Patch-ID# 120672-08
Download this patch from My Oracle Support
Your use of the firmware, software and any other materials contained
in this update is subject to My Oracle Support Terms of Use, which
may be viewed at My Oracle Support.
|
For further information on patching best practices and resources, please
see the following links:
|
Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
|
Keywords: security mozilla web download automatic proxy
Synopsis: Mozilla 1.7_x86 for Solaris 8 and 9
Date: Sep/02/2008
Install Requirements: NA
Solaris Release: 8_x86 9_x86
SunOS Release: 5.8_x86 5.9_x86
Unbundled Product: Mozilla
Unbundled Release: 1.7_x86
Xref: This patch available for SPARC as 120671
Topic:
Relevant Architectures: i386
Bugs fixed with this patch:
Changes incorporated in this version: 6564240 6501194
Patches accumulated and obsoleted by this patch:
Patches which conflict with this patch:
Patches required with this patch:
Obsoleted by:
Files included with this patch:
<install_dir>/sfw/lib/mozilla/chrome/comm.jar
<install_dir>/sfw/lib/mozilla/components/libaddrbook.so
<install_dir>/sfw/lib/mozilla/components/libappcomps.so
<install_dir>/sfw/lib/mozilla/components/libcaps.so
<install_dir>/sfw/lib/mozilla/components/libcomposer.so
<install_dir>/sfw/lib/mozilla/components/libdocshell.so
<install_dir>/sfw/lib/mozilla/components/libgklayout.so
<install_dir>/sfw/lib/mozilla/components/libgkplugin.so
<install_dir>/sfw/lib/mozilla/components/libhtmlpars.so
<install_dir>/sfw/lib/mozilla/components/libi18n.so
<install_dir>/sfw/lib/mozilla/components/libmime.so
<install_dir>/sfw/lib/mozilla/components/libmimeemitter.so
<install_dir>/sfw/lib/mozilla/components/libnecko.so
<install_dir>/sfw/lib/mozilla/components/libpipboot.so
<install_dir>/sfw/lib/mozilla/components/libpipnss.so
<install_dir>/sfw/lib/mozilla/components/librdf.so
<install_dir>/sfw/lib/mozilla/components/libtransformiix.so
<install_dir>/sfw/lib/mozilla/components/libtypeaheadfind.so
<install_dir>/sfw/lib/mozilla/components/libuconv.so
<install_dir>/sfw/lib/mozilla/components/libwallet.so
<install_dir>/sfw/lib/mozilla/components/libwebbrwsr.so
<install_dir>/sfw/lib/mozilla/components/libwidget_gtk2.so
<install_dir>/sfw/lib/mozilla/components/libxpconnect.so
<install_dir>/sfw/lib/mozilla/components/libxpinstall.so
<install_dir>/sfw/lib/mozilla/greprefs/all.js
<install_dir>/sfw/lib/mozilla/libgkgfx.so
<install_dir>/sfw/lib/mozilla/libmozjs.so
<install_dir>/sfw/lib/mozilla/libmsgbaseutil.so
<install_dir>/sfw/lib/mozilla/libnspr4.so
<install_dir>/sfw/lib/mozilla/libnss3.so
<install_dir>/sfw/lib/mozilla/libsmime3.so
<install_dir>/sfw/lib/mozilla/libsoftokn3.so
<install_dir>/sfw/lib/mozilla/libxpcom.so
Problem Description:
6564240 [MFSA 2007-12] VU#609956 [CVE-2007-2868] JavaScript engine memory corruption
6501194 [MFSA#2006-65] [CVE-2006-5748] potential memory corruption in the JavaScript engine
(from 120672-07)
6499437 [MFSA#2006-67] Running Script can be recompiled
(from 120672-06)
6447023 [MFSA 2006-32] Mozilla contains multiple memory corruption vulnerabilities
6458755 [MFSA 2006-55] Mozilla contains multiple memory corruption vulnerabilities
6508397 [MFSA 2006-68] VU#447772 [CVE-2006-6498] JavaScript engine vulnerability
(from 120672-05)
6458752 [MFSA 2006-50] Mozilla fails to properly handle garbage collection
