Patch-ID# 120672-08


Download this patch from My Oracle Support

Your use of the firmware, software and any other materials contained in this update is subject to My Oracle Support Terms of Use, which may be viewed at My Oracle Support.
For further information on patching best practices and resources, please see the following links:
Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.

Keywords: security mozilla web download automatic proxy
Synopsis: Mozilla 1.7_x86 for Solaris 8 and 9
Date: Sep/02/2008


Install Requirements: NA

Solaris Release: 8_x86 9_x86

SunOS Release: 5.8_x86 5.9_x86

Unbundled Product: Mozilla

Unbundled Release: 1.7_x86

Xref: This patch available for SPARC as 120671

Topic:

Relevant Architectures: i386

Bugs fixed with this patch:

Sun CR # Bug #
635295815298839
641273015325057
641512315325986
641512815325987
641513115325988
641513315325991
641513515325992
641513815325994
641514215325995
641514315325996
642449315329882
642454515329898
642454815329901
642455115329905
642456015329912
642456315329914
642456715329918
642456815329919
642457315329921
642457415329922
642457715329923
642457915329925
644702015339265
644702115339266
644702215339267
644702315339268
645875015344996
645875215344997
645875315344998
645875415344999
645875515345000
646107415346117
648824815358698
649943715364261
649943815364262
650119415365275
650839515369086
650839715369087
650839815369088
650840015369090
656424015400879


Changes incorporated in this version: 6564240 6501194

Patches accumulated and obsoleted by this patch:

Patches which conflict with this patch:

Patches required with this patch:

Obsoleted by:

Files included with this patch:

<install_dir>/sfw/lib/mozilla/chrome/comm.jar
<install_dir>/sfw/lib/mozilla/components/libaddrbook.so
<install_dir>/sfw/lib/mozilla/components/libappcomps.so
<install_dir>/sfw/lib/mozilla/components/libcaps.so
<install_dir>/sfw/lib/mozilla/components/libcomposer.so
<install_dir>/sfw/lib/mozilla/components/libdocshell.so
<install_dir>/sfw/lib/mozilla/components/libgklayout.so
<install_dir>/sfw/lib/mozilla/components/libgkplugin.so
<install_dir>/sfw/lib/mozilla/components/libhtmlpars.so
<install_dir>/sfw/lib/mozilla/components/libi18n.so
<install_dir>/sfw/lib/mozilla/components/libmime.so
<install_dir>/sfw/lib/mozilla/components/libmimeemitter.so
<install_dir>/sfw/lib/mozilla/components/libnecko.so
<install_dir>/sfw/lib/mozilla/components/libpipboot.so
<install_dir>/sfw/lib/mozilla/components/libpipnss.so
<install_dir>/sfw/lib/mozilla/components/librdf.so
<install_dir>/sfw/lib/mozilla/components/libtransformiix.so
<install_dir>/sfw/lib/mozilla/components/libtypeaheadfind.so
<install_dir>/sfw/lib/mozilla/components/libuconv.so
<install_dir>/sfw/lib/mozilla/components/libwallet.so
<install_dir>/sfw/lib/mozilla/components/libwebbrwsr.so
<install_dir>/sfw/lib/mozilla/components/libwidget_gtk2.so
<install_dir>/sfw/lib/mozilla/components/libxpconnect.so
<install_dir>/sfw/lib/mozilla/components/libxpinstall.so
<install_dir>/sfw/lib/mozilla/greprefs/all.js
<install_dir>/sfw/lib/mozilla/libgkgfx.so
<install_dir>/sfw/lib/mozilla/libmozjs.so
<install_dir>/sfw/lib/mozilla/libmsgbaseutil.so
<install_dir>/sfw/lib/mozilla/libnspr4.so
<install_dir>/sfw/lib/mozilla/libnss3.so
<install_dir>/sfw/lib/mozilla/libsmime3.so
<install_dir>/sfw/lib/mozilla/libsoftokn3.so
<install_dir>/sfw/lib/mozilla/libxpcom.so

Problem Description:

6564240 [MFSA 2007-12] VU#609956 [CVE-2007-2868] JavaScript engine memory corruption
6501194 [MFSA#2006-65] [CVE-2006-5748] potential memory corruption in the JavaScript engine
 
(from 120672-07)
 
