FreeBSD : mozilla -- multiple vulnerabilities (8c2ea875-9499-11df-8e32-000f20797ede)

High Nessus Plugin ID 47794

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

The Mozilla Project reports :

MFSA 2010-34 Miscellaneous memory safety hazards (rv:1.9.2.7/ 1.9.1.11)

MFSA 2010-35 DOM attribute cloning remote code execution vulnerability

MFSA 2010-36 Use-after-free error in NodeIterator

MFSA 2010-37 Plugin parameter EnsureCachedAttrParamArrays remote code execution vulnerability

MFSA 2010-38 Arbitrary code execution using SJOW and fast native function

MFSA 2010-39 nsCSSValue::Array index integer overflow

MFSA 2010-40 nsTreeSelection dangling pointer remote code execution vulnerability

MFSA 2010-41 Remote code execution using malformed PNG image

MFSA 2010-42 Cross-origin data disclosure via Web Workers and importScripts

MFSA 2010-43 Same-origin bypass using canvas context

MFSA 2010-44 Characters mapped to U+FFFD in 8 bit encodings cause subsequent character to vanish

MFSA 2010-45 Multiple location bar spoofing vulnerabilities

MFSA 2010-46 Cross-domain data theft using CSS

MFSA 2010-47 Cross-origin data leakage from script filename in error messages

Solution

Update the affected packages.

See Also

https://www.mozilla.org/en-US/security/advisories/mfsa2010-34/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-35/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-36/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-37/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-38/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-39/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-40/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-41/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-42/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-43/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-44/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-45/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-46/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-47/

http://www.nessus.org/u?bc98ecc0

Plugin Details

Severity: High

ID: 47794

File Name: freebsd_pkg_8c2ea875949911df8e32000f20797ede.nasl

Version: 1.16

Type: local

Published: 2010/07/22

Updated: 2019/08/02

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:firefox, p-cpe:/a:freebsd:freebsd:linux-firefox, p-cpe:/a:freebsd:freebsd:linux-firefox-devel, p-cpe:/a:freebsd:freebsd:seamonkey, p-cpe:/a:freebsd:freebsd:thunderbird, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2010/07/21

Vulnerability Publication Date: 2010/07/20

Reference Information

CVE: CVE-2010-0654, CVE-2010-1205, CVE-2010-1206, CVE-2010-1207, CVE-2010-1208, CVE-2010-1209, CVE-2010-1210, CVE-2010-1211, CVE-2010-1212, CVE-2010-1213, CVE-2010-1214, CVE-2010-1215, CVE-2010-2751, CVE-2010-2752, CVE-2010-2753, CVE-2010-2754

CWE: 94