FreeBSD : mozilla -- multiple vulnerabilities (4a21ce2c-bb13-11df-8e32-000f20797ede)

high Nessus Plugin ID 49166

Language:

New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

The Mozilla Project reports :

MFSA 2010-49 Miscellaneous memory safety hazards (rv:1.9.2.9/ 1.9.1.12)

MFSA 2010-50 Frameset integer overflow vulnerability

MFSA 2010-51 Dangling pointer vulnerability using DOM plugin array

MFSA 2010-52 Windows XP DLL loading vulnerability

MFSA 2010-53 Heap buffer overflow in nsTextFrameUtils::TransformText

MFSA 2010-54 Dangling pointer vulnerability in nsTreeSelection

MFSA 2010-55 XUL tree removal crash and remote code execution

MFSA 2010-56 Dangling pointer vulnerability in nsTreeContentView

MFSA 2010-57 Crash and remote code execution in normalizeDocument

MFSA 2010-58 Crash on Mac using fuzzed font in data: URL

MFSA 2010-59 SJOW creates scope chains ending in outer object

MFSA 2010-60 XSS using SJOW scripted function

MFSA 2010-61 UTF-7 XSS by overriding document charset using object type attribute

MFSA 2010-62 Copy-and-paste or drag-and-drop into designMode document allows XSS

MFSA 2010-63 Information leak via XMLHttpRequest statusText

Solution

Update the affected packages.

See Also

https://www.mozilla.org/en-US/security/advisories/mfsa2010-49/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-50/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-51/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-52/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-53/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-54/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-55/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-56/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-57/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-58/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-59/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-60/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-61/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-62/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-63/

http://www.nessus.org/u?7019121f

Plugin Details

Severity: High

ID: 49166

File Name: freebsd_pkg_4a21ce2cbb1311df8e32000f20797ede.nasl

Version: 1.16

Type: local

Published: 9/9/2010

Updated: 1/6/2021

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:firefox, p-cpe:/a:freebsd:freebsd:libxul, p-cpe:/a:freebsd:freebsd:linux-firefox, p-cpe:/a:freebsd:freebsd:linux-firefox-devel, p-cpe:/a:freebsd:freebsd:seamonkey, p-cpe:/a:freebsd:freebsd:thunderbird, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/8/2010

Vulnerability Publication Date: 9/7/2010

Exploitable With

Core Impact

Reference Information

CVE: CVE-2010-2760, CVE-2010-2762, CVE-2010-2763, CVE-2010-2764, CVE-2010-2765, CVE-2010-2766, CVE-2010-2767, CVE-2010-2768, CVE-2010-2769, CVE-2010-2770, CVE-2010-3131, CVE-2010-3166, CVE-2010-3167, CVE-2010-3168, CVE-2010-3169