FreeBSD : mozilla -- multiple vulnerabilities (2c57c47e-8bb3-4694-83c8-9fc3abad3964)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

Mozilla Foundation reports :

CVE-2016-2827 - Out-of-bounds read in
mozilla::net::IsValidReferrerPolicy [low]

CVE-2016-5256 - Memory safety bugs fixed in Firefox 49 [critical]

CVE-2016-5257 - Memory safety bugs fixed in Firefox 49 and Firefox ESR
45.4 [critical]

CVE-2016-5270 - Heap-buffer-overflow in
nsCaseTransformTextRunFactory::TransformString [high]

CVE-2016-5271 - Out-of-bounds read in
PropertyProvider::GetSpacingInternal [low]

CVE-2016-5272 - Bad cast in nsImageGeometryMixin [high]

CVE-2016-5273 - crash in
mozilla::a11y::HyperTextAccessible::GetChildOffset [high]

CVE-2016-5274 - use-after-free in nsFrameManager::CaptureFrameState
[high]

CVE-2016-5275 - global-buffer-overflow in
mozilla::gfx::FilterSupport::ComputeSourceNeededRegions [critical]

CVE-2016-5276 - Heap-use-after-free in
mozilla::a11y::DocAccessible::ProcessInvalidationList [high]

CVE-2016-5277 - Heap-use-after-free in nsRefreshDriver::Tick [high]

CVE-2016-5278 - Heap-buffer-overflow in nsBMPEncoder::AddImageFrame
[critical]

CVE-2016-5279 - Full local path of files is available to web pages
after drag and drop [moderate]

CVE-2016-5280 - Use-after-free in
mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap [high]

CVE-2016-5281 - use-after-free in DOMSVGLength [high]

CVE-2016-5282 - Don't allow content to request favicons from
non-whitelisted schemes [moderate]

CVE-2016-5283 - <iframe src> fragment timing attack can reveal
cross-origin data [high]

CVE-2016-5284 - Add-on update site certificate pin expiration [high]

See also :

https://www.mozilla.org/security/advisories/mfsa2016-85/
https://www.mozilla.org/security/advisories/mfsa2016-86/
https://www.mozilla.org/security/advisories/mfsa2016-88/
http://www.nessus.org/u?aab88106

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now