Patch-ID# 117767-02 Keywords: security mozilla crashs iframe default application not in the "save as" Synopsis: Mozilla 1.4: Base Libraries patch for Solaris 9 Date: Dec/21/2004 Install Requirements: None Solaris Release: 9 SunOS Release: 5.9 Unbundled Product: Mozilla Unbundled Release: 1.4 Xref: This patch available for x86 as 117768 Topic: Relevant Architectures: sparc BugId's fixed with this patch: 5040005 5053849 5090528 5090529 5090530 5090583 5091014 5091109 5091115 5091116 5091120 5091123 5091146 5108583 5108586 5108587 5108588 5108590 5108591 Changes incorporated in this version: 5091146 5090528 5090529 5090530 5090583 5091014 5091109 5091115 5091116 5091120 5091123 5108583 5108588 5108586 5108587 5108590 5108591 Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: /usr/sfw/lib/mozilla/chrome/toolkit.jar /usr/sfw/lib/mozilla/components/browser.xpt /usr/sfw/lib/mozilla/components/libaccessibility.so /usr/sfw/lib/mozilla/components/libcaps.so /usr/sfw/lib/mozilla/components/libchrome.so /usr/sfw/lib/mozilla/components/libcomposer.so /usr/sfw/lib/mozilla/components/libdocshell.so /usr/sfw/lib/mozilla/components/libeditor.so /usr/sfw/lib/mozilla/components/libembedcomponents.so /usr/sfw/lib/mozilla/components/libgfxps.so /usr/sfw/lib/mozilla/components/libgklayout.so /usr/sfw/lib/mozilla/components/libgkplugin.so /usr/sfw/lib/mozilla/components/libimglib2.so /usr/sfw/lib/mozilla/components/libimpComm4xMail.so /usr/sfw/lib/mozilla/components/libinspector.so /usr/sfw/lib/mozilla/components/libjsdom.so /usr/sfw/lib/mozilla/components/liblocalmail.so /usr/sfw/lib/mozilla/components/libmsgcompose.so /usr/sfw/lib/mozilla/components/libnecko.so /usr/sfw/lib/mozilla/components/libnsappshell.so /usr/sfw/lib/mozilla/components/libpipboot.so /usr/sfw/lib/mozilla/components/libpipnss.so /usr/sfw/lib/mozilla/components/libpref.so /usr/sfw/lib/mozilla/components/libtransformiix.so /usr/sfw/lib/mozilla/components/libtypeaheadfind.so /usr/sfw/lib/mozilla/components/libvcard.so /usr/sfw/lib/mozilla/components/libwallet.so /usr/sfw/lib/mozilla/components/libwidget_gtk2.so /usr/sfw/lib/mozilla/components/libxmlextras.so /usr/sfw/lib/mozilla/components/libxpconnect.so /usr/sfw/lib/mozilla/components/libxpinstall.so /usr/sfw/lib/mozilla/defaults/pref/all.js /usr/sfw/lib/mozilla/libmsgbaseutil.so /usr/sfw/lib/mozilla/libnspr4.so /usr/sfw/lib/mozilla/libnss3.so /usr/sfw/lib/mozilla/libplc4.so /usr/sfw/lib/mozilla/libplds4.so /usr/sfw/lib/mozilla/libsmime3.so /usr/sfw/lib/mozilla/libssl3.so /usr/sfw/lib/mozilla/libxpcom.so /usr/sfw/lib/mozilla/mozilla-bin /usr/sfw/lib/mozilla/xpicleanup /usr/sfw/lib/mozilla/chrome/comm.jar Problem Description: 5091146 Certificate name matching for non-FQDNs is insecure 5090528 Netscape SOAPParameter Constructor Integer Overflow Vulnerability 5090529 new libpng buffer overflow vulnerabilities 5090530 a flaw in the POP3 capability 5090583 Importing false CA certificate leading to error -8182 (perm DoS) 5091014 null () in filename fakes extension (ftp) 5091109 can spoof framed sites by changing frame contents 5091115 SSL Certificate Spoof -- Allows malicious page to present SSL certificate 5091116 pop up XPInstall/security dialog when user is about to click 5091120 lock icon and certificates spoofable with onunload document.write 5091123 Untrusted web content can display content using "chrome" flag in window 5108583 Responses from a malicious POP3 mail server can trigger heap overruns 5108588 stack based buffer overflow with vcards when previewing email message 5108586 browser accepts dragged javascript: links (same-origin security hole) 5108587 BMP integer overflow exploits 5108590 Text fields give scripts access to the user's clipboard 5108591 heap overflows triggered by "send page" (from 117767-01) 5040005 Mozilla crashes when an IFrame is included in DIV with display:none Moz 5053849 default application not in the "Save as" dialog when open attachment Patch Installation Instructions: -------------------------------- For Solaris 2.0-2.6 releases, refer to the Install.info file and/or the README within the patch for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. For Solaris 7-9 releases, refer to the man pages for instructions on using 'patchadd' and 'patchrm' scripts provided with Solaris. Any other special or non-generic installation instructions should be described below as special instructions. The following example installs a patch to a standalone machine: example# patchadd /var/spool/patch/104945-02 The following example removes a patch from a standalone system: example# patchrm 104945-02 For additional examples please see the appropriate man pages. Special Install Instructions: ----------------------------- None. README -- Last modified date: Wednesday, December 22, 2004