FreeBSD : mozilla -- multiple vulnerabilities (c87aa2d2-c3c4-11de-ab08-000f20797ede)

Critical Nessus Plugin ID 42298

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 7.4

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

Mozilla Foundation reports :

MFSA 2009-64 Crashes with evidence of memory corruption (rv:1.9.1.4/ 1.9.0.15)

MFSA 2009-63 Upgrade media libraries to fix memory safety bugs

MFSA 2009-62 Download filename spoofing with RTL override

MFSA 2009-61 Cross-origin data theft through document.getSelection()

MFSA 2009-59 Heap buffer overflow in string to number conversion

MFSA 2009-57 Chrome privilege escalation in XPCVariant::VariantDataToJS()

MFSA 2009-56 Heap buffer overflow in GIF color map parser

MFSA 2009-55 Crash in proxy auto-configuration regexp parsing

MFSA 2009-54 Crash with recursive web-worker calls

MFSA 2009-53 Local downloaded file tampering

MFSA 2009-52 Form history vulnerable to stealing

Solution

Update the affected packages.

See Also

https://www.mozilla.org/en-US/security/advisories/mfsa2009-64/

https://www.mozilla.org/en-US/security/advisories/mfsa2009-63/

https://www.mozilla.org/en-US/security/advisories/mfsa2009-62/

https://www.mozilla.org/en-US/security/advisories/mfsa2009-61/

https://www.mozilla.org/en-US/security/advisories/mfsa2009-59/

https://www.mozilla.org/en-US/security/advisories/mfsa2009-57/

https://www.mozilla.org/en-US/security/advisories/mfsa2009-56/

https://www.mozilla.org/en-US/security/advisories/mfsa2009-55/

https://www.mozilla.org/en-US/security/advisories/mfsa2009-54/

https://www.mozilla.org/en-US/security/advisories/mfsa2009-53/

https://www.mozilla.org/en-US/security/advisories/mfsa2009-52/

http://www.nessus.org/u?037fddbc

Plugin Details

Severity: Critical

ID: 42298

File Name: freebsd_pkg_c87aa2d2c3c411deab08000f20797ede.nasl

Version: 1.19

Type: local

Published: 2009/10/29

Updated: 2021/01/06

Dependencies: 12634

Risk Information

Risk Factor: Critical

VPR Score: 7.4

CVSS v2.0

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:firefox, p-cpe:/a:freebsd:freebsd:linux-firefox, p-cpe:/a:freebsd:freebsd:linux-seamonkey, p-cpe:/a:freebsd:freebsd:seamonkey, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2009/10/28

Vulnerability Publication Date: 2009/10/27

Reference Information

CVE: CVE-2009-0689, CVE-2009-3274, CVE-2009-3370, CVE-2009-3371, CVE-2009-3372, CVE-2009-3373, CVE-2009-3374, CVE-2009-3375, CVE-2009-3376, CVE-2009-3377, CVE-2009-3378, CVE-2009-3379, CVE-2009-3380, CVE-2009-3381, CVE-2009-3382, CVE-2009-3383

CWE: 16, 119, 264, 399