FreeBSD : mozilla -- multiple vulnerabilities (e190ca65-3636-11dc-a697-000c6ec775d9)

This script is Copyright (C) 2007-2015 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

The Mozilla Foundation reports of multiple security issues in Firefox,
SeaMonkey, and Thunderbird. Several of these issues can probably be
used to run arbitrary code with the privilege of the user running the
program.

- MFSA 2007-25 XPCNativeWrapper pollution

- MFSA 2007-24 Unauthorized access to wyciwyg:// documents

- MFSA 2007-21 Privilege escalation using an event handler attached to
an element not in the document

- MFSA 2007-20 Frame spoofing while window is loading

- MFSA 2007-19 XSS using addEventListener and setTimeout

- MFSA 2007-18 Crashes with evidence of memory corruption

See also :

http://www.nessus.org/u?26bee3ac
http://www.mozilla.org/security/announce/2007/mfsa2007-18.html
http://www.mozilla.org/security/announce/2007/mfsa2007-19.html
http://www.mozilla.org/security/announce/2007/mfsa2007-20.html
http://www.mozilla.org/security/announce/2007/mfsa2007-21.html
http://www.mozilla.org/security/announce/2007/mfsa2007-24.html
http://www.mozilla.org/security/announce/2007/mfsa2007-25.html
http://www.nessus.org/u?b9ae0106
http://www.nessus.org/u?24cccf08

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 25749 (freebsd_pkg_e190ca65363611dca697000c6ec775d9.nasl)

Bugtraq ID:

CVE ID: CVE-2007-3089
CVE-2007-3734
CVE-2007-3735
CVE-2007-3737
CVE-2007-3738

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now