FreeBSD : mozilla -- multiple vulnerabilities (29f5bfc5-ce04-11dd-a721-0030843d3802)

critical Nessus Plugin ID 35241

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

The Mozilla Foundation reports :

MFSA 2008-69 XSS vulnerabilities in SessionStore

MFSA 2008-68 XSS and JavaScript privilege escalation

MFSA 2008-67 Escaped null characters ignored by CSS parser

MFSA 2008-66 Errors parsing URLs with leading whitespace and control characters

MFSA 2008-65 Cross-domain data theft via script redirect error message

MFSA 2008-64 XMLHttpRequest 302 response disclosure

MFSA 2008-62 Additional XSS attack vectors in feed preview

MFSA 2008-61 Information stealing via loadBindingDocument

MFSA 2008-60 Crashes with evidence of memory corruption (rv:1.9.0.5/1.8.1.19)

Solution

Update the affected packages.

See Also

https://www.mozilla.org/en-US/security/advisories/mfsa2008-61/

https://www.mozilla.org/en-US/security/advisories/mfsa2008-62/

https://www.mozilla.org/en-US/security/advisories/mfsa2008-63/

https://www.mozilla.org/en-US/security/advisories/mfsa2008-64/

https://www.mozilla.org/en-US/security/advisories/mfsa2008-65/

https://www.mozilla.org/en-US/security/advisories/mfsa2008-66/

https://www.mozilla.org/en-US/security/advisories/mfsa2008-67/

https://www.mozilla.org/en-US/security/advisories/mfsa2008-68/

https://www.mozilla.org/en-US/security/advisories/mfsa2008-69/

http://www.nessus.org/u?96c16d3b

https://www.mozilla.org/en-US/security/advisories/mfsa2008-60/

Plugin Details

Severity: Critical

ID: 35241

File Name: freebsd_pkg_29f5bfc5ce0411dda7210030843d3802.nasl

Version: 1.17

Type: local

Published: 12/21/2008

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:firefox, p-cpe:/a:freebsd:freebsd:linux-firefox, p-cpe:/a:freebsd:freebsd:linux-seamonkey, p-cpe:/a:freebsd:freebsd:linux-thunderbird, p-cpe:/a:freebsd:freebsd:seamonkey, p-cpe:/a:freebsd:freebsd:thunderbird, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 12/19/2008

Vulnerability Publication Date: 12/17/2008

Reference Information

CVE: CVE-2008-5500, CVE-2008-5501, CVE-2008-5502, CVE-2008-5503, CVE-2008-5504, CVE-2008-5505, CVE-2008-5506, CVE-2008-5507, CVE-2008-5508, CVE-2008-5510, CVE-2008-5511, CVE-2008-5512, CVE-2008-5513

CWE: 20, 200, 264, 399, 79