Patch-ID# 120672-03 NOTE: *********************************************************************** READ THE TERMS OF THE AGREEMENT ("AGREEMENT") IN THE LEGAL_LICENSE.TXT FILE CAREFULLY BEFORE USING THIS SOFTWARE. BY USING THE SOFTWARE, YOU AGREE TO THE TERMS OF THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE TERMS, PROMPTLY DESTROY THE UNUSED SOFTWARE. *********************************************************************** Keywords: security mozilla web download automatic proxy Synopsis: Mozilla 1.7_x86 for Solaris 8 and 9 Date: Feb/05/2007 Install Requirements: NA Solaris Release: 8_x86 9_x86 SunOS Release: 5.8_x86 5.9_x86 Unbundled Product: Mozilla Unbundled Release: 1.7_x86 Xref: This patch available for SPARC as 120671 Topic: Relevant Architectures: i386 BugId's fixed with this patch: 6352958 6412730 6415123 6415128 6415131 6415133 6415135 6415138 6415142 6415143 6424493 6424545 6424548 6424551 6424560 6424563 6424567 6424568 6424573 6424574 6424577 6424579 6447020 6447021 6458750 6458753 6458754 6461074 Changes incorporated in this version: 6415123 6447020 6447021 6458750 6458753 6458754 Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: /usr/sfw/lib/mozilla/chrome/comm.jar /usr/sfw/lib/mozilla/components/libaddrbook.so /usr/sfw/lib/mozilla/components/libappcomps.so /usr/sfw/lib/mozilla/components/libcaps.so /usr/sfw/lib/mozilla/components/libcomposer.so /usr/sfw/lib/mozilla/components/libgklayout.so /usr/sfw/lib/mozilla/components/libhtmlpars.so /usr/sfw/lib/mozilla/components/libpipboot.so /usr/sfw/lib/mozilla/components/libpipnss.so /usr/sfw/lib/mozilla/components/libxpconnect.so /usr/sfw/lib/mozilla/greprefs/all.js /usr/sfw/lib/mozilla/libmozjs.so Problem Description: 6415123 [MFSA 2006-24] Mozilla crypto.generateCRMFRequest() vulnerability 6447020 [MFSA 2006-43] Mozilla privilege escalation using addSelectionListener 6447021 [MFSA 2006-38] Mozilla contains a buffer overflow vulnerability in crypto.signText() 6458750 [MFSA 2006-49] Mozilla products VCard attachment buffer overflow 6458753 [MFSA 2006-50] Mozilla JavaScript engine contains multiple integer overflows 6458754 [MFSA 2006-51] Mozilla products fail to properly validate JavaScript constructors (from 120672-02) 6461074 [s10u3] mozilla cores on browsing to http://www.yahoo.com 6412730 Mozilla: Localstore.rdf XML injection through XULDocument.persist() 6415128 [MFSA 2006-22] Mozilla CSS Letter-Spacing vulnerability 6415131 [MFSA 2006-16] Mozilla XBL binding vulnerability 6415133 [MFSA 2006-15] Mozilla JavaScript cloned parent vulnerability 6415135 [MFSA 2006-14] Mozilla privilege escalation vulnerability via XBL.method.eval 6415138 [MFSA 2006-18] Mozilla tag order memory corruption vulnerability 6415142 [MFSA 2006-11] Mozilla CSS, regex,... memory corruption vulnerabilities 6415143 [MFSA 2006-20] Mozilla DHTML memory corruption vulnerabilities 6424493 [MFSA 2006-27] Table rebuilding code execution vulnerability 6424545 [MFSA 2006-25] Privilege escalation through Print Preview 6424548 [MFSA 2006-23] File stealing by changing input type 6424551 [MFSA 2006-21] JavaScript execution in mail when forwarding in-line 6424560 [MFSA 2006-19] Cross-site scripting using .valueOf.call() 6424563 [MFSA 2006-17] cross-site scripting through window.controllers 6424567 [MFSA 2006-13] Downloading executables with "Save Image As..." 6424568 [MFSA 2006-12] Secure-site spoof (requires security warning dialog) 6424573 [MFSA 2006-10] JavaScript garbage-collection hazard audit 6424574 [MFSA 2006-09] Cross-site JavaScript injection using event handlers 6424577 [MFSA 2006-03] Long document title causes startup denial of service 6424579 [MFSA 2006-01] JavaScript garbage-collection hazards (from 120672-01) 6352958 Mozilla 1.7 patch 119115-13 breaks "Automatic proxy configuration file" Patch Installation Instructions: -------------------------------- For Solaris 7-10 releases, refer to the man pages for instructions on using 'patchadd' and 'patchrm' scripts provided with Solaris. Any other special or non-generic installation instructions should be described below as special instructions. The following example installs a patch to a standalone machine: example# patchadd /var/spool/patch/104945-02 The following example removes a patch from a standalone system: example# patchrm 104945-02 For additional examples please see the appropriate man pages. Special Install Instructions: ----------------------------- Logout and login back to JDS after applying the patch. README -- Last modified date: Monday, February 5, 2007