FreeBSD : mozilla -- multiple vulnerabilities (99029172-8253-407d-9d8b-2cfeab9abf81)

high Nessus Plugin ID 81588

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

The Mozilla Project reports :

MFSA-2015-11 Miscellaneous memory safety hazards (rv:36.0 / rv:31.5)

MFSA-2015-12 Invoking Mozilla updater will load locally stored DLL files

MFSA-2015-13 Appended period to hostnames can bypass HPKP and HSTS protections

MFSA-2015-14 Malicious WebGL content crash when writing strings

MFSA-2015-15 TLS TURN and STUN