FreeBSD : mozilla -- multiple vulnerabilities (12bd6ecf-c430-11db-95c5-000c6ec775d9)

This script is Copyright (C) 2007-2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

The Mozilla Foundation reports of multiple security issues in Firefox,
SeaMonkey, and Thunderbird. Several of these issues can probably be
used to run arbitrary code with the privilege of the user running the
program.

- MFSA 2007-08 onUnload + document.write() memory corruption

- MFSA 2007-07 Embedded nulls in location.hostname confuse same-domain
checks

- MFSA 2007-06 Mozilla Network Security Services (NSS) SSLv2 buffer
overflow

- MFSA 2007-05 XSS and local file access by opening blocked popups

- MFSA 2007-04 Spoofing using custom cursor and CSS3 hotspot

- MFSA 2007-03 Information disclosure through cache collisions

- MFSA 2007-02 Improvements to help protect against Cross-Site
Scripting attacks

- MFSA 2007-01 Crashes with evidence of memory corruption
(rv:1.8.0.10/1.8.1.2)

See also :

http://www.nessus.org/u?33a699df
http://www.nessus.org/u?ca72b322
http://www.mozilla.org/security/announce/2007/mfsa2007-01.html
http://www.mozilla.org/security/announce/2007/mfsa2007-02.html
http://www.mozilla.org/security/announce/2007/mfsa2007-03.html
http://www.mozilla.org/security/announce/2007/mfsa2007-04.html
http://www.mozilla.org/security/announce/2007/mfsa2007-05.html
http://www.mozilla.org/security/announce/2007/mfsa2007-06.html
http://www.mozilla.org/security/announce/2007/mfsa2007-07.html
http://www.mozilla.org/security/announce/2007/mfsa2007-08.html
http://www.nessus.org/u?3d91bf6e

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 24705 (freebsd_pkg_12bd6ecfc43011db95c5000c6ec775d9.nasl)

Bugtraq ID:

CVE ID: CVE-2006-6077
CVE-2007-0008
CVE-2007-0009
CVE-2007-0775
CVE-2007-0776
CVE-2007-0777
CVE-2007-0778
CVE-2007-0779
CVE-2007-0780
CVE-2007-0800
CVE-2007-0981
CVE-2007-0995
CVE-2007-1092

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now