Patch-ID# 120671-08


Download this patch from My Oracle Support

Your use of the firmware, software and any other materials contained in this update is subject to My Oracle Support Terms of Use, which may be viewed at My Oracle Support.
For further information on patching best practices and resources, please see the following links:
Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.

Keywords: security mozilla web download automatic proxy
Synopsis: Mozilla 1.7 for Solaris 8 and 9
Date: Aug/29/2008


Install Requirements: NA

Solaris Release: 8 9

SunOS Release: 5.8 5.9

Unbundled Product: Mozilla

Unbundled Release: 1.7

Xref: This patch available for x86 as 120672

Topic:

Relevant Architectures: sparc

Bugs fixed with this patch:

Sun CR # Bug #
635295815298839
641273015325057
641512315325986
641512815325987
641513115325988
641513315325991
641513515325992
641513815325994
641514215325995
641514315325996
642449315329882
642454515329898
642454815329901
642455115329905
642456015329912
642456315329914
642456715329918
642456815329919
642457315329921
642457415329922
642457715329923
642457915329925
644702015339265
644702115339266
644702215339267
644702315339268
645875015344996
645875215344997
645875315344998
645875415344999
645875515345000
646107415346117
648824815358698
649943715364261
649943815364262
650119415365275
650839515369086
650839715369087
650839815369088
650840015369090
656424015400879


Changes incorporated in this version: 6564240 6501194

Patches accumulated and obsoleted by this patch:

Patches which conflict with this patch:

Patches required with this patch:

Obsoleted by:

Files included with this patch:

<install_dir>/sfw/lib/mozilla/chrome/comm.jar
<install_dir>/sfw/lib/mozilla/components/libaddrbook.so
<install_dir>/sfw/lib/mozilla/components/libappcomps.so
<install_dir>/sfw/lib/mozilla/components/libcaps.so
<install_dir>/sfw/lib/mozilla/components/libcomposer.so
<install_dir>/sfw/lib/mozilla/components/libdocshell.so
<install_dir>/sfw/lib/mozilla/components/libgklayout.so
<install_dir>/sfw/lib/mozilla/components/libgkplugin.so
<install_dir>/sfw/lib/mozilla/components/libhtmlpars.so
<install_dir>/sfw/lib/mozilla/components/libi18n.so
<install_dir>/sfw/lib/mozilla/components/libmime.so
<install_dir>/sfw/lib/mozilla/components/libmimeemitter.so
<install_dir>/sfw/lib/mozilla/components/libnecko.so
<install_dir>/sfw/lib/mozilla/components/libpipboot.so
<install_dir>/sfw/lib/mozilla/components/libpipnss.so
<install_dir>/sfw/lib/mozilla/components/librdf.so
<install_dir>/sfw/lib/mozilla/components/libtransformiix.so
<install_dir>/sfw/lib/mozilla/components/libtypeaheadfind.so
<install_dir>/sfw/lib/mozilla/components/libuconv.so
<install_dir>/sfw/lib/mozilla/components/libwallet.so
<install_dir>/sfw/lib/mozilla/components/libwebbrwsr.so
<install_dir>/sfw/lib/mozilla/components/libwidget_gtk2.so
<install_dir>/sfw/lib/mozilla/components/libxpconnect.so
<install_dir>/sfw/lib/mozilla/components/libxpinstall.so
<install_dir>/sfw/lib/mozilla/greprefs/all.js
<install_dir>/sfw/lib/mozilla/libgkgfx.so
<install_dir>/sfw/lib/mozilla/libmozjs.so
<install_dir>/sfw/lib/mozilla/libmsgbaseutil.so
<install_dir>/sfw/lib/mozilla/libnspr4.so
<install_dir>/sfw/lib/mozilla/libnss3.so
<install_dir>/sfw/lib/mozilla/libsmime3.so
<install_dir>/sfw/lib/mozilla/libsoftokn3.so
<install_dir>/sfw/lib/mozilla/libxpcom.so

Problem Description:

6564240 [MFSA 2007-12] VU#609956 [CVE-2007-2868] JavaScript engine memory corruption
6501194 [MFSA#2006-65] [CVE-2006-5748] potential memory corruption in the JavaScript engine
 
(from 120671-07)
 
