FreeBSD : mozilla -- multiple vulnerabilities (99029172-8253-407d-9d8b-2cfeab9abf81)

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

The Mozilla Project reports :

MFSA-2015-11 Miscellaneous memory safety hazards (rv:36.0 / rv:31.5)

MFSA-2015-12 Invoking Mozilla updater will load locally stored DLL
files

MFSA-2015-13 Appended period to hostnames can bypass HPKP and HSTS
protections

MFSA-2015-14 Malicious WebGL content crash when writing strings

MFSA-2015-15 TLS TURN and STUN connections silently fail to simple TCP
connections

MFSA-2015-16 Use-after-free in IndexedDB

MFSA-2015-17 Buffer overflow in libstagefright during MP4 video
playback

MFSA-2015-18 Double-free when using non-default memory allocators with
a zero-length XHR

MFSA-2015-19 Out-of-bounds read and write while rendering SVG content

MFSA-2015-20 Buffer overflow during CSS restyling

MFSA-2015-21 Buffer underflow during MP3 playback

MFSA-2015-22 Crash using DrawTarget in Cairo graphics library

MFSA-2015-23 Use-after-free in Developer Console date with OpenType
Sanitiser

MFSA-2015-24 Reading of local files through manipulation of form
autocomplete

MFSA-2015-25 Local files or privileged URLs in pages can be opened
into new tabs

MFSA-2015-26 UI Tour whitelisted sites in background tab can spoof
foreground tabs

MFSA-2015-27 Caja Compiler JavaScript sandbox bypass

See also :

https://www.mozilla.org/security/advisories/mfsa2015-11/
https://www.mozilla.org/security/advisories/mfsa2015-12/
https://www.mozilla.org/security/advisories/mfsa2015-13/
https://www.mozilla.org/security/advisories/mfsa2015-14/
https://www.mozilla.org/security/advisories/mfsa2015-15/
https://www.mozilla.org/security/advisories/mfsa2015-16/
https://www.mozilla.org/security/advisories/mfsa2015-17/
https://www.mozilla.org/security/advisories/mfsa2015-18/
https://www.mozilla.org/security/advisories/mfsa2015-19/
https://www.mozilla.org/security/advisories/mfsa2015-20/
https://www.mozilla.org/security/advisories/mfsa2015-21/
https://www.mozilla.org/security/advisories/mfsa2015-22/
https://www.mozilla.org/security/advisories/mfsa2015-23/
https://www.mozilla.org/security/advisories/mfsa2015-24/
https://www.mozilla.org/security/advisories/mfsa2015-25/
https://www.mozilla.org/security/advisories/mfsa2015-26/
https://www.mozilla.org/security/advisories/mfsa2015-27/
https://www.mozilla.org/security/advisories/
http://www.nessus.org/u?abff0cd3

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now