FreeBSD : mozilla -- multiple vulnerabilities (2273879e-8a2f-11dd-a6fe-0030843d3802)

This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

The Mozilla Foundation reports :

MFSA 2008-37UTF-8 URL stack-based buffer overflow

MFSA 2008-38nsXMLDocument::OnChannelRedirect() same-origin violation

MFSA 2008-39Privilege escalation using feed preview page and XSS flaw

MFSA 2008-40Forced mouse drag

MFSA 2008-41Privilege escalation via XPCnativeWrapper pollution

MFSA 2008-42Crashes with evidence of memory corruption
(rv:1.9.0.2/1.8.1.17)

MFSA 2008-43BOM characters stripped from JavaScript before execution

MFSA 2008-44resource: traversal vulnerabilities

MFSA 2008-45XBM image uninitialized memory reading

See also :

http://www.mozilla.org/security/announce/2008/mfsa2008-37.html
http://www.mozilla.org/security/announce/2008/mfsa2008-38.html
http://www.mozilla.org/security/announce/2008/mfsa2008-39.html
http://www.mozilla.org/security/announce/2008/mfsa2008-40.html
http://www.mozilla.org/security/announce/2008/mfsa2008-41.html
http://www.mozilla.org/security/announce/2008/mfsa2008-42.html
http://www.mozilla.org/security/announce/2008/mfsa2008-43.html
http://www.mozilla.org/security/announce/2008/mfsa2008-44.html
http://www.mozilla.org/security/announce/2008/mfsa2008-45.html
http://www.nessus.org/u?df594e47

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 34270 (freebsd_pkg_2273879e8a2f11dda6fe0030843d3802.nasl)

Bugtraq ID:

CVE ID: CVE-2008-0016
CVE-2008-3835
CVE-2008-3836
CVE-2008-3837
CVE-2008-4058
CVE-2008-4059
CVE-2008-4060
CVE-2008-4061
CVE-2008-4062
CVE-2008-4063
CVE-2008-4064
CVE-2008-4065
CVE-2008-4067
CVE-2008-4068
CVE-2008-4069

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now