FreeBSD : mozilla -- multiple vulnerabilities (e6296105-449b-11db-ba89-000c6ec775d9)

This script is Copyright (C) 2006-2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

The Mozilla Foundation reports of multiple security issues in Firefox,
SeaMonkey, and Thunderbird. Several of these issues can probably be
used to run arbitrary code with the privilege of the user running the
program.

- MFSA 2006-64 Crashes with evidence of memory corruption (rv:1.8.0.7)

- MFSA 2006-63 JavaScript execution in mail via XBL

- MFSA 2006-62 Popup-blocker cross-site scripting (XSS)

- MFSA 2006-61 Frame spoofing using document.open()

- MFSA 2006-60 RSA Signature Forgery

- MFSA 2006-59 Concurrency-related vulnerability

- MFSA 2006-58 Auto-Update compromise through DNS and SSL spoofing

- MFSA 2006-57 JavaScript Regular Expression Heap Corruption

See also :

http://www.mozilla.org/security/announce/2006/mfsa2006-57.html
http://www.mozilla.org/security/announce/2006/mfsa2006-58.html
http://www.mozilla.org/security/announce/2006/mfsa2006-59.html
http://www.mozilla.org/security/announce/2006/mfsa2006-60.html
http://www.mozilla.org/security/announce/2006/mfsa2006-61.html
http://www.mozilla.org/security/announce/2006/mfsa2006-62.html
http://www.mozilla.org/security/announce/2006/mfsa2006-63.html
http://www.mozilla.org/security/announce/2006/mfsa2006-64.html
http://www.nessus.org/u?547f7e31

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 22350 (freebsd_pkg_e6296105449b11dbba89000c6ec775d9.nasl)

Bugtraq ID: 20042

CVE ID: CVE-2006-4253
CVE-2006-4340
CVE-2006-4565
CVE-2006-4566
CVE-2006-4567
CVE-2006-4568
CVE-2006-4569
CVE-2006-4570
CVE-2006-4571

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now