← Back to branch summary

~ubuntu-branches/ubuntu/lucid/seamonkey/lucid-security

« back to all changes in this revision

Viewing changes to mailnews/base/resources/content/msgHdrViewOverlay.js

  • Committer: Bazaar Package Importer
  • Author(s): Alexander Sack
  • Date: 2008-11-26 14:54:21 UTC
  • mfrom: (1.1.6 upstream)
  • Revision ID: james.westby@ubuntu.com-20081126145421-qpjfr14j0sulg9le
Tags: 1.1.13+nobinonly-0ubuntu1
https://launchpad.net/bugs/297789
* New security upstream release: 1.1.13 (LP: #297789)
  - CVE-2008-4582: Information stealing via local shortcut files
  - CVE-2008-5012: Image stealing via canvas and HTTP redirect
  - CVE-2008-5013: Arbitrary code execution via Flash Player dynamic module unloading
  - CVE-2008-5014: Crash and remote code execution via __proto__ tampering
  - CVE-2008-5017: Browser engine crash - Firefox 2 and 3
  - CVE-2008-5018: JavaScript engine crashes - Firefox 2 and 3
  - CVE-2008-5019: XSS and JavaScript privilege escalation via session restore
  - CVE-2008-0017: Buffer overflow in http-index-format parser
  - CVE-2008-5021: Crash and remote code execution in nsFrameManager
  - CVE-2008-5022: nsXMLHttpRequest::NotifyEventListeners() same-origin violation
  - CVE-2008-5023: -moz-binding property bypasses security checks on codebase principals
  - CVE-2008-5024: Parsing error in E4X default namespace
  - CVE-NOTASSIGN (MFSA2008-59): Script access to .documentURI and .textContent in mail

* re-run autoconf2.13 to update configure patch to changed upstream codebase
  - update debian/patches/99_configure.patch

Show diffs side-by-side

added added

removed removed

Lines of Context:
mailnews/base/resources/content/msgHdrViewOverlay.js
1045
1045
function CanDetachAttachments()
1046
1046
{
1047
1047
  var uri = GetLoadedMessage();
1048
 
  return !IsNewsMessage(uri) && (!IsImapMessage(uri) || CheckOnline());
 
1048
  var canDetach = !IsNewsMessage(uri) && (!IsImapMessage(uri) || CheckOnline());
 
1049
  if (canDetach && ("content-type" in currentHeaderData))
 
1050
    canDetach = !ContentTypeIsSMIME(currentHeaderData["content-type"].headerValue);
 
1051
  return canDetach;
 
1052
}
 
1053
 
 
1054
/** Return true if the content type is an S/MIME one. */
 
1055
function ContentTypeIsSMIME(contentType)
 
1056
{
 
1057
  // S/MIME is application/pkcs7-mime and application/pkcs7-signature
 
1058
  // - also match application/x-pkcs7-mime and application/x-pkcs7-signature.
 
1059
  return /application\/(x-)?pkcs7-(mime|signature)/.test(contentType);
1049
1060
}
1050
1061
 
1051
1062
function onShowAttachmentContextMenu()
1058
1069
  var saveMenu = document.getElementById('context-saveAttachment');
1059
1070
  var detachMenu = document.getElementById('context-detachAttachment');
1060
1071
  var deleteMenu = document.getElementById('context-deleteAttachment');
 
1072
  var saveAllMenu = document.getElementById('context-saveAllAttachments');
1061
1073
  var detachAllMenu = document.getElementById('context-detachAllAttachments');
1062
1074
  var deleteAllMenu = document.getElementById('context-deleteAllAttachments');
 
1075
 
1063
1076
  var canDetach = CanDetachAttachments();
1064
 
  var canOpen = false;
1065
 
  for (var i = 0; i < selectedAttachments.length && !canOpen; i++)
1066
 
    canOpen = selectedAttachments[i].attachment.contentType != 'text/x-moz-deleted';
1067
 
  if (canOpen && selectedAttachments.length == 1)
 
1077
  var deletedAmongSelected = false;
 
1078
  var detachedAmongSelected = false;
 
1079
  var anyDeleted = false; // at least one deleted attachment in the list
 
1080
  var anyDetached = false; // at least one detached attachment in the list
 
1081
 
 
1082
  // Check if one or more of the selected attachments are deleted.
 
1083
  for (var i = 0; i < selectedAttachments.length && !deletedAmongSelected; i++)
 
1084
    deletedAmongSelected =
 
1085
      (selectedAttachments[i].attachment.contentType == 'text/x-moz-deleted');
 
1086
 
 
1087
  // Check if one or more of the selected attachments are detached.
 
1088
  for (var i = 0; i < selectedAttachments.length && !detachedAmongSelected; i++)
 
1089
    detachedAmongSelected = selectedAttachments[i].attachment.isExternalAttachment;
 
1090
 
 
1091
  // Check if any attachments are deleted.
 
