FreeBSD : mozilla -- multiple vulnerabilities (978b0f76-122d-11e4-afe3-bc5ff4fb5e7b)

Critical Nessus Plugin ID 76720

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

The Mozilla Project reports :

MFSA 2014-66 IFRAME sandbox same-origin access through redirect

MFSA 2014-65 Certificate parsing broken by non-standard character encoding

MFSA 2014-64 Crash in Skia library when scaling high quality images

MFSA 2014-63 Use-after-free while when manipulating certificates in the trusted cache

MFSA 2014-62 Exploitable WebGL crash with Cesium JavaScript library

MFSA 2014-61 Use-after-free with FireOnStateChange event

MFSA 2014-60 Toolbar dialog customization event spoofing

MFSA 2014-59 Use-after-free in DirectWrite font handling

MFSA 2014-58 Use-after-free in Web Audio due to incorrect control message ordering

MFSA 2014-57 Buffer overflow during Web Audio buffering for playback

MFSA 2014-56 Miscellaneous memory safety hazards (rv:31.0 / rv:24.7)

Solution

Update the affected packages.

See Also

https://www.mozilla.org/en-US/security/advisories/mfsa2014-56/

https://www.mozilla.org/en-US/security/advisories/mfsa2014-57/

https://www.mozilla.org/en-US/security/advisories/mfsa2014-58/

https://www.mozilla.org/en-US/security/advisories/mfsa2014-59/

https://www.mozilla.org/en-US/security/advisories/mfsa2014-60/

https://www.mozilla.org/en-US/security/advisories/mfsa2014-61/

https://www.mozilla.org/en-US/security/advisories/mfsa2014-62/

https://www.mozilla.org/en-US/security/advisories/mfsa2014-63/

https://www.mozilla.org/en-US/security/advisories/mfsa2014-64/

https://www.mozilla.org/en-US/security/advisories/mfsa2014-65/

https://www.mozilla.org/en-US/security/advisories/mfsa2014-66/

https://www.mozilla.org/en-US/security/advisories/

http://www.nessus.org/u?30b8d994

Plugin Details

Severity: Critical

ID: 76720

File Name: freebsd_pkg_978b0f76122d11e4afe3bc5ff4fb5e7b.nasl

Version: 1.5

Type: local

Published: 2014/07/24

Updated: 2018/11/21

Dependencies: 12634

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:firefox, p-cpe:/a:freebsd:freebsd:firefox-esr, p-cpe:/a:freebsd:freebsd:linux-firefox, p-cpe:/a:freebsd:freebsd:linux-thunderbird, p-cpe:/a:freebsd:freebsd:nss, p-cpe:/a:freebsd:freebsd:thunderbird, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2014/07/23

Vulnerability Publication Date: 2014/07/22

Reference Information

CVE: CVE-2014-1544, CVE-2014-1547, CVE-2014-1548, CVE-2014-1549, CVE-2014-1550, CVE-2014-1551, CVE-2014-1552, CVE-2014-1555, CVE-2014-1556, CVE-2014-1557, CVE-2014-1558, CVE-2014-1559, CVE-2014-1560, CVE-2014-1561