FreeBSD : mozilla -- multiple vulnerabilities (1753f0ff-8dd5-11e3-9b45-b4b52fce4ce8)

critical Nessus Plugin ID 72312

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

The Mozilla Project reports :

MFSA 2014-01 Miscellaneous memory safety hazards (rv:27.0 / rv:24.3)

MFSA 2014-02 Clone protected content with XBL scopes

MFSA 2014-03 UI selection timeout missing on download prompts

MFSA 2014-04 Incorrect use of discarded images by RasterImage

MFSA 2014-05 Information disclosure with *FromPoint on iframes

MFSA 2014-06 Profile path leaks to Android system log

MFSA 2014-07 XSLT stylesheets treated as styles in Content Security Policy

MFSA 2014-08 Use-after-free with imgRequestProxy and image proccessing

MFSA 2014-09 Cross-origin information leak through web workers

MFSA 2014-10 Firefox default start page UI content invokable by script

MFSA 2014-11 Crash when using web workers with asm.js

MFSA 2014-12 NSS ticket handling issues

MFSA 2014-13 Inconsistent JavaScript handling of access to Window objects

Solution

Update the affected packages.

See Also

https://www.mozilla.org/en-US/security/advisories/mfsa2014-01/

https://www.mozilla.org/en-US/security/advisories/mfsa2014-02/

https://www.mozilla.org/en-US/security/advisories/mfsa2014-03/

https://www.mozilla.org/en-US/security/advisories/mfsa2014-04/

https://www.mozilla.org/en-US/security/advisories/mfsa2014-05/

https://www.mozilla.org/en-US/security/advisories/mfsa2014-06/

https://www.mozilla.org/en-US/security/advisories/mfsa2014-07/

https://www.mozilla.org/en-US/security/advisories/mfsa2014-08/

https://www.mozilla.org/en-US/security/advisories/mfsa2014-09/

https://www.mozilla.org/en-US/security/advisories/mfsa2014-10/

https://www.mozilla.org/en-US/security/advisories/mfsa2014-11/

https://www.mozilla.org/en-US/security/advisories/mfsa2014-12/

https://www.mozilla.org/en-US/security/known-vulnerabilities/

http://www.nessus.org/u?b25afc14

Plugin Details

Severity: Critical

ID: 72312

File Name: freebsd_pkg_1753f0ff8dd511e39b45b4b52fce4ce8.nasl

Version: 1.10

Type: local

Published: 2/5/2014

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:firefox, p-cpe:/a:freebsd:freebsd:linux-firefox, p-cpe:/a:freebsd:freebsd:linux-seamonkey, p-cpe:/a:freebsd:freebsd:linux-thunderbird, p-cpe:/a:freebsd:freebsd:seamonkey, p-cpe:/a:freebsd:freebsd:thunderbird, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2/4/2014

Vulnerability Publication Date: 2/4/2014

Reference Information

CVE: CVE-2014-1477, CVE-2014-1478, CVE-2014-1479, CVE-2014-1480, CVE-2014-1481, CVE-2014-1482, CVE-2014-1483, CVE-2014-1484, CVE-2014-1485, CVE-2014-1486, CVE-2014-1487, CVE-2014-1488, CVE-2014-1489, CVE-2014-1490, CVE-2014-1491