FreeBSD : mozilla -- multiple vulnerabilities (d23119df-335d-11e2-b64c-c8600054b392)
high Nessus Plugin ID 62979
Language:
Synopsis
The remote FreeBSD host is missing one or more security-related updates.Description
The Mozilla Project reports :MFSA 2012-91 Miscellaneous memory safety hazards (rv:17.0/ rv:10.0.11)
MFSA 2012-92 Buffer overflow while rendering GIF images
MFSA 2012-93 evalInSanbox location context incorrectly applied
MFSA 2012-94 Crash when combining SVG text on path with CSS
MFSA 2012-95 Javascript: URLs run in privileged context on New Tab page
MFSA 2012-96 Memory corruption in str_unescape
MFSA 2012-97 XMLHttpRequest inherits incorrect principal within sandbox
MFSA 2012-98 Firefox installer DLL hijacking
MFSA 2012-99 XrayWrappers exposes chrome-only properties when not in chrome compartment
MFSA 2012-100 Improper security filtering for cross-origin wrappers
MFSA 2012-101 Improper character decoding in HZ-GB-2312 charset
MFSA 2012-102 Script entered into Developer Toolbar runs with chrome privileges
MFSA 2012-103 Frames can shadow top.location
MFSA 2012-104 CSS and HTML injection through Style Inspector
MFSA 2012-105 Use-after-free and buffer overflow issues found
MFSA 2012-106 Use-after-free, buffer overflow, and memory corruption issues found using Address Sanitizer
Solution
Update the affected packages.See Also
https://www.mozilla.org/en-US/security/advisories/mfsa2012-90/
https://www.mozilla.org/en-US/security/advisories/mfsa2012-91/
https://www.mozilla.org/en-US/security/advisories/mfsa2012-92/
https://www.mozilla.org/en-US/security/advisories/mfsa2012-93/
https://www.mozilla.org/en-US/security/advisories/mfsa2012-94/
https://www.mozilla.org/en-US/security/advisories/mfsa2012-95/
https://www.mozilla.org/en-US/security/advisories/mfsa2012-96/
https://www.mozilla.org/en-US/security/advisories/mfsa2012-97/
https://www.mozilla.org/en-US/security/advisories/mfsa2012-98/
https://www.mozilla.org/en-US/security/advisories/mfsa2012-99/
https://www.mozilla.org/en-US/security/advisories/mfsa2012-100/
https://www.mozilla.org/en-US/security/advisories/mfsa2012-101/
https://www.mozilla.org/en-US/security/advisories/mfsa2012-102/
https://www.mozilla.org/en-US/security/advisories/mfsa2012-103/
https://www.mozilla.org/en-US/security/advisories/mfsa2012-104/
https://www.mozilla.org/en-US/security/advisories/mfsa2012-105/
https://www.mozilla.org/en-US/security/advisories/mfsa2012-106/
https://www.mozilla.org/en-US/security/known-vulnerabilities/
Plugin Details
Severity: High
ID: 62979
File Name: freebsd_pkg_d23119df335d11e2b64cc8600054b392.nasl
Version: 1.15
Type: local
Family: FreeBSD Local Security Checks
Published: 11/21/2012
Updated: 1/6/2021
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: Critical
Base Score: 10
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS v3
Risk Factor: High
Base Score: 8.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vulnerability Information
CPE: p-cpe:/a:freebsd:freebsd:firefox, p-cpe:/a:freebsd:freebsd:libxul, p-cpe:/a:freebsd:freebsd:linux-firefox, p-cpe:/a:freebsd:freebsd:linux-seamonkey, p-cpe:/a:freebsd:freebsd:linux-thunderbird, p-cpe:/a:freebsd:freebsd:seamonkey, p-cpe:/a:freebsd:freebsd:thunderbird, cpe:/o:freebsd:freebsd
Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info
Patch Publication Date: 11/20/2012
Vulnerability Publication Date: 11/20/2012
Reference Information
CVE: CVE-2012-4201, CVE-2012-4202, CVE-2012-4203, CVE-2012-4204, CVE-2012-4205, CVE-2012-4206, CVE-2012-4207, CVE-2012-4208, CVE-2012-4209, CVE-2012-4210, CVE-2012-4212, CVE-2012-4213, CVE-2012-4214, CVE-2012-4215, CVE-2012-4216, CVE-2012-4217, CVE-2012-4218, CVE-2012-5829, CVE-2012-5830, CVE-2012-5833, CVE-2012-5835, CVE-2012-5836, CVE-2012-5837, CVE-2012-5838, CVE-2012-5839, CVE-2012-5840, CVE-2012-5841, CVE-2012-5842, CVE-2012-5843