FreeBSD : mozilla -- multiple vulnerabilities (8c2ea875-9499-11df-8e32-000f20797ede)

This script is Copyright (C) 2010-2015 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

The Mozilla Project reports :

MFSA 2010-34 Miscellaneous memory safety hazards (rv:1.9.2.7/
1.9.1.11)

MFSA 2010-35 DOM attribute cloning remote code execution vulnerability

MFSA 2010-36 Use-after-free error in NodeIterator

MFSA 2010-37 Plugin parameter EnsureCachedAttrParamArrays remote code
execution vulnerability

MFSA 2010-38 Arbitrary code execution using SJOW and fast native
function

MFSA 2010-39 nsCSSValue::Array index integer overflow

MFSA 2010-40 nsTreeSelection dangling pointer remote code execution
vulnerability

MFSA 2010-41 Remote code execution using malformed PNG image

MFSA 2010-42 Cross-origin data disclosure via Web Workers and
importScripts

MFSA 2010-43 Same-origin bypass using canvas context

MFSA 2010-44 Characters mapped to U+FFFD in 8 bit encodings cause
subsequent character to vanish

MFSA 2010-45 Multiple location bar spoofing vulnerabilities

MFSA 2010-46 Cross-domain data theft using CSS

MFSA 2010-47 Cross-origin data leakage from script filename in error
messages

See also :

http://www.mozilla.org/security/announce/2010/mfsa2010-34.html
http://www.mozilla.org/security/announce/2010/mfsa2010-35.html
http://www.mozilla.org/security/announce/2010/mfsa2010-36.html
http://www.mozilla.org/security/announce/2010/mfsa2010-37.html
http://www.mozilla.org/security/announce/2010/mfsa2010-38.html
http://www.mozilla.org/security/announce/2010/mfsa2010-39.html
http://www.mozilla.org/security/announce/2010/mfsa2010-40.html
http://www.mozilla.org/security/announce/2010/mfsa2010-41.html
http://www.mozilla.org/security/announce/2010/mfsa2010-42.html
http://www.mozilla.org/security/announce/2010/mfsa2010-43.html
http://www.mozilla.org/security/announce/2010/mfsa2010-44.html
http://www.mozilla.org/security/announce/2010/mfsa2010-45.html
http://www.mozilla.org/security/announce/2010/mfsa2010-46.html
http://www.mozilla.org/security/announce/2010/mfsa2010-47.html
http://www.nessus.org/u?0d3ea51e

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now