FreeBSD : mozilla -- multiple vulnerabilities (3b18e237-2f15-11de-9672-0030843d3802)

This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

Mozilla Foundation reports :

MFSA 2009-22: Firefox allows Refresh header to redirect to javascript:
URIs

MFSA 2009-21: POST data sent to wrong site when saving web page with
embedded frame

MFSA 2009-20: Malicious search plugins can inject code into arbitrary
sites

MFSA 2009-19: Same-origin violations in XMLHttpRequest and
XPCNativeWrapper.toString

MFSA 2009-18: XSS hazard using third-party stylesheets and XBL
bindings

MFSA 2009-17: Same-origin violations when Adobe Flash loaded via
view-source: scheme

MFSA 2009-16: jar: scheme ignores the content-disposition: header on
the inner URI

MFSA 2009-15: URL spoofing with box drawing character

MFSA 2009-14 Crashes with evidence of memory corruption (rv:1.9.0.9)

See also :

http://www.mozilla.org/security/announce/2009/mfsa2009-22.html
http://www.mozilla.org/security/announce/2009/mfsa2009-21.html
http://www.mozilla.org/security/announce/2009/mfsa2009-20.html
http://www.mozilla.org/security/announce/2009/mfsa2009-19.html
http://www.mozilla.org/security/announce/2009/mfsa2009-18.html
http://www.mozilla.org/security/announce/2009/mfsa2009-17.html
http://www.mozilla.org/security/announce/2009/mfsa2009-16.html
http://www.mozilla.org/security/announce/2009/mfsa2009-15.html
http://www.mozilla.org/security/announce/2009/mfsa2009-14.html
http://www.nessus.org/u?3fe43ca4

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.6
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 36212 (freebsd_pkg_3b18e2372f1511de96720030843d3802.nasl)

Bugtraq ID: 34656

CVE ID: CVE-2009-1302
CVE-2009-1303
CVE-2009-1304
CVE-2009-1305
CVE-2009-1306
CVE-2009-1307
CVE-2009-1308
CVE-2009-1309
CVE-2009-1310
CVE-2009-1311
CVE-2009-1312

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now