FreeBSD : mozilla -- multiple vulnerabilities (bfecf7c1-af47-11e1-9580-4061862b8c22)

critical Nessus Plugin ID 59381

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

The Mozilla Project reports :

MFSA 2012-34 Miscellaneous memory safety hazards (rv:13.0/ rv:10.0.5)

MFSA 2012-36 Content Security Policy inline-script bypass

MFSA 2012-37 Information disclosure though Windows file shares and shortcut files

MFSA 2012-38 Use-after-free while replacing/inserting a node in a document

MFSA 2012-39 NSS parsing errors with zero length items

MFSA 2012-40 Buffer overflow and use-after-free issues found using Address Sanitizer

Solution

Update the affected packages.

See Also

https://www.mozilla.org/en-US/security/known-vulnerabilities/

https://www.mozilla.org/en-US/security/advisories/mfsa2012-34/

https://www.mozilla.org/en-US/security/advisories/mfsa2012-36/

https://www.mozilla.org/en-US/security/advisories/mfsa2012-37/

https://www.mozilla.org/en-US/security/advisories/mfsa2012-38/

https://www.mozilla.org/en-US/security/advisories/mfsa2012-39/

https://www.mozilla.org/en-US/security/advisories/mfsa2012-40/

http://www.nessus.org/u?c5e22f18

Plugin Details

Severity: Critical

ID: 59381

File Name: freebsd_pkg_bfecf7c1af4711e195804061862b8c22.nasl

Version: 1.11

Type: local

Published: 6/6/2012

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:firefox, p-cpe:/a:freebsd:freebsd:libxul, p-cpe:/a:freebsd:freebsd:linux-firefox, p-cpe:/a:freebsd:freebsd:linux-seamonkey, p-cpe:/a:freebsd:freebsd:linux-thunderbird, p-cpe:/a:freebsd:freebsd:seamonkey, p-cpe:/a:freebsd:freebsd:thunderbird, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 6/5/2012

Vulnerability Publication Date: 6/5/2012

Reference Information

CVE: CVE-2011-3101, CVE-2012-0441, CVE-2012-1937, CVE-2012-1938, CVE-2012-1939, CVE-2012-1940, CVE-2012-1941, CVE-2012-1944, CVE-2012-1945, CVE-2012-1946, CVE-2012-1947