FreeBSD : mozilla -- multiple vulnerabilities (512c0ffd-cd39-4da4-b2dc-81ff4ba8e238)

This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

Mozilla Foundation reports :

CVE-2016-9894: Buffer overflow in SkiaGL

CVE-2016-9899: Use-after-free while manipulating DOM events and audio
elements

CVE-2016-9895: CSP bypass using marquee tag

CVE-2016-9896: Use-after-free with WebVR

CVE-2016-9897: Memory corruption in libGLES

CVE-2016-9898: Use-after-free in Editor while manipulating DOM
subtrees

CVE-2016-9900: Restricted external resources can be loaded by SVG
images through data URLs

CVE-2016-9904: Cross-origin information leak in shared atoms

CVE-2016-9901: Data from Pocket server improperly sanitized before
execution

CVE-2016-9902: Pocket extension does not validate the origin of events

CVE-2016-9903: XSS injection vulnerability in add-ons SDK

CVE-2016-9080: Memory safety bugs fixed in Firefox 50.1

CVE-2016-9893: Memory safety bugs fixed in Firefox 50.1 and Firefox
ESR 45.6

See also :

https://www.mozilla.org/security/advisories/mfsa2016-94/
https://www.mozilla.org/security/advisories/mfsa2016-95/
http://www.nessus.org/u?4e1dd1fe

Solution :

Update the affected packages.

Risk factor :

High

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now