FreeBSD : Bugzilla security issues (54075861-a95a-11e5-8b40-20cf30e32f6d)

This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

Bugzilla Security Advisory

During the generation of a dependency graph, the code for the HTML
image map is generated locally if a local dot installation is used.
With escaped HTML characters in a bug summary, it is possible to
inject unfiltered HTML code in the map file which the CreateImagemap
function generates. This could be used for a cross-site scripting
attack.

If an external HTML page contains a <script> element with its src
attribute pointing to a buglist in CSV format, some web browsers
incorrectly try to parse the CSV file as valid JavaScript code. As the
buglist is generated based on the privileges of the user logged into
Bugzilla, the external page could collect confidential data contained
in the CSV file.

See also :

https://bugzilla.mozilla.org/show_bug.cgi?id=1221518
https://bugzilla.mozilla.org/show_bug.cgi?id=1232785
http://www.nessus.org/u?eb6a2fab

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 87612 ()

Bugtraq ID:

CVE ID: CVE-2015-8508
CVE-2015-8509

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now