FreeBSD : mozilla -- multiple vulnerabilities (e2a92664-1d60-11db-88cf-000c6ec775d9)

This script is Copyright (C) 2006-2015 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

A Mozilla Foundation Security Advisory reports of multiple issues.
Several of which can be used to run arbitrary code with the privilege
of the user running the program.

- MFSA 2006-56 chrome: scheme loading remote content

- MFSA 2006-55 Crashes with evidence of memory corruption (rv:1.8.0.5)

- MFSA 2006-54 XSS with XPCNativeWrapper(window).Function(...)

- MFSA 2006-53 UniversalBrowserRead privilege escalation

- MFSA 2006-52 PAC privilege escalation using Function.prototype.call

- MFSA 2006-51 Privilege escalation using named-functions and
redefined 'new Object()'

- MFSA 2006-50 JavaScript engine vulnerabilities

- MFSA 2006-49 Heap buffer overwrite on malformed VCard

- MFSA 2006-48 JavaScript new Function race condition

- MFSA 2006-47 Native DOM methods can be hijacked across domains

- MFSA 2006-46 Memory corruption with simultaneous events

- MFSA 2006-45 JavaScript navigator Object Vulnerability

- MFSA 2006-44 Code execution through deleted frame reference

See also :

http://www.nessus.org/u?69974ef6
http://www.mozilla.org/security/announce/2006/mfsa2006-44.html
http://www.mozilla.org/security/announce/2006/mfsa2006-45.html
http://www.mozilla.org/security/announce/2006/mfsa2006-46.html
http://www.mozilla.org/security/announce/2006/mfsa2006-47.html
http://www.mozilla.org/security/announce/2006/mfsa2006-48.html
http://www.mozilla.org/security/announce/2006/mfsa2006-49.html
http://www.mozilla.org/security/announce/2006/mfsa2006-50.html
http://www.mozilla.org/security/announce/2006/mfsa2006-51.html
http://www.mozilla.org/security/announce/2006/mfsa2006-52.html
http://www.mozilla.org/security/announce/2006/mfsa2006-53.html
http://www.mozilla.org/security/announce/2006/mfsa2006-54.html
http://www.mozilla.org/security/announce/2006/mfsa2006-55.html
http://www.mozilla.org/security/announce/2006/mfsa2006-56.html
http://www.nessus.org/u?d9344f78

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 22105 (freebsd_pkg_e2a926641d6011db88cf000c6ec775d9.nasl)

Bugtraq ID:

CVE ID: CVE-2006-3113
CVE-2006-3677
CVE-2006-3801
CVE-2006-3802
CVE-2006-3803
CVE-2006-3804
CVE-2006-3805
CVE-2006-3806
CVE-2006-3807
CVE-2006-3808
CVE-2006-3809
CVE-2006-3810
CVE-2006-3811
CVE-2006-3812

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now