The new JS1.8.5 hooking method appear more stable than the old ways, but
they're not perfect...

Also fix a bug referencing an old component name. It seems to work now.

This will make YouTube work for FF4 users if they opt-in to the HTML5 trial.
We're not going to set the opt-in cookie for them just yet, on the assumption
that there's a good chance the trial mode will become automatic soon.

The changes reflect the planned move away from the Toggle Model in favor of
Tor Browser Bundle.

In the TBB use case, state separation is slightly more important than network
isolation.

Reorganize issues by their vulnerability type.

Also fix a couple typos found by arma.

I probably should have broken these into separate commits. Too late now.

We do this by toggling the pref.

We don't have Bugzilla entries for this yet, but it should be listed.

FF2.0 is no longer supported, and this cuts a lot of exception noise out of
the javascript debugger.

This is the new official way of clearing SSL Session IDs and other TLS state.

Fixing these will be too problematic for 1.4.x. We'll block on this bug
forever otherwise. We throw an unknown protocol exception if this pref is set
to prevent fingerprinting with this technique:
http://pseudo-flaw.net/tor/torbutton/scan-protocol-handlers.html

Might end up useful in the future though.

This may not be the final form we want for it to take, see FIXME in the
comments.

Also fix a potential issue with unescaped .'s in regex match strings. I'm
really not sure we can call this ref spoofing protection a real security
feature, though, so it's not like this matters a whole bunch. But might as
well fix it, too.

Allow content sourcing of resource urls with a host of 'gre'.

The javascript hooks work again, and we've removed a nasty popup exception on
FF4.0b11 too.