Patch-ID# 117766-04 Keywords: security mozilla crash iframe default application not in the "save as" Synopsis: Mozilla 1.4_x86: Base Libraries patch Date: Jan/31/2005 Install Requirements: NA Solaris Release: 8_x86 SunOS Release: 5.8_x86 Unbundled Product: Mozilla Unbundled Release: 1.4_x86 Xref: This patch available for SPARC as 117765 Topic: Relevant Architectures: i386 BugId's fixed with this patch: 5040005 5053849 5090528 5090529 5090530 5090583 5091014 5091109 5091115 5091116 5091120 5091123 5091146 5108583 5108586 5108587 5108588 5108590 5108591 6177442 6189155 6212354 Changes incorporated in this version: 6212354 Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: /usr/sfw/lib/mozilla/chrome/comm.jar /usr/sfw/lib/mozilla/chrome/toolkit.jar /usr/sfw/lib/mozilla/components/browser.xpt /usr/sfw/lib/mozilla/components/libaccessibility.so /usr/sfw/lib/mozilla/components/libcaps.so /usr/sfw/lib/mozilla/components/libchrome.so /usr/sfw/lib/mozilla/components/libcomposer.so /usr/sfw/lib/mozilla/components/libdocshell.so /usr/sfw/lib/mozilla/components/libeditor.so /usr/sfw/lib/mozilla/components/libembedcomponents.so /usr/sfw/lib/mozilla/components/libgfxps.so /usr/sfw/lib/mozilla/components/libgklayout.so /usr/sfw/lib/mozilla/components/libgkplugin.so /usr/sfw/lib/mozilla/components/libimglib2.so /usr/sfw/lib/mozilla/components/libimpComm4xMail.so /usr/sfw/lib/mozilla/components/libinspector.so /usr/sfw/lib/mozilla/components/libjsdom.so /usr/sfw/lib/mozilla/components/liblocalmail.so /usr/sfw/lib/mozilla/components/libmsgcompose.so /usr/sfw/lib/mozilla/components/libnecko.so /usr/sfw/lib/mozilla/components/libnsappshell.so /usr/sfw/lib/mozilla/components/libpipboot.so /usr/sfw/lib/mozilla/components/libpipnss.so /usr/sfw/lib/mozilla/components/libpref.so /usr/sfw/lib/mozilla/components/libtransformiix.so /usr/sfw/lib/mozilla/components/libtypeaheadfind.so /usr/sfw/lib/mozilla/components/libvcard.so /usr/sfw/lib/mozilla/components/libwallet.so /usr/sfw/lib/mozilla/components/libwidget_gtk2.so /usr/sfw/lib/mozilla/components/libxmlextras.so /usr/sfw/lib/mozilla/components/libxpconnect.so /usr/sfw/lib/mozilla/components/libxpinstall.so /usr/sfw/lib/mozilla/defaults/pref/all.js /usr/sfw/lib/mozilla/libmsgbaseutil.so /usr/sfw/lib/mozilla/libnspr4.so /usr/sfw/lib/mozilla/libnss3.so /usr/sfw/lib/mozilla/libplc4.so /usr/sfw/lib/mozilla/libplds4.so /usr/sfw/lib/mozilla/libsmime3.so /usr/sfw/lib/mozilla/libssl3.so /usr/sfw/lib/mozilla/libxpcom.so /usr/sfw/lib/mozilla/mozilla-bin /usr/sfw/lib/mozilla/xpicleanup /usr/sfw/lib/mozilla/libjsj.so Problem Description: 6212354 Mozilla 1.4 sometimes does not display pulldown menus after installing patch 117767-03 (from 117766-03) 6177442 Mozilla 1.4 grows very large with javascript and java applet that rewrites page 6189155 javascript to java string uses up java_vm memory (eventually OutOfMemoryError) (from 117766-02) 5090528 Netscape SOAPParameter Constructor Integer Overflow Vulnerability 5090529 new libpng buffer overflow vulnerabilities 5090530 a flaw in the POP3 capability 5090583 Importing false CA certificate leading to error -8182 (perm DoS) 5091014 null () in filename fakes extension (ftp) 5091109 can spoof framed sites by changing frame contents 5091115 SSL Certificate Spoof -- Allows malicious page to present SSL certificate 5091116 pop up XPInstall/security dialog when user is about to click 5091120 lock icon and certificates spoofable with onunload document.write 5091123 Untrusted web content can display content using "chrome" flag in window 5091146 Certificate name matching for non-FQDNs is insecure 5108583 Responses from a malicious POP3 mail server can trigger heap overruns 5108586 browser accepts dragged javascript: links (same-origin security hole) 5108587 BMP integer overflow exploits 5108590 Text fields give scripts access to the user's clipboard 5108591 heap overflows triggered by "send page" 5108588 stack based buffer overflow with vcards when previewing email message (from 117766-01) 5040005 Mozilla crashes when an IFrame is included in DIV with display:none Moz 5053849 default application not in the "Save as" dialog when open attachment Patch Installation Instructions: -------------------------------- For Solaris 2.0-2.6 releases, refer to the Install.info file and/or the README within the patch for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. For Solaris 7 release, refer to the man pages for instructions on using 'patchadd' and 'patchrm' scripts provided with Solaris. Any other special or non-generic installation instructions should be described below as special instructions. The following example installs a patch to a standalone machine: example# patchadd /var/spool/patch/104945-02 The following example removes a patch from a standalone system: example# patchrm 104945-02 For additional examples please see the appropriate man pages. Special Install Instructions: ----------------------------- None. README -- Last modified date: Monday, January 31, 2005