6508395 [MFSA 2006-68] VU#606260 [CVE-2006-6497] layout engine vulnerability
6508398 [MFSA 2006-68] VU#606260 [CVE-2006-6499] js_dtoa vulnerability
6508400 [MFSA 2006-74] VU#887332 [CVE-2006-6505] mail header buffer overflows
(from 120672-04)
6488248 [MFSA 2006-60] Mozilla(NSS) RSA signature forgery issue
6499438 [MFSA#2006-66] RSA Signature Forgery (variant)
6447022 [MSFA 2006-37] Mozilla may process content-defined setters on object prototypes with elevated privileges
(from 120672-03)
6415123 [MFSA 2006-24] Mozilla crypto.generateCRMFRequest() vulnerability
6447020 [MFSA 2006-43] Mozilla privilege escalation using addSelectionListener
6447021 [MFSA 2006-38] Mozilla contains a buffer overflow vulnerability in crypto.signText()
6458750 [MFSA 2006-49] Mozilla products VCard attachment buffer overflow
6458753 [MFSA 2006-50] Mozilla JavaScript engine contains multiple integer overflows
6458754 [MFSA 2006-51] Mozilla products fail to properly validate JavaScript constructors
(from 120672-02)
6412730 Mozilla: Localstore.rdf XML injection through XULDocument.persist()
6415128 [MFSA 2006-22] Mozilla CSS Letter-Spacing vulnerability
6415131 [MFSA 2006-16] Mozilla XBL binding vulnerability
6415133 [MFSA 2006-15] Mozilla JavaScript cloned parent vulnerability
6415135 [MFSA 2006-14] Mozilla privilege escalation vulnerability via XBL.method.eval
6415138 [MFSA 2006-18] Mozilla tag order memory corruption vulnerability
6415142 [MFSA 2006-11] Mozilla CSS, regex,... memory corruption vulnerabilities
6415143 [MFSA 2006-20] Mozilla DHTML memory corruption vulnerabilities
6424493 [MFSA 2006-27] table rebuilding code execution vulnerability
6424545 [MFSA 2006-25] privilege escalation through Print Preview
6424548 [MFSA 2006-23] file stealing by changing input type
6424551 [MFSA 2006-21] JavaScript execution in mail when forwarding in-line
6424560 [MFSA 2006-19] cross-site scripting using .valueOf.call()
6424563 [MFSA 2006-17] cross-site scripting through window.controllers
6424567 [MFSA 2006-13] downloading executables with "Save Image As..."
6424568 [MFSA 2006-12] secure-site spoof (requires security warning dialog)
6424573 [MFSA 2006-10] JavaScript garbage-collection hazard audit
6424574 [MFSA 2006-09] cross-site JavaScript injection using event handlers
6424577 [MFSA 2006-03] long document title causes startup denial of service
6424579 [MFSA 2006-01] JavaScript garbage-collection hazards
6461074 [S10U3] Mozilla cores on browsing to http://www.yahoo.com
(from 120672-01)
6352958 Mozilla 1.7 patch 119115-13 breaks "Automatic proxy configuration file"
Patch Installation Instructions:
--------------------------------
For Solaris 7-10 releases, refer to the man pages for instructions on
using 'patchadd' and 'patchrm' scripts provided with Solaris.
Any other special or non-generic installation instructions should be
described below as special instructions. The following example
installs a patch to a standalone machine:
example# patchadd /var/spool/patch/104945-02
The following example removes a patch from a standalone system:
example# patchrm 104945-02
For additional examples please see the appropriate man pages.
Special Install Instructions:
-----------------------------
Logout and login back to JDS after applying the patch.
README -- Last modified date: Saturday, November 10, 2012