FreeBSD : mozilla -- privilege escalation via non-DOM property overrides (a6427195-c2c7-11d9-89f7-02061b08fc24)

This script is Copyright (C) 2005-2015 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

A Mozilla Foundation Security Advisory reports :

Additional checks were added to make sure JavaScript eval and Script
objects are run with the privileges of the context that created them,
not the potentially elevated privilege of the context calling them in
order to protect against an additional variant of MFSA 2005-41.

The Mozilla Foundation Security Advisory MFSA 2005-41 reports :

moz_bug_r_a4 reported several exploits giving an attacker the ability
to install malicious code or steal data, requiring only that the user
do commonplace actions like click on a link or open the context menu.

See also :

http://www.mozilla.org/security/announce/mfsa2005-44.html
http://www.nessus.org/u?351415cc

Solution :

Update the affected packages.

Risk factor :

High

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 19063 (freebsd_pkg_a6427195c2c711d989f702061b08fc24.nasl)

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now