1092
  for (var i = 0; i < currentAttachments.length && !anyDeleted; i++)
 
1093
    anyDeleted = (currentAttachments[i].contentType == 'text/x-moz-deleted');
 
1094
 
 
1095
  // Check if any attachments are detached.
 
1096
  for (var i = 0; i < currentAttachments.length && !anyDetached; i++)
 
1097
    anyDetached = currentAttachments[i].isExternalAttachment;
 
1098
 
 
1099
  if (!deletedAmongSelected && selectedAttachments.length == 1)
1068
1100
  {
1069
1101
    openMenu.removeAttribute('disabled');
1070
1102
    viewMenu.removeAttribute('disabled');
1074
1106
    openMenu.setAttribute('disabled', true);
1075
1107
    viewMenu.setAttribute('disabled', true);
1076
1108
  }
1077
 
  if (canOpen)
1078
 
  {
1079
 
    saveMenu.removeAttribute('disabled');
1080
 
  }
1081
 
  else
1082
 
  {
1083
 
    saveMenu.setAttribute('disabled', true);
1084
 
  }
1085
 
  if (canDetach && canOpen)
1086
 
  {
1087
 
    detachMenu.removeAttribute('disabled');
1088
 
    deleteMenu.removeAttribute('disabled');
1089
 
  }
1090
 
  else
1091
 
  {
1092
 
    detachMenu.setAttribute('disabled', 'true');
1093
 
    deleteMenu.setAttribute('disabled', 'true');
1094
 
  }
1095
 
  if (canDetach)
1096
 
  {
1097
 
    detachAllMenu.removeAttribute('disabled');
1098
 
    deleteAllMenu.removeAttribute('disabled');
1099
 
  }
1100
 
  else
1101
 
  {
1102
 
    detachAllMenu.setAttribute('disabled', 'true');
1103
 
    deleteAllMenu.setAttribute('disabled', 'true');
1104
 
  }
 
1109
 
 
1110
  saveMenu.setAttribute('disabled', deletedAmongSelected);
 
1111
  detachMenu.setAttribute('disabled', !canDetach || deletedAmongSelected
 
1112
                                      || detachedAmongSelected);
 
1113
  deleteMenu.setAttribute('disabled', !canDetach || deletedAmongSelected
 
1114
                                      || detachedAmongSelected);
 
1115
  saveAllMenu.setAttribute('disabled', anyDeleted);
 
1116
  detachAllMenu.setAttribute('disabled', !canDetach || anyDeleted || anyDetached);
 
1117
  deleteAllMenu.setAttribute('disabled', !canDetach || anyDeleted || anyDetached);
1105
1118
}
1106
1119
 
1107
1120
// this is our onclick handler for the attachment list. 
1216
1229
  // First clear out the old view...
1217
1230
  ClearAttachmentMenu(popup);
1218
1231
 
 
1232
  var canDetachOrDeleteAll = CanDetachAttachments();
 
1233
 
1219
1234
  for (index in currentAttachments)
1220
1235
  {
1221
1236
    ++attachmentIndex;
1222
1237
    addAttachmentToPopup(popup, currentAttachments[index], attachmentIndex);
 
1238
    if (canDetachOrDeleteAll &&
 
1239
        (currentAttachments[index].isExternalAttachment ||
 
1240
        currentAttachments[index].contentType == 'text/x-moz-deleted'))
 
1241
      canDetachOrDeleteAll = false;
1223
1242
  }
1224
1243
 
1225
1244
  gBuildAttachmentPopupForCurrentMsg = false;
1226
1245
 
1227
1246
  var detachAllMenu = document.getElementById('file-detachAllAttachments');
1228
1247
  var deleteAllMenu = document.getElementById('file-deleteAllAttachments');
1229
 
  if (CanDetachAttachments())
1230
 
  {
1231
 
    detachAllMenu.removeAttribute('disabled');
1232
 
    deleteAllMenu.removeAttribute('disabled');
1233
 
  }
1234
 
  else
1235
 
  {
1236
 
    detachAllMenu.setAttribute('disabled', 'true');
1237
 
    deleteAllMenu.setAttribute('disabled', 'true');
1238
 
  }
 
1248
 
 
1249
  detachAllMenu.setAttribute('disabled', !canDetachOrDeleteAll);
 
1250
  deleteAllMenu.setAttribute('disabled', !canDetachOrDeleteAll);
1239
1251
}
1240
1252
 
1241
1253
// Public method used to clear the file attachment menu
1291
1303
 
1292
1304
function FillAttachmentItemPopup(event)
1293
1305
{
1294
 
  var canDetach = CanDetachAttachments();
1295
1306
  var openpopup = event.target;
 
1307
  var canDetach = CanDetachAttachments() && !openpopup.attachment.isExternalAttachment;
1296
1308
  openpopup.removeEventListener('popupshowing', FillAttachmentItemPopup, false);
1297
1309
 
1298
1310
  var menuitementry = document.getElementById("context-openAttachment").cloneNode(false);