Patch-ID# 119115-08 Keywords: security mozilla jds memory crash roaming Synopsis: Mozilla 1.7 patch Date: Jul/19/2005 Install Requirements: NA Solaris Release: 10 SunOS Release: 5.10 Unbundled Product: Mozilla Unbundled Release: 1.7 Xref: This patch available for x86 as 119116 Topic: Relevant Architectures: sparc BugId's fixed with this patch: 5077554 6177442 6192644 6200990 6200994 6200999 6202289 6211632 6216830 6221725 6224482 6224900 6225441 6228782 6234566 6245856 6247811 6247837 6247838 6247849 6248466 6248468 6248516 6248547 6248548 6248557 6248594 6248613 6249776 6249777 6249778 6255667 6259266 6259860 6259866 6259873 6259902 6260571 6260573 6269887 Changes incorporated in this version: 6269887 Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: /usr/sfw/lib/mozilla/chrome/en-US.jar /usr/sfw/lib/mozilla/chrome/sroaming.jar /usr/sfw/lib/mozilla/chrome/toolkit.jar /usr/sfw/lib/mozilla/components/caps.xpt /usr/sfw/lib/mozilla/components/content_base.xpt /usr/sfw/lib/mozilla/components/docshell.xpt /usr/sfw/lib/mozilla/components/libaccessibility.so /usr/sfw/lib/mozilla/components/libappcomps.so /usr/sfw/lib/mozilla/components/libcaps.so /usr/sfw/lib/mozilla/components/libcomposer.so /usr/sfw/lib/mozilla/components/libcookie.so /usr/sfw/lib/mozilla/components/libdocshell.so /usr/sfw/lib/mozilla/components/libeditor.so /usr/sfw/lib/mozilla/components/libembedcomponents.so /usr/sfw/lib/mozilla/components/libgfx_gtk.so /usr/sfw/lib/mozilla/components/libgklayout.so /usr/sfw/lib/mozilla/components/libgkplugin.so /usr/sfw/lib/mozilla/components/libimglib2.so /usr/sfw/lib/mozilla/components/libmailnews.so /usr/sfw/lib/mozilla/components/libmsgcompose.so /usr/sfw/lib/mozilla/components/libnecko.so /usr/sfw/lib/mozilla/components/libnecko2.so /usr/sfw/lib/mozilla/components/libnsappshell.so /usr/sfw/lib/mozilla/components/libpipboot.so /usr/sfw/lib/mozilla/components/libpref.so /usr/sfw/lib/mozilla/components/librdf.so /usr/sfw/lib/mozilla/components/libsroaming.so /usr/sfw/lib/mozilla/components/libtransformiix.so /usr/sfw/lib/mozilla/components/libtypeaheadfind.so /usr/sfw/lib/mozilla/components/libwebbrwsr.so /usr/sfw/lib/mozilla/components/libwebsrvcs.so /usr/sfw/lib/mozilla/components/libwidget_gtk2.so /usr/sfw/lib/mozilla/components/libxpconnect.so /usr/sfw/lib/mozilla/components/libxpinstall.so /usr/sfw/lib/mozilla/components/nsHelperAppDlg.js /usr/sfw/lib/mozilla/components/search.xpt /usr/sfw/lib/mozilla/greprefs/all.js /usr/sfw/lib/mozilla/libmozjs.so /usr/sfw/lib/mozilla/libxpcom.so /usr/sfw/lib/mozilla/mozilla-bin /usr/sfw/lib/mozilla/regxpcom /usr/sfw/lib/mozilla/run-mozilla.sh /usr/sfw/lib/mozilla/chrome/comm.jar Problem Description: 6269887:[MFSA 2005-42] Code execution via javascript: IconURL (from 119115-07) 6248548 [community security] MFSA 2005-29 Internationalized Domain Name (IDN) homograph spoofing 6249776 [MFSA 2005-32] Drag and drop gestures can be hijacked to load privileged xul 6259266 [MFSA 2005-41] Privileged escalation via DOM property overrides 6259860 [MFSA 2005-37] Code execution through javascript: favicons 6259866 [MFSA 2005-36] Cross-site Scripting through global scope pollution 6259873 [MFSA 2005-33] Javascript "lambda" replace exposes memory contents 6259902 [MFSA 2005-40] Missing Install object instance checks 6260571 [MFSA 2005-35] Showing blocked javascript: popup uses wrong privileged context 6260573 [MFSA 2005-38] Search plugin cross-site scripting (from 119115-06) 6255667 Triple click required for drop down menu. This happens in application Apollo. (from 119115-05) 6247811 [community security] MFSA 2005-27 Plugins can be used to load privileged content 6247837 [community security] MFSA 2005-26 Cross-site scripting by dropping javascript: link on tab 6247838 [community security] MFSA 2005-24 HTTP auth prompt tab spoofing 6247849 [community