FreeBSD : mozilla -- multiple vulnerabilities (3b18e237-2f15-11de-9672-0030843d3802)

medium Nessus Plugin ID 36212

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

Mozilla Foundation reports :

MFSA 2009-22: Firefox allows Refresh header to redirect to javascript:
URIs

MFSA 2009-21: POST data sent to wrong site when saving web page with embedded frame

MFSA 2009-20: Malicious search plugins can inject code into arbitrary sites

MFSA 2009-19: Same-origin violations in XMLHttpRequest and XPCNativeWrapper.toString

MFSA 2009-18: XSS hazard using third-party stylesheets and XBL bindings

MFSA 2009-17: Same-origin violations when Adobe Flash loaded via view-source: scheme

MFSA 2009-16: jar: scheme ignores the content-disposition: header on the inner URI

MFSA 2009-15: URL spoofing with box drawing character

MFSA 2009-14 Crashes with evidence of memory corruption (rv:1.9.0.9)

Solution

Update the affected packages.

See Also

https://www.mozilla.org/en-US/security/advisories/mfsa2009-21/

https://www.mozilla.org/en-US/security/advisories/mfsa2009-20/

https://www.mozilla.org/en-US/security/advisories/mfsa2009-19/

https://www.mozilla.org/en-US/security/advisories/mfsa2009-18/

https://www.mozilla.org/en-US/security/advisories/mfsa2009-17/

https://www.mozilla.org/en-US/security/advisories/mfsa2009-16/

https://www.mozilla.org/en-US/security/advisories/mfsa2009-15/

https://www.mozilla.org/en-US/security/advisories/mfsa2009-14/

http://www.nessus.org/u?5f1d1c96

https://www.mozilla.org/en-US/security/advisories/mfsa2009-22/

Plugin Details

Severity: Medium

ID: 36212

File Name: freebsd_pkg_3b18e2372f1511de96720030843d3802.nasl

Version: 1.28

Type: local

Published: 4/22/2009

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.6

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.6

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:firefox, p-cpe:/a:freebsd:freebsd:linux-firefox, p-cpe:/a:freebsd:freebsd:linux-firefox-devel, p-cpe:/a:freebsd:freebsd:linux-seamonkey, p-cpe:/a:freebsd:freebsd:linux-seamonkey-devel, p-cpe:/a:freebsd:freebsd:linux-thunderbird, p-cpe:/a:freebsd:freebsd:seamonkey, p-cpe:/a:freebsd:freebsd:thunderbird, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/22/2009

Vulnerability Publication Date: 4/21/2009

Reference Information

CVE: CVE-2009-1302, CVE-2009-1303, CVE-2009-1304, CVE-2009-1305, CVE-2009-1306, CVE-2009-1307, CVE-2009-1308, CVE-2009-1309, CVE-2009-1310, CVE-2009-1311, CVE-2009-1312

BID: 34656

CWE: 16, 20, 200, 399, 79