6499437 [MFSA#2006-67] Running Script can be recompiled
 
(from 120671-06)
 
6508397 [MFSA 2006-68] VU#447772 [CVE-2006-6498] JavaScript engine vulnerability
6458755 [MFSA 2006-55] Mozilla contains multiple memory corruption vulnerabilities
6447023 [MFSA 2006-32] Mozilla contains multiple memory corruption vulnerabilities
 
(from 120671-05)
 
6508400 [MFSA 2006-74] VU#887332 [CVE-2006-6505] (mail header buffer overflows)
6508398 [MFSA 2006-68] VU#606260 [CVE-2006-6499] js_dtoa vulnerability
6508395 [MFSA 2006-68] VU#606260 [CVE-2006-6497] Layout engine vulnerability
6458752 [MFSA 2006-50] Mozilla fails to properly handle garbage collection
 
(from 120671-04)
 
6499438 [MFSA#2006-66] RSA Signature Forgery (variant)
6488248 [MFSA 2006-60] Mozilla(NSS) RSA signature forgery issue
6447022 [MSFA 2006-37] Mozilla may process content-defined setters on object prototypes with elevated priv
 
(from 120671-03)
 
6458754 [MFSA 2006-51] Mozilla products fail to properly validate JavaScript constructors
6458753 [MFSA 2006-50] Mozilla JavaScript engine contains multiple integer overflows
6458750 [MFSA 2006-49] Mozilla products VCard attachment buffer overflow
6447020 [MFSA 2006-43] Mozilla privilege escalation using addSelectionListener
6447021 [MFSA 2006-38] Mozilla contains a buffer overflow vulnerability in crypto.signText()
6415123 [MFSA 2006-24] Mozilla crypto.generateCRMFRequest() vulnerability
 
(from 120671-02)
 
6461074 [s10u3] mozilla cores on browsing to http://www.yahoo.com
6412730 Mozilla: Localstore.rdf XML injection through XULDocument.persist()
6424493 [MFSA 2006-27] Table rebuilding code execution vulnerability
6424545 [MFSA 2006-25] Privilege escalation through Print Preview
6424548 [MFSA 2006-23] File stealing by changing input type
6415128 [MFSA 2006-22] Mozilla CSS Letter-Spacing vulnerability
6424551 [MFSA 2006-21] JavaScript execution in mail when forwarding in-line
6415143 [MFSA 2006-20] Mozilla DHTML memory corruption vulnerabilities
6424560 [MFSA 2006-19] Cross-site scripting using .valueOf.call()
6415138 [MFSA 2006-18] Mozilla tag order memory corruption vulnerability
6424563 [MFSA 2006-17] cross-site scripting through window.controllers
6415131 [MFSA 2006-16] Mozilla XBL binding vulnerability
6415133 [MFSA 2006-15] Mozilla JavaScript cloned parent vulnerability
6415135 [MFSA 2006-14] Mozilla privilege escalation vulnerability via XBL.method.eval
6424567 [MFSA 2006-13] Downloading executables with "Save Image As..."
6424568 [MFSA 2006-12] Secure-site spoof (requires security warning dialog
6415142 [MFSA 2006-11] Mozilla CSS, regex,... memory corruption vulnerabilities
6424573 [MFSA 2006-10] JavaScript garbage-collection hazard audit
6424574 [MFSA 2006-09] Cross-site JavaScript injection using event handlers
6424577 [MFSA 2006-03] Long document title causes startup denial of service
6424579 [MFSA 2006-01] JavaScript garbage-collection hazards
 
(from 120671-01)
 
6352958 Mozilla 1.7 patch 119115-13 breaks "Automatic proxy configuration file"


Patch Installation Instructions:
-------------------------------- 
For Solaris 7-10 releases, refer to the man pages for instructions on
using 'patchadd' and 'patchrm' scripts provided with Solaris.
Any other special or non-generic installation instructions should be
described below as special instructions.  The following example
installs a patch to a standalone machine:
 
	example# patchadd /var/spool/patch/104945-02
 
The following example removes a patch from a standalone system:
 
	example# patchrm 104945-02
 
For additional examples please see the appropriate man pages.


Special Install Instructions:
----------------------------- 
Logout and login back to JDS after applying the patch.


README -- Last modified date: Saturday, November 10, 2012