FreeBSD : mozilla -- multiple vulnerabilities (0998e79d-0055-11e3-905b-0025905a4771)

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

The Mozilla Project reports :

MFSA 2013-63 Miscellaneous memory safety hazards (rv:23.0 / rv:17.0.8)

MFSA 2013-64 Use after free mutating DOM during SetBody

MFSA 2013-65 Buffer underflow when generating CRMF requests

MFSA 2013-66 Buffer overflow in Mozilla Maintenance Service and
Mozilla Updater

MFSA 2013-67 Crash during WAV audio file decoding

MFSA 2013-68 Document URI misrepresentation and masquerading

MFSA 2013-69 CRMF requests allow for code execution and XSS attacks

MFSA 2013-70 Bypass of XrayWrappers using XBL Scopes

MFSA 2013-71 Further Privilege escalation through Mozilla Updater

MFSA 2013-72 Wrong principal used for validating URI for some
JavaScript components

MFSA 2013-73 Same-origin bypass with web workers and XMLHttpRequest

MFSA 2013-74 Firefox full and stub installer DLL hijacking

MFSA 2013-75 Local Java applets may read contents of local file system

See also :

https://www.mozilla.org/security/announce/2013/mfsa2013-63.html
https://www.mozilla.org/security/announce/2013/mfsa2013-64.html
https://www.mozilla.org/security/announce/2013/mfsa2013-65.html
https://www.mozilla.org/security/announce/2013/mfsa2013-66.html
https://www.mozilla.org/security/announce/2013/mfsa2013-67.html
https://www.mozilla.org/security/announce/2013/mfsa2013-68.html
https://www.mozilla.org/security/announce/2013/mfsa2013-69.html
https://www.mozilla.org/security/announce/2013/mfsa2013-70.html
https://www.mozilla.org/security/announce/2013/mfsa2013-71.html
https://www.mozilla.org/security/announce/2013/mfsa2013-72.html
http://www.mozilla.org/security/known-vulnerabilities/
http://www.nessus.org/u?1a922faa

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now