FreeBSD : mozilla -- multiple vulnerabilities (84630f4a-cd8c-11da-b7b9-000c6ec775d9)

Critical Nessus Plugin ID 21461

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 6.7

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

A Mozilla Foundation Security Advisory reports of multiple issues.
Several of which can be used to run arbitrary code with the privilege of the user running the program.

- MFSA 2006-29 Spoofing with translucent windows

- MFSA 2006-28 Security check of js_ValueToFunctionObject() can be circumvented

- MFSA 2006-26 Mail Multiple Information Disclosure

- MFSA 2006-25 Privilege escalation through Print Preview

- MFSA 2006-24 Privilege escalation using crypto.generateCRMFRequest

- MFSA 2006-23 File stealing by changing input type

- MFSA 2006-22 CSS Letter-Spacing Heap Overflow Vulnerability

- MFSA 2006-20 Crashes with evidence of memory corruption (rv:1.8.0.2)

- MFSA 2006-19 Cross-site scripting using .valueOf.call()

- MFSA 2006-18 Mozilla Firefox Tag Order Vulnerability

- MFSA 2006-17 cross-site scripting through window.controllers

- MFSA 2006-16 Accessing XBL compilation scope via valueOf.call()

- MFSA 2006-15 Privilege escalation using a JavaScript function's cloned parent

- MFSA 2006-14 Privilege escalation via XBL.method.eval

- MFSA 2006-13 Downloading executables with 'Save Image As...'

- MFSA 2006-12 Secure-site spoof (requires security warning dialog)

- MFSA 2006-11 Crashes with evidence of memory corruption (rv:1.8)

- MFSA 2006-10 JavaScript garbage-collection hazard audit

- MFSA 2006-09 Cross-site JavaScript injection using event handlers

Solution

Update the affected packages.

See Also

https://www.mozilla.org/en-US/security/advisories/mfsa2006-09/

https://www.mozilla.org/en-US/security/advisories/mfsa2006-10/

https://www.mozilla.org/en-US/security/advisories/mfsa2006-11/

https://www.mozilla.org/en-US/security/advisories/mfsa2006-12/

https://www.mozilla.org/en-US/security/advisories/mfsa2006-13/

https://www.mozilla.org/en-US/security/advisories/mfsa2006-14/

https://www.mozilla.org/en-US/security/advisories/mfsa2006-15/

https://www.mozilla.org/en-US/security/advisories/mfsa2006-16/

https://www.mozilla.org/en-US/security/advisories/mfsa2006-17/

https://www.mozilla.org/en-US/security/advisories/mfsa2006-18/

https://www.mozilla.org/en-US/security/advisories/mfsa2006-19/

https://www.mozilla.org/en-US/security/advisories/mfsa2006-20/

https://www.mozilla.org/en-US/security/advisories/mfsa2006-22/

https://www.mozilla.org/en-US/security/advisories/mfsa2006-23/

https://www.mozilla.org/en-US/security/advisories/mfsa2006-25/

https://www.mozilla.org/en-US/security/advisories/mfsa2006-26/

https://www.mozilla.org/en-US/security/advisories/mfsa2006-28/

https://www.mozilla.org/en-US/security/advisories/mfsa2006-29/

https://www.zerodayinitiative.com/advisories/ZDI-06-010.html

http://www.nessus.org/u?6fa96c5c

http://www.nessus.org/u?415f7da4

Plugin Details

Severity: Critical

ID: 21461

File Name: freebsd_pkg_84630f4acd8c11dab7b9000c6ec775d9.nasl

Version: 1.20

Type: local

Published: 2006/05/13

Updated: 2019/08/02

Dependencies: 12634

Risk Information

Risk Factor: Critical

VPR Score: 6.7

CVSS v2.0

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:firefox, p-cpe:/a:freebsd:freebsd:linux-firefox, p-cpe:/a:freebsd:freebsd:linux-mozilla, p-cpe:/a:freebsd:freebsd:linux-mozilla-devel, p-cpe:/a:freebsd:freebsd:linux-seamonkey, p-cpe:/a:freebsd:freebsd:mozilla, p-cpe:/a:freebsd:freebsd:mozilla-thunderbird, p-cpe:/a:freebsd:freebsd:seamonkey, p-cpe:/a:freebsd:freebsd:thunderbird, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2006/04/16

Vulnerability Publication Date: 2006/04/13

Reference Information

CVE: CVE-2006-0749, CVE-2006-1045, CVE-2006-1529, CVE-2006-1530, CVE-2006-1531, CVE-2006-1723, CVE-2006-1724, CVE-2006-1725, CVE-2006-1726, CVE-2006-1727, CVE-2006-1728, CVE-2006-1729, CVE-2006-1730, CVE-2006-1731, CVE-2006-1732, CVE-2006-1733, CVE-2006-1734, CVE-2006-1735, CVE-2006-1736, CVE-2006-1737, CVE-2006-1738, CVE-2006-1739, CVE-2006-1740, CVE-2006-1741, CVE-2006-1742, CVE-2006-1790