FreeBSD : mozilla -- multiple vulnerabilities (4a21ce2c-bb13-11df-8e32-000f20797ede)

high Nessus Plugin ID 49166

Language:

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

The Mozilla Project reports :

MFSA 2010-49 Miscellaneous memory safety hazards (rv:1.9.2.9/ 1.9.1.12)

MFSA 2010-50 Frameset integer overflow vulnerability

MFSA 2010-51 Dangling pointer vulnerability using DOM plugin array

MFSA 2010-52 Windows XP DLL loading vulnerability

MFSA 2010-53 Heap buffer overflow in nsTextFrameUtils::TransformText

MFSA 2010-54 Dangling pointer vulnerability in nsTreeSelection

MFSA 2010-55 XUL tree removal crash and remote code execution

MFSA 2010-56 Dangling pointer vulnerability in nsTreeContentView

MFSA 2010-57 Crash and remote code execution in normalizeDocument

MFSA 2010-58 Crash on Mac using fuzzed font in data: URL

MFSA 2010-59 SJOW creates scope chains ending in outer object

MFSA 2010-60 XSS using SJOW scripted function

MFSA 2010-61 UTF-7 XSS by overriding document charset using object type attribute

MFSA 2010-62 Copy-and-paste or drag-and-drop into designMode document allows XSS

MFSA 2010-63 Information leak via XMLHttpRequest statusText

Solution

Update the affected packages.

See Also

https://www.mozilla.org/en-US/security/advisories/mfsa2010-49/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-50/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-51/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-52/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-53/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-54/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-55/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-56/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-57/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-58/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-59/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-60/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-61/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-62/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-63/

http://www.nessus.org/u?7019121f

Plugin Details

Severity: High

ID: 49166

File Name: freebsd_pkg_4a21ce2cbb1311df8e32000f20797ede.nasl

Version: 1.16

Type: local

Published: 9/9/2010

Updated: 1/6/2021

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:firefox, p-cpe:/a:freebsd:freebsd:libxul, p-cpe:/a:freebsd:freebsd:linux-firefox, p-cpe:/a:freebsd:freebsd:linux-firefox-devel, p-cpe:/a:freebsd:freebsd:seamonkey, p-cpe:/a:freebsd:freebsd:thunderbird, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/8/2010

Vulnerability Publication Date: 9/7/2010

Exploitable With

Core Impact

Reference Information

CVE: CVE-2010-2760, CVE-2010-2762, CVE-2010-2763, CVE-2010-2764, CVE-2010-2765, CVE-2010-2766, CVE-2010-2767, CVE-2010-2768, CVE-2010-2769, CVE-2010-2770, CVE-2010-3131, CVE-2010-3166, CVE-2010-3167, CVE-2010-3168, CVE-2010-3169