FreeBSD : mozilla -- multiple vulnerabilities (4a21ce2c-bb13-11df-8e32-000f20797ede)

High Nessus Plugin ID 49166

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 7.4

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

The Mozilla Project reports :

MFSA 2010-49 Miscellaneous memory safety hazards (rv:1.9.2.9/ 1.9.1.12)

MFSA 2010-50 Frameset integer overflow vulnerability

MFSA 2010-51 Dangling pointer vulnerability using DOM plugin array

MFSA 2010-52 Windows XP DLL loading vulnerability

MFSA 2010-53 Heap buffer overflow in nsTextFrameUtils::TransformText

MFSA 2010-54 Dangling pointer vulnerability in nsTreeSelection

MFSA 2010-55 XUL tree removal crash and remote code execution

MFSA 2010-56 Dangling pointer vulnerability in nsTreeContentView

MFSA 2010-57 Crash and remote code execution in normalizeDocument

MFSA 2010-58 Crash on Mac using fuzzed font in data: URL

MFSA 2010-59 SJOW creates scope chains ending in outer object

MFSA 2010-60 XSS using SJOW scripted function

MFSA 2010-61 UTF-7 XSS by overriding document charset using object type attribute

MFSA 2010-62 Copy-and-paste or drag-and-drop into designMode document allows XSS

MFSA 2010-63 Information leak via XMLHttpRequest statusText

Solution

Update the affected packages.

See Also

https://www.mozilla.org/en-US/security/advisories/mfsa2010-49/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-50/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-51/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-52/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-53/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-54/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-55/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-56/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-57/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-58/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-59/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-60/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-61/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-62/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-63/

http://www.nessus.org/u?7019121f

Plugin Details

Severity: High

ID: 49166

File Name: freebsd_pkg_4a21ce2cbb1311df8e32000f20797ede.nasl

Version: 1.15

Type: local

Published: 2010/09/09

Updated: 2019/08/02

Dependencies: 12634

Risk Information

Risk Factor: High

VPR Score: 7.4

CVSS v2.0

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:firefox, p-cpe:/a:freebsd:freebsd:libxul, p-cpe:/a:freebsd:freebsd:linux-firefox, p-cpe:/a:freebsd:freebsd:linux-firefox-devel, p-cpe:/a:freebsd:freebsd:seamonkey, p-cpe:/a:freebsd:freebsd:thunderbird, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2010/09/08

Vulnerability Publication Date: 2010/09/07

Exploitable With

Core Impact

Reference Information

CVE: CVE-2010-2760, CVE-2010-2762, CVE-2010-2763, CVE-2010-2764, CVE-2010-2765, CVE-2010-2766, CVE-2010-2767, CVE-2010-2768, CVE-2010-2769, CVE-2010-2770, CVE-2010-3131, CVE-2010-3166, CVE-2010-3167, CVE-2010-3168, CVE-2010-3169