Patch-ID# 117765-05


Download this patch from My Oracle Support

Your use of the firmware, software and any other materials contained in this update is subject to My Oracle Support Terms of Use, which may be viewed at My Oracle Support.
For further information on patching best practices and resources, please see the following links:
Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.

Keywords: security mozilla crashs iframe default application not in the "save as"
Synopsis: Mozilla 1.4: Base Libraries patch
Date: Jul/05/2005


Install Requirements: NA

Solaris Release: 8

SunOS Release: 5.8

Unbundled Product: Mozilla

Unbundled Release: 1.4

Xref: This patch available for x86 as 117766

Topic:

Relevant Architectures: sparc

Bugs fixed with this patch:

Sun CR # Bug #
504000515209128
505384915213004
509052815223985
509052915223986
509053015223987
509058315224003
509101415224158
509110915224161
509111515224163
509111615224164
509112015224166
509112315224168
509114615224176
510155115227310
510858315229659
510858615229661
510858715229662
510858815229663
510859015229664
510859115229665
617744215231523
618915515234716
621235415242452


Changes incorporated in this version: 5101551

Patches accumulated and obsoleted by this patch:

Patches which conflict with this patch:

Patches required with this patch:

Obsoleted by:

Files included with this patch:

/usr/sfw/lib/mozilla/chrome/comm.jar
/usr/sfw/lib/mozilla/chrome/toolkit.jar
/usr/sfw/lib/mozilla/components/browser.xpt
/usr/sfw/lib/mozilla/components/libaccessibility.so
/usr/sfw/lib/mozilla/components/libcaps.so
/usr/sfw/lib/mozilla/components/libchrome.so
/usr/sfw/lib/mozilla/components/libcomposer.so
/usr/sfw/lib/mozilla/components/libdocshell.so
/usr/sfw/lib/mozilla/components/libeditor.so
/usr/sfw/lib/mozilla/components/libembedcomponents.so
/usr/sfw/lib/mozilla/components/libgfxps.so
/usr/sfw/lib/mozilla/components/libgklayout.so
/usr/sfw/lib/mozilla/components/libgkplugin.so
/usr/sfw/lib/mozilla/components/libimglib2.so
/usr/sfw/lib/mozilla/components/libimpComm4xMail.so
/usr/sfw/lib/mozilla/components/libinspector.so
/usr/sfw/lib/mozilla/components/libjsdom.so
/usr/sfw/lib/mozilla/components/liblocalmail.so
/usr/sfw/lib/mozilla/components/libmime.so
/usr/sfw/lib/mozilla/components/libmimeemitter.so
/usr/sfw/lib/mozilla/components/libmsgcompose.so
/usr/sfw/lib/mozilla/components/libnecko.so
/usr/sfw/lib/mozilla/components/libnsappshell.so
/usr/sfw/lib/mozilla/components/libpipboot.so
/usr/sfw/lib/mozilla/components/libpipnss.so
/usr/sfw/lib/mozilla/components/libpref.so
/usr/sfw/lib/mozilla/components/libtransformiix.so
/usr/sfw/lib/mozilla/components/libtypeaheadfind.so
/usr/sfw/lib/mozilla/components/libvcard.so
/usr/sfw/lib/mozilla/components/libwallet.so
/usr/sfw/lib/mozilla/components/libwidget_gtk2.so
/usr/sfw/lib/mozilla/components/libxmlextras.so
/usr/sfw/lib/mozilla/components/libxpconnect.so
/usr/sfw/lib/mozilla/components/libxpinstall.so
/usr/sfw/lib/mozilla/defaults/pref/all.js
/usr/sfw/lib/mozilla/libmsgbaseutil.so
/usr/sfw/lib/mozilla/libnspr4.so
/usr/sfw/lib/mozilla/libnss3.so
/usr/sfw/lib/mozilla/libplc4.so
/usr/sfw/lib/mozilla/libplds4.so
/usr/sfw/lib/mozilla/libsmime3.so
/usr/sfw/lib/mozilla/libssl3.so
/usr/sfw/lib/mozilla/libxpcom.so
/usr/sfw/lib/mozilla/mozilla-bin
/usr/sfw/lib/mozilla/xpicleanup
/usr/sfw/lib/mozilla/libjsj.so

Problem Description:

5101551 Sun Mozilla: request for functionality: to view or save files with .eml
 
(from 117765-04)
6212354 Mozilla 1.4 sometimes does not display pulldown menus after installing patch 117767-03
 
(from 117765-03)
6177442 Mozilla 1.4 grows very large with javascript and java applet that rewrites page
6189155 javascript to java string uses up java_vm memory (eventually OutOfMemoryError)
 
(from 117765-02)
5090528 Netscape SOAPParameter Constructor Integer Overflow Vulnerability
5090529 new libpng buffer overflow vulnerabilities
5090530 a flaw in the POP3 capability
5090583 Importing false CA certificate leading to error -8182 (perm DoS)
5091014 null () in filename fakes extension (ftp)
5091109 can spoof framed sites by changing frame contents
5091115 SSL Certificate Spoof -- Allows malicious page to present SSL certificate
5091116 pop up XPInstall/security dialog when user is about to click
5091120 lock icon and certificates spoofable with onunload document.write
5091123 Untrusted web content can display content using "chrome" flag in window
5091146 Certificate name matching for non-FQDNs is insecure
5108583 Responses from a malicious POP3 mail server can trigger heap overruns
5108586 browser accepts dragged javascript: links (same-origin security hole)
5108587 BMP integer overflow exploits
5108590 Text fields give scripts access to the user's clipboard
5108591 heap overflows triggered by "send page"
5108588 stack based buffer overflow with vcards when previewing email message
 
(from 117765-01)
5040005 Mozilla crashes when an IFrame is included in DIV with display:none Moz
5053849 default application not in the "Save as" dialog when open attachment


Patch Installation Instructions:
-------------------------------- 
For Solaris 2.0-2.6 releases, refer to the Install.info file and/or
the README within the patch for instructions on using the generic
'installpatch' and 'backoutpatch' scripts provided with each patch.
 
For Solaris 7-10 releases, refer to the man pages for instructions on
using 'patchadd' and 'patchrm' scripts provided with Solaris.
Any other special or non-generic installation instructions should be
described below as special instructions.  The following example
installs a patch to a standalone machine:
 
	example# patchadd /var/spool/patch/104945-02
 
The following example removes a patch from a standalone system:
 
	example# patchrm 104945-02
 
For additional examples please see the appropriate man pages.


Special Install Instructions:
----------------------------- 
 
None.


README -- Last modified date: Saturday, November 10, 2012