowed-dupes.mn. rs=bustage-fix
Jorg K <jorgk@jorgk.com> - Thu, 17 May 2018 21:52:24 +0200 - rev 23952
Push 14443 by mozilla@jorgk.com at Thu, 17 May 2018 19:52:49 +0000
Port bug 1451050 - add to allowed-dupes.mn. rs=bustage-fix
dd8068d03aa09524b2c32bddea620ac3eb18ead1: Bug 1451847 - Part 4. Correct minor issues in SeaMonkey build files. r=me
Frank-Rainer Grahl <frgrahl@gmx.net> - Thu, 17 May 2018 21:06:24 +0200 - rev 23951
Push 14442 by frgrahl@gmx.net at Thu, 17 May 2018 19:07:22 +0000
Bug 1451847 - Part 4. Correct minor issues in SeaMonkey build files. r=me
ee1bc14d5000ad04ed8bc5c0983c0a31dc624ec1: Bug 1458700: [release-promotion] Add initial release-promotion configuration; r=me
Tom Prince <mozilla@hocat.ca> - Fri, 13 Apr 2018 16:33:36 -0600 - rev 23950
Push 14441 by mozilla@hocat.ca at Thu, 17 May 2018 16:14:37 +0000
Bug 1458700: [release-promotion] Add initial release-promotion configuration; r=me
cec714cd0bdf171d5bd18c706a2bef4d8b1117ac: Port bug 1451050 - fix paths of blocklists, pinning, add main. rs=bustage-fix
Jorg K <jorgk@jorgk.com> - Thu, 17 May 2018 13:09:44 +0200 - rev 23949
Push 14440 by mozilla@jorgk.com at Thu, 17 May 2018 11:10:27 +0000
Port bug 1451050 - fix paths of blocklists, pinning, add main. rs=bustage-fix
212529ee949c69d11864df8f3192ab16d935d91e: Bug 1462160 - Follow-up: Set extensions.systemAddon.update.enabled to true. r=me
Jorg K <jorgk@jorgk.com> - Thu, 17 May 2018 13:03:22 +0200 - rev 23948
Push 14439 by mozilla@jorgk.com at Thu, 17 May 2018 11:03:43 +0000
Bug 1462160 - Follow-up: Set extensions.systemAddon.update.enabled to true. r=me
6325c7433eb462fb35565f70921511a74abe8b06: Bug 1462160 - Add preference extensions.systemAddon.update.enabled needed in toolkit tests. rs=bustage-fix
Jorg K <jorgk@jorgk.com> - Thu, 17 May 2018 00:43:21 +0200 - rev 23947
Push 14438 by mozilla@jorgk.com at Wed, 16 May 2018 22:43:50 +0000
Bug 1462160 - Add preference extensions.systemAddon.update.enabled needed in toolkit tests. rs=bustage-fix
02f531f15649424d805cf4de3fa4a5ebfefab003: Bug 1459748 - Follow-up: add comm/rdf to TaskCluster configuration. r=me
Jorg K <jorgk@jorgk.com> - Wed, 16 May 2018 22:13:37 +0200 - rev 23946
Push 14437 by mozilla@jorgk.com at Wed, 16 May 2018 20:14:43 +0000
Bug 1459748 - Follow-up: add comm/rdf to TaskCluster configuration. r=me
3566433f12f13bdd3e3c8120c44e6ba2b6d50be4: Bug 1462004 - Port bug 1430023: Use hard-coded string instead of NS_APP_LOCALSTORE_50_FILE. rs=bustage-fix
Jorg K <jorgk@jorgk.com> - Wed, 16 May 2018 18:00:39 +0200 - rev 23945
Push 14436 by mozilla@jorgk.com at Wed, 16 May 2018 16:01:00 +0000
Bug 1462004 - Port bug 1430023: Use hard-coded string instead of NS_APP_LOCALSTORE_50_FILE. rs=bustage-fix
(0) -10000 -3000 -1000 -300 -100 -50 -20 +20 +50 +100 +300 +1000 tip