FreeBSD : mozilla -- multiple vulnerabilities (01c57d20-ea26-11de-bd39-00248c9b4be7)

high Nessus Plugin ID 43176

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

Mozilla Project reports :

MFSA 2009-71 GeckoActiveXObject exception messages can be used to enumerate installed COM objects

MFSA 2009-70 Privilege escalation via chrome window.opener

MFSA 2009-69 Location bar spoofing vulnerabilities

MFSA 2009-68 NTLM reflection vulnerability

MFSA 2009-67 Integer overflow, crash in libtheora video library

MFSA 2009-66 Memory safety fixes in liboggplay media library

MFSA 2009-65 Crashes with evidence of memory corruption (rv:1.9.1.6/ 1.9.0.16)

Solution

Update the affected packages.

See Also

https://www.mozilla.org/en-US/security/advisories/mfsa2009-71/

https://www.mozilla.org/en-US/security/advisories/mfsa2009-70/

https://www.mozilla.org/en-US/security/advisories/mfsa2009-69/

https://www.mozilla.org/en-US/security/advisories/mfsa2009-68/

https://www.mozilla.org/en-US/security/advisories/mfsa2009-67/

https://www.mozilla.org/en-US/security/advisories/mfsa2009-66/

https://www.mozilla.org/en-US/security/advisories/mfsa2009-65/

http://www.nessus.org/u?7b1eadff

Plugin Details

Severity: High

ID: 43176

File Name: freebsd_pkg_01c57d20ea2611debd3900248c9b4be7.nasl

Version: 1.19

Type: local

Published: 12/17/2009

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:firefox, p-cpe:/a:freebsd:freebsd:linux-firefox, p-cpe:/a:freebsd:freebsd:linux-seamonkey, p-cpe:/a:freebsd:freebsd:seamonkey, p-cpe:/a:freebsd:freebsd:thunderbird, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 12/16/2009

Vulnerability Publication Date: 12/16/2009

Reference Information

CVE: CVE-2009-3388, CVE-2009-3389, CVE-2009-3979, CVE-2009-3980, CVE-2009-3981, CVE-2009-3982, CVE-2009-3983, CVE-2009-3984, CVE-2009-3985, CVE-2009-3986

CWE: 189, 399, 94