FreeBSD : mozilla -- multiple vulnerabilities (610de647-af8d-11e3-a25b-b4b52fce4ce8)

critical Nessus Plugin ID 73111

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

The Mozilla Project reports :

MFSA 2014-15 Miscellaneous memory safety hazards (rv:28.0 / rv:24.4)

MFSA 2014-16 Files extracted during updates are not always read only

MFSA 2014-17 Out of bounds read during WAV file decoding

MFSA 2014-18 crypto.generateCRMFRequest does not validate type of key

MFSA 2014-19 Spoofing attack on WebRTC permission prompt

MFSA 2014-20 onbeforeunload and JavaScript navigation DOS

MFSA 2014-21 Local file access via Open Link in new tab

MFSA 2014-22 WebGL content injection from one domain to rendering in another

MFSA 2014-23 Content Security Policy for data: documents not preserved by session restore

MFSA 2014-24 Android Crash Reporter open to manipulation

MFSA 2014-25 Firefox OS DeviceStorageFile object vulnerable to relative path escape

MFSA 2014-26 Information disclosure through polygon rendering in MathML

MFSA 2014-27 Memory corruption in Cairo during PDF font rendering

MFSA 2014-28 SVG filters information disclosure through feDisplacementMap

MFSA 2014-29 Privilege escalation using WebIDL-implemented APIs

MFSA 2014-30 Use-after-free in TypeObject

MFSA 2014-31 Out-of-bounds read/write through neutering ArrayBuffer objects

MFSA 2014-32 Out-of-bounds write through TypedArrayObject after neutering

Solution

Update the affected packages.

See Also

https://www.mozilla.org/en-US/security/advisories/mfsa2014-15/

https://www.mozilla.org/en-US/security/advisories/mfsa2014-16/

https://www.mozilla.org/en-US/security/advisories/mfsa2014-17/

https://www.mozilla.org/en-US/security/advisories/mfsa2014-18/

https://www.mozilla.org/en-US/security/advisories/mfsa2014-19/

https://www.mozilla.org/en-US/security/advisories/mfsa2014-20/

https://www.mozilla.org/en-US/security/advisories/mfsa2014-21/

https://www.mozilla.org/en-US/security/advisories/mfsa2014-22/

https://www.mozilla.org/en-US/security/advisories/mfsa2014-23/

https://www.mozilla.org/en-US/security/advisories/mfsa2014-24/

https://www.mozilla.org/en-US/security/advisories/mfsa2014-25/

https://www.mozilla.org/en-US/security/advisories/mfsa2014-26/

https://www.mozilla.org/en-US/security/advisories/mfsa2014-27/

https://www.mozilla.org/en-US/security/advisories/mfsa2014-28/

https://www.mozilla.org/en-US/security/advisories/mfsa2014-29/

https://www.mozilla.org/en-US/security/advisories/mfsa2014-30/

https://www.mozilla.org/en-US/security/advisories/mfsa2014-31/

https://www.mozilla.org/en-US/security/advisories/mfsa2014-32/

https://www.mozilla.org/en-US/security/known-vulnerabilities/

http://www.nessus.org/u?614cdee7

Plugin Details

Severity: Critical

ID: 73111

File Name: freebsd_pkg_610de647af8d11e3a25bb4b52fce4ce8.nasl

Version: 1.17

Type: local

Published: 3/20/2014

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.5

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:firefox, p-cpe:/a:freebsd:freebsd:firefox-esr, p-cpe:/a:freebsd:freebsd:linux-firefox, p-cpe:/a:freebsd:freebsd:linux-seamonkey, p-cpe:/a:freebsd:freebsd:linux-thunderbird, p-cpe:/a:freebsd:freebsd:seamonkey, p-cpe:/a:freebsd:freebsd:thunderbird, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/19/2014

Vulnerability Publication Date: 3/19/2014

Exploitable With

Metasploit (Firefox WebIDL Privileged Javascript Injection)

Reference Information

CVE: CVE-2014-1493, CVE-2014-1494, CVE-2014-1496, CVE-2014-1497, CVE-2014-1498, CVE-2014-1499, CVE-2014-1500, CVE-2014-1501, CVE-2014-1502, CVE-2014-1504, CVE-2014-1505, CVE-2014-1506, CVE-2014-1507, CVE-2014-1508, CVE-2014-1509, CVE-2014-1510, CVE-2014-1511, CVE-2014-1512, CVE-2014-1513, CVE-2014-1514