FreeBSD : mozilla -- multiple vulnerabilities (f29fea8f-b19f-11dd-a55e-00163e000016)

Critical Nessus Plugin ID 34771

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

The Mozilla Foundation reports :

MFSA 2008-58 Parsing error in E4X default namespace

MFSA 2008-57 -moz-binding property bypasses security checks on codebase principals

MFSA 2008-56 nsXMLHttpRequest::NotifyEventListeners() same-origin violation

MFSA 2008-55 Crash and remote code execution in nsFrameManager

MFSA 2008-54 Buffer overflow in http-index-format parser

MFSA 2008-53 XSS and JavaScript privilege escalation via session restore

MFSA 2008-52 Crashes with evidence of memory corruption (rv:1.9.0.4/1.8.1.18)

MFSA 2008-51 file: URIs inherit chrome privileges when opened from chrome

MFSA 2008-50 Crash and remote code execution via __proto__ tampering

MFSA 2008-49 Arbitrary code execution via Flash Player dynamic module unloading

MFSA 2008-48 Image stealing via canvas and HTTP redirect

MFSA 2008-47 Information stealing via local shortcut files

MFSA 2008-46 Heap overflow when canceling newsgroup message

MFSA 2008-44 resource: traversal vulnerabilities

MFSA 2008-43 BOM characters stripped from JavaScript before execution

MFSA 2008-42 Crashes with evidence of memory corruption (rv:1.9.0.2/1.8.1.17)

MFSA 2008-41 Privilege escalation via XPCnativeWrapper pollution

MFSA 2008-38 nsXMLDocument::OnChannelRedirect() same-origin violation

MFSA 2008-37 UTF-8 URL stack-based buffer overflow

Solution

Update the affected packages.

See Also

https://www.mozilla.org/en-US/security/advisories/mfsa2008-47/

https://www.mozilla.org/en-US/security/advisories/mfsa2008-48/

https://www.mozilla.org/en-US/security/advisories/mfsa2008-49/

https://www.mozilla.org/en-US/security/advisories/mfsa2008-50/

https://www.mozilla.org/en-US/security/advisories/mfsa2008-51/

https://www.mozilla.org/en-US/security/advisories/mfsa2008-52/

https://www.mozilla.org/en-US/security/advisories/mfsa2008-53/

https://www.mozilla.org/en-US/security/advisories/mfsa2008-54/

https://www.mozilla.org/en-US/security/advisories/mfsa2008-55/

https://www.mozilla.org/en-US/security/advisories/mfsa2008-56/

https://www.mozilla.org/en-US/security/advisories/mfsa2008-57/

https://www.mozilla.org/en-US/security/advisories/mfsa2008-58/

http://www.nessus.org/u?1fc3fd5f

Plugin Details

Severity: Critical

ID: 34771

File Name: freebsd_pkg_f29fea8fb19f11dda55e00163e000016.nasl

Version: 1.20

Type: local

Published: 2008/11/14

Updated: 2019/08/02

Dependencies: 12634

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:firefox, p-cpe:/a:freebsd:freebsd:linux-firefox, p-cpe:/a:freebsd:freebsd:linux-seamonkey, p-cpe:/a:freebsd:freebsd:linux-thunderbird, p-cpe:/a:freebsd:freebsd:seamonkey, p-cpe:/a:freebsd:freebsd:thunderbird, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2008/11/13

Vulnerability Publication Date: 2008/11/13

Reference Information

CVE: CVE-2008-0017, CVE-2008-4582, CVE-2008-5012, CVE-2008-5013, CVE-2008-5014, CVE-2008-5015, CVE-2008-5016, CVE-2008-5017, CVE-2008-5018, CVE-2008-5019, CVE-2008-5021, CVE-2008-5022, CVE-2008-5023, CVE-2008-5024

CWE: 20, 79, 94, 119, 189, 200, 264, 287, 399