FreeBSD : mozilla -- multiple vulnerabilities (0998e79d-0055-11e3-905b-0025905a4771)

Critical Nessus Plugin ID 69278

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 8.9

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

The Mozilla Project reports :

MFSA 2013-63 Miscellaneous memory safety hazards (rv:23.0 / rv:17.0.8)

MFSA 2013-64 Use after free mutating DOM during SetBody

MFSA 2013-65 Buffer underflow when generating CRMF requests

MFSA 2013-66 Buffer overflow in Mozilla Maintenance Service and Mozilla Updater

MFSA 2013-67 Crash during WAV audio file decoding

MFSA 2013-68 Document URI misrepresentation and masquerading

MFSA 2013-69 CRMF requests allow for code execution and XSS attacks

MFSA 2013-70 Bypass of XrayWrappers using XBL Scopes

MFSA 2013-71 Further Privilege escalation through Mozilla Updater

MFSA 2013-72 Wrong principal used for validating URI for some JavaScript components

MFSA 2013-73 Same-origin bypass with web workers and XMLHttpRequest

MFSA 2013-74 Firefox full and stub installer DLL hijacking

MFSA 2013-75 Local Java applets may read contents of local file system

Solution

Update the affected packages.

See Also

https://www.mozilla.org/en-US/security/advisories/mfsa2013-63/

https://www.mozilla.org/en-US/security/advisories/mfsa2013-64/

https://www.mozilla.org/en-US/security/advisories/mfsa2013-65/

https://www.mozilla.org/en-US/security/advisories/mfsa2013-66/

https://www.mozilla.org/en-US/security/advisories/mfsa2013-67/

https://www.mozilla.org/en-US/security/advisories/mfsa2013-68/

https://www.mozilla.org/en-US/security/advisories/mfsa2013-69/

https://www.mozilla.org/en-US/security/advisories/mfsa2013-70/

https://www.mozilla.org/en-US/security/advisories/mfsa2013-71/

https://www.mozilla.org/en-US/security/advisories/mfsa2013-72/

https://www.mozilla.org/en-US/security/known-vulnerabilities/

http://www.nessus.org/u?5ed72e18

Plugin Details

Severity: Critical

ID: 69278

File Name: freebsd_pkg_0998e79d005511e3905b0025905a4771.nasl

Version: 1.11

Type: local

Published: 2013/08/09

Updated: 2020/09/23

Dependencies: 12634

Risk Information

Risk Factor: Critical

VPR Score: 8.9

CVSS v2.0

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:firefox, p-cpe:/a:freebsd:freebsd:linux-firefox, p-cpe:/a:freebsd:freebsd:linux-seamonkey, p-cpe:/a:freebsd:freebsd:linux-thunderbird, p-cpe:/a:freebsd:freebsd:seamonkey, p-cpe:/a:freebsd:freebsd:thunderbird, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2013/08/08

Vulnerability Publication Date: 2013/08/06

Exploitable With

Metasploit (Firefox toString console.time Privileged Javascript Injection)

Reference Information

CVE: CVE-2013-1701, CVE-2013-1702, CVE-2013-1704, CVE-2013-1705, CVE-2013-1706, CVE-2013-1707, CVE-2013-1708, CVE-2013-1709, CVE-2013-1710, CVE-2013-1711, CVE-2013-1712, CVE-2013-1713, CVE-2013-1714, CVE-2013-1715, CVE-2013-1717