FreeBSD : mozilla -- multiple vulnerabilities (4a21ce2c-bb13-11df-8e32-000f20797ede)

This script is Copyright (C) 2010-2015 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

The Mozilla Project reports :

MFSA 2010-49 Miscellaneous memory safety hazards (rv:1.9.2.9/
1.9.1.12)

MFSA 2010-50 Frameset integer overflow vulnerability

MFSA 2010-51 Dangling pointer vulnerability using DOM plugin array

MFSA 2010-52 Windows XP DLL loading vulnerability

MFSA 2010-53 Heap buffer overflow in nsTextFrameUtils::TransformText

MFSA 2010-54 Dangling pointer vulnerability in nsTreeSelection

MFSA 2010-55 XUL tree removal crash and remote code execution

MFSA 2010-56 Dangling pointer vulnerability in nsTreeContentView

MFSA 2010-57 Crash and remote code execution in normalizeDocument

MFSA 2010-58 Crash on Mac using fuzzed font in data: URL

MFSA 2010-59 SJOW creates scope chains ending in outer object

MFSA 2010-60 XSS using SJOW scripted function

MFSA 2010-61 UTF-7 XSS by overriding document charset using object
type attribute

MFSA 2010-62 Copy-and-paste or drag-and-drop into designMode document
allows XSS

MFSA 2010-63 Information leak via XMLHttpRequest statusText

See also :

http://www.mozilla.org/security/announce/2010/mfsa2010-49.html
http://www.mozilla.org/security/announce/2010/mfsa2010-50.html
http://www.mozilla.org/security/announce/2010/mfsa2010-51.html
http://www.mozilla.org/security/announce/2010/mfsa2010-52.html
http://www.mozilla.org/security/announce/2010/mfsa2010-53.html
http://www.mozilla.org/security/announce/2010/mfsa2010-54.html
http://www.mozilla.org/security/announce/2010/mfsa2010-55.html
http://www.mozilla.org/security/announce/2010/mfsa2010-56.html
http://www.mozilla.org/security/announce/2010/mfsa2010-57.html
http://www.mozilla.org/security/announce/2010/mfsa2010-58.html
http://www.mozilla.org/security/announce/2010/mfsa2010-59.html
http://www.mozilla.org/security/announce/2010/mfsa2010-60.html
http://www.mozilla.org/security/announce/2010/mfsa2010-61.html
http://www.mozilla.org/security/announce/2010/mfsa2010-62.html
http://www.mozilla.org/security/announce/2010/mfsa2010-63.html
http://www.nessus.org/u?4420cf43

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 49166 (freebsd_pkg_4a21ce2cbb1311df8e32000f20797ede.nasl)

Bugtraq ID:

CVE ID: CVE-2010-2760
CVE-2010-2762
CVE-2010-2763
CVE-2010-2764
CVE-2010-2765
CVE-2010-2766
CVE-2010-2767
CVE-2010-2768
CVE-2010-2769
CVE-2010-2770
CVE-2010-3131
CVE-2010-3166
CVE-2010-3167
CVE-2010-3168
CVE-2010-3169

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now