FreeBSD : mozilla -- privilege escalation via DOM property overrides (f650d5b8-ae62-11d9-a788-0001020eed82)

This script is Copyright (C) 2005-2015 Tenable Network Security, Inc.

Synopsis :

The remote FreeBSD host is missing one or more security-related

Description :

A Mozilla Foundation Security Advisory reports :

moz_bug_r_a4 reported several exploits giving an attacker the ability
to install malicious code or steal data, requiring only that the user
do commonplace actions like click on a link or open the context menu.
The common cause in each case was privileged UI code ('chrome') being
overly trusting of DOM nodes from the content window. Scripts in the
web page can override properties and methods of DOM nodes and shadow
the native values, unless steps are taken to get the true underlying

We found that most extensions also interacted with content DOM in a
natural, but unsafe, manner. Changes were made so that chrome code
using this natural DOM coding style will now automatically use the
native DOM value if it exists without having to use cumbersome wrapper

Most of the specific exploits involved tricking the privileged code
into calling eval() on an attacker-supplied script string, or the
equivalent using the Script() object. Checks were added in the
security manager to make sure eval and Script objects are run with the
privileges of the context that created them, not the potentially
elevated privileges of the context calling them.

Workaround: Disable JavaScript

See also :

Solution :

Update the affected packages.

Risk factor :


Family: FreeBSD Local Security Checks

Nessus Plugin ID: 19171 (freebsd_pkg_f650d5b8ae6211d9a7880001020eed82.nasl)

Bugtraq ID:


Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now