FreeBSD : mozilla -- multiple vulnerabilities (1d8ff4a2-0445-11e0-8e32-000f20797ede)

high Nessus Plugin ID 51132

Language:

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

The Mozilla Project reports :

MFSA 2010-74 Miscellaneous memory safety hazards (rv:1.9.2.13/ 1.9.1.16)

MFSA 2010-75 Buffer overflow while line breaking after document.write with long string

MFSA 2010-76 Chrome privilege escalation with window.open and isindex element

MFSA 2010-77 Crash and remote code execution using HTML tags inside a XUL tree

MFSA 2010-78 Add support for OTS font sanitizer

MFSA 2010-79 Java security bypass from LiveConnect loaded via data:
URL meta refresh

MFSA 2010-80 Use-after-free error with nsDOMAttribute MutationObserver

MFSA 2010-81 Integer overflow vulnerability in NewIdArray

MFSA 2010-82 Incomplete fix for CVE-2010-0179

MFSA 2010-83 Location bar SSL spoofing using network error page

MFSA 2010-84 XSS hazard in multiple character encodings

Solution

Update the affected packages.

See Also

https://www.mozilla.org/en-US/security/advisories/mfsa2010-74/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-75/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-76/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-77/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-78/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-79/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-80/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-81/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-82/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-83/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-84/

http://www.nessus.org/u?45e98a88

Plugin Details

Severity: High

ID: 51132

File Name: freebsd_pkg_1d8ff4a2044511e08e32000f20797ede.nasl

Version: 1.13

Type: local

Published: 12/12/2010

Updated: 1/6/2021

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:firefox, p-cpe:/a:freebsd:freebsd:libxul, p-cpe:/a:freebsd:freebsd:linux-firefox, p-cpe:/a:freebsd:freebsd:linux-firefox-devel, p-cpe:/a:freebsd:freebsd:linux-seamonkey, p-cpe:/a:freebsd:freebsd:linux-thunderbird, p-cpe:/a:freebsd:freebsd:seamonkey, p-cpe:/a:freebsd:freebsd:thunderbird, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 12/10/2010

Vulnerability Publication Date: 12/9/2010

Reference Information

CVE: CVE-2010-3766, CVE-2010-3767, CVE-2010-3768, CVE-2010-3769, CVE-2010-3770, CVE-2010-3771, CVE-2010-3772, CVE-2010-3773, CVE-2010-3774, CVE-2010-3775, CVE-2010-3776, CVE-2010-3777, CVE-2010-3778