This is the Suite version of "firespoofing" bug 260560.

when porting the fixes from bug 260560 watch out for regression 282872

Ping. Time running out for 1.7.6, but we really need this fix. Dveditz, if you don't have time to do this work, feel free to assign to me.

This patch ports the fixes from Firefox bug 260560 (including regression fix bug 282872), plus the always-on status bar from bug 22183 that will prevent similar spoofing in any other dialogs we haven't explicitly fixed with this patch.

Comment on attachment 176979 [details] [diff] [review] Port fix from 260560/282872 to the suite 1.7 branch Looks good. r=me assuming you've tested it.

Comment on attachment 176979 [details] [diff] [review] Port fix from 260560/282872 to the suite 1.7 branch >+ var script = "document.documentElement.getButton('accept').disabled = false; "; >+ script += "document.documentElement.getButton('extra1').disabled = false; "; >+ script += "document.documentElement.getButton('extra2').disabled = false;"; >+ setTimeout(script, 250); This sure looks ugly, but it'll do for the branch. >+ this._timer.initWithCallback(this, 250, nsITimer.TYPE_ONE_SHOT); You've got a leak here; the timer holds a reference to this and this holds a reference to the timer. You'll need to null out your _timer reference in notify(). (In theory you could replace _delayExpired with !_timer). sr=me for the branch with this fixed.

Comment on attachment 176979 [details] [diff] [review] Port fix from 260560/282872 to the suite 1.7 branch a=caillon for 1.7.6 with Neil's changes.

Fix checked in to trunk and 1.7 branch

See: https://bugzilla.mozilla.org/show_bug.cgi?id=260560#c37

Bug 295447 explains why this is still a problem on GTK2 build.