security] MFSA 2005-30 GIF heap overflow parsing Netscape extension 6248466 [community security] MFSA 2005-15 Heap overflow possible in UTF8 to Unicode conversion 6248468 [community security] MFSA 2005-18 Memory overwrite in string library 6248516 [community security] MFSA 2005-13 Window Injection Spoofing 6248547 [community security] MFSA 2005-20 XSLT can include stylesheets from arbitrary hosts 6248557 [community security] MFSA 2005-14 SSL "secure site" indicator spoofing 6248594 [community security] MFSA 2005-28 Unsafe /tmp/plugtmp directory exploitable to erase user's files 6248613 [MFSA2005-22] "Save Link As" Download Dialog spoofing Vulnerability. 6249777 [MFSA 2005-23] Download dialog source spoofing 6249778 [MFSA 2005-17] Install source spoofing with user:pass@host (from 119115-04) 6245856 Mozilla just drops core on startup (from 119115-03) 6221725 [keyboard] Ctrl+Shift+Home/End doesn't work while caret browsing 6211632 [keyboard] Pressing Ctrl+Backspace twice in an RTL textarea crashes the browser 6192644 [keyboard] Ctrl+Home can't work in www.yahoo.com and www.mozilla.org. 6200999 "user preference" roaming item does not take effect 6200994 Need restart Mozilla to make the "Window settings" roaming item take effect 5077554 Roaming "File/Copy" will destroy user's profile 6200990 Need restart Mozilla to make the "cookie permission" roaming item take effect 6202289 Need restart Mozilla to make "cookies" roaming item take effect 6224482 in file/copy mode, when conflict happens, no server/client time and size info in conflict UI 6225441 warning dialog should NOT pop up when starts up the Mozilla Roaming profile 6228782 Cannot print content of text fields 6216830 Mozilla URL bar failing to emit selection change events (at least, Gnopernicus isn't speaking them) 6224900 partial commit erase remaining preedit strings in Mozilla on Solaris 10 6234566 Mozilla still sets LD_LIBRARY_PATH (from 119115-02) 6221725 [keyboard] Ctrl+Shift+Home/End doesn't work while caret browsing 6211632 [keyboard] Pressing Ctrl+Backspace twice in an RTL textarea crashes browser 6192644 [keyboard] Ctrl+Home can't work in www.yahoo.com and www.mozilla.org. 6200999 "user preference" roaming item does not take effect 6200994 Need restart Mozilla to make the "Window settings" roaming item take effect 5077554 Roaming "File/Copy" will destroy user's profile 6200990 Need restart Mozilla to make the "cookie permission" roaming item take effect 6202289 Need restart Mozilla to make "cookies" roaming item take effect 6224482 in file/copy mode, when conflict happens, no server/client time and size info in conflict UI6225441 The warning dialog should NOT pop up when starts up the Mozilla Roaming profile (from 119115-01) 6177442 Mozilla 1.4 grows very large with javascript and java applet that rewrites page Patch Installation Instructions: -------------------------------- For Solaris 2.0-2.6 releases, refer to the Install.info file and/or the README within the patch for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. For Solaris 7-10 release, refer to the man pages for instructions on using 'patchadd' and 'patchrm' scripts provided with Solaris. Any other special or non-generic installation instructions should be described below as special instructions. The following example installs a patch to a standalone machine: example# patchadd /var/spool/patch/104945-02 The following example removes a patch from a standalone system: example# patchrm 104945-02 For additional examples please see the appropriate man pages. Special Install Instructions: ----------------------------- To see Internationalized Domain Names (IDN) in your native language, type about:config in the locations field, scroll down to network.IDN_show_punycode and set the default value from true to false. README -- Last modified date: Tuesday, July 19, 2005