FreeBSD : mozilla -- multiple vulnerabilities (bd62c640-9bb9-11e4-a5ad-000c297fb80f)

high Nessus Plugin ID 80538

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

The Mozilla Project reports :

MFSA-2015-01 Miscellaneous memory safety hazards (rv:35.0 / rv:31.4)

MFSA-2015-02 Uninitialized memory use during bitmap rendering

MFSA-2015-03 sendBeacon requests lack an Origin header

MFSA-2015-04 Cookie injection through Proxy Authenticate responses

MFSA-2015-05 Read of uninitialized memory in Web Audio

MFSA-2015-06 Read-after-free in WebRTC

MFSA-2015-07 Gecko Media Plugin sandbox escape

MFSA-2015-08 Delegated OCSP responder certificates failure with id-pkix-ocsp-nocheck extension

MFSA-2015-09 XrayWrapper bypass through DOM objects

Solution

Update the affected packages.

See Also

https://www.mozilla.org/en-US/security/advisories/mfsa2015-01/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-02/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-03/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-04/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-05/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-06/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-07/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-08/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-09/

https://www.mozilla.org/en-US/security/advisories/

http://www.nessus.org/u?a25533e4

Plugin Details

Severity: High

ID: 80538

File Name: freebsd_pkg_bd62c6409bb911e4a5ad000c297fb80f.nasl

Version: 1.11

Type: local

Published: 1/15/2015

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.3

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:firefox, p-cpe:/a:freebsd:freebsd:firefox-esr, p-cpe:/a:freebsd:freebsd:libxul, p-cpe:/a:freebsd:freebsd:linux-firefox, p-cpe:/a:freebsd:freebsd:linux-seamonkey, p-cpe:/a:freebsd:freebsd:linux-thunderbird, p-cpe:/a:freebsd:freebsd:seamonkey, p-cpe:/a:freebsd:freebsd:thunderbird, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/14/2015

Vulnerability Publication Date: 1/13/2015

Exploitable With

Metasploit (Firefox Proxy Prototype Privileged Javascript Injection)

Reference Information

CVE: CVE-2014-8634, CVE-2014-8635, CVE-2014-8636, CVE-2014-8637, CVE-2014-8638, CVE-2014-8639, CVE-2014-8640, CVE-2014-8641, CVE-2014-8642, CVE-2014-8643