6499437 [MFSA#2006-67] Running Script can be recompiled
 
(from 120672-06)
 
6447023 [MFSA 2006-32] Mozilla contains multiple memory corruption vulnerabilities
6458755 [MFSA 2006-55] Mozilla contains multiple memory corruption vulnerabilities
6508397 [MFSA 2006-68] VU#447772 [CVE-2006-6498] JavaScript engine vulnerability
 
(from 120672-05)
 
6458752 [MFSA 2006-50] Mozilla fails to properly handle garbage collection
6508395 [MFSA 2006-68] VU#606260 [CVE-2006-6497] layout engine vulnerability
6508398 [MFSA 2006-68] VU#606260 [CVE-2006-6499] js_dtoa vulnerability
6508400 [MFSA 2006-74] VU#887332 [CVE-2006-6505] mail header buffer overflows
 
(from 120672-04)
 
6488248 [MFSA 2006-60] Mozilla(NSS) RSA signature forgery issue
6499438 [MFSA#2006-66] RSA Signature Forgery (variant)
6447022 [MSFA 2006-37] Mozilla may process content-defined setters on object prototypes with elevated privileges
 
(from 120672-03)
 
6415123 [MFSA 2006-24] Mozilla crypto.generateCRMFRequest() vulnerability
6447020 [MFSA 2006-43] Mozilla privilege escalation using addSelectionListener
6447021 [MFSA 2006-38] Mozilla contains a buffer overflow vulnerability in crypto.signText()
6458750 [MFSA 2006-49] Mozilla products VCard attachment buffer overflow
6458753 [MFSA 2006-50] Mozilla JavaScript engine contains multiple integer overflows
6458754 [MFSA 2006-51] Mozilla products fail to properly validate JavaScript constructors
 
(from 120672-02)
 
6412730 Mozilla: Localstore.rdf XML injection through XULDocument.persist()
6415128 [MFSA 2006-22] Mozilla CSS Letter-Spacing vulnerability
6415131 [MFSA 2006-16] Mozilla XBL binding vulnerability
6415133 [MFSA 2006-15] Mozilla JavaScript cloned parent vulnerability
6415135 [MFSA 2006-14] Mozilla privilege escalation vulnerability via XBL.method.eval
6415138 [MFSA 2006-18] Mozilla tag order memory corruption vulnerability
6415142 [MFSA 2006-11] Mozilla CSS, regex,... memory corruption vulnerabilities
6415143 [MFSA 2006-20] Mozilla DHTML memory corruption vulnerabilities
6424493 [MFSA 2006-27] table rebuilding code execution vulnerability
6424545 [MFSA 2006-25] privilege escalation through Print Preview
6424548 [MFSA 2006-23] file stealing by changing input type
6424551 [MFSA 2006-21] JavaScript execution in mail when forwarding in-line
6424560 [MFSA 2006-19] cross-site scripting using .valueOf.call()
6424563 [MFSA 2006-17] cross-site scripting through window.controllers
6424567 [MFSA 2006-13] downloading executables with "Save Image As..."
6424568 [MFSA 2006-12] secure-site spoof (requires security warning dialog)
6424573 [MFSA 2006-10] JavaScript garbage-collection hazard audit
6424574 [MFSA 2006-09] cross-site JavaScript injection using event handlers
6424577 [MFSA 2006-03] long document title causes startup denial of service
6424579 [MFSA 2006-01] JavaScript garbage-collection hazards
6461074 [S10U3] Mozilla cores on browsing to http://www.yahoo.com
 
(from 120672-01)
 
6352958 Mozilla 1.7 patch 119115-13 breaks "Automatic proxy configuration file"


Patch Installation Instructions:
-------------------------------- 
For Solaris 7-10 releases, refer to the man pages for instructions on
using 'patchadd' and 'patchrm' scripts provided with Solaris.
Any other special or non-generic installation instructions should be
described below as special instructions.  The following example
installs a patch to a standalone machine:
 
	example# patchadd /var/spool/patch/104945-02
 
The following example removes a patch from a standalone system:
 
	example# patchrm 104945-02
 
For additional examples please see the appropriate man pages.


Special Install Instructions:
----------------------------- 
Logout and login back to JDS after applying the patch.


README -- Last modified date: Saturday, November 10, 2012