FreeBSD : mozilla -- multiple vulnerabilities (49e8f2ee-8147-11de-a994-0030843d3802)

high Nessus Plugin ID 40485

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

Mozilla Project reports :

MFSA 2009-38: Data corruption with SOCKS5 reply containing DNS name longer than 15 characters

MFSA 2009-42: Compromise of SSL-protected communication

MFSA 2009-43: Heap overflow in certificate regexp parsing

MFSA 2009-44: Location bar and SSL indicator spoofing via window.open() on invalid URL

MFSA 2009-45: Crashes with evidence of memory corruption (rv:1.9.1.2/1.9.0.13)

MFSA 2009-46: Chrome privilege escalation due to incorrectly cached wrapper

Solution

Update the affected packages.

See Also

https://www.mozilla.org/en-US/security/advisories/mfsa2009-38/

https://www.mozilla.org/en-US/security/advisories/mfsa2009-42/

https://www.mozilla.org/en-US/security/advisories/mfsa2009-43/

https://www.mozilla.org/en-US/security/advisories/mfsa2009-44/

https://www.mozilla.org/en-US/security/advisories/mfsa2009-45/

https://www.mozilla.org/en-US/security/advisories/mfsa2009-46/

http://www.nessus.org/u?b73e9fa9

Plugin Details

Severity: High

ID: 40485

File Name: freebsd_pkg_49e8f2ee814711dea9940030843d3802.nasl

Version: 1.21

Type: local

Published: 8/5/2009

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:firefox, p-cpe:/a:freebsd:freebsd:linux-firefox, p-cpe:/a:freebsd:freebsd:linux-firefox-devel, p-cpe:/a:freebsd:freebsd:linux-seamonkey, p-cpe:/a:freebsd:freebsd:linux-seamonkey-devel, p-cpe:/a:freebsd:freebsd:linux-thunderbird, p-cpe:/a:freebsd:freebsd:seamonkey, p-cpe:/a:freebsd:freebsd:thunderbird, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 8/4/2009

Vulnerability Publication Date: 8/3/2009

Reference Information

CVE: CVE-2009-2404, CVE-2009-2408, CVE-2009-2454, CVE-2009-2470

CWE: 119, 20, 310, 79