FreeBSD : mozilla -- multiple vulnerabilities (12b336c6-fe36-11dc-b09c-001c2514716c)

This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

The Mozilla Foundation reports of multiple security issues in Firefox,
SeaMonkey, and Thunderbird. Several of these issues can probably be
used to run arbitrary code with the privilege of the user running the
program.

- MFSA 2008-19 XUL popup spoofing variant (cross-tab popups)

- MFSA 2008-18 Java socket connection to any local port via
LiveConnect

- MFSA 2008-17 Privacy issue with SSL Client Authentication

- MFSA 2008-16 HTTP Referrer spoofing with malformed URLs

- MFSA 2008-15 Crashes with evidence of memory corruption
(rv:1.8.1.13)

- MFSA 2008-14 JavaScript privilege escalation and arbitrary code
execution

See also :

http://www.nessus.org/u?a09ff723

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 31714 (freebsd_pkg_12b336c6fe3611dcb09c001c2514716c.nasl)

Bugtraq ID: 28448

CVE ID: CVE-2007-4879
CVE-2008-1233
CVE-2008-1234
CVE-2008-1235
CVE-2008-1236
CVE-2008-1237
CVE-2008-1238
CVE-2008-1240
CVE-2008-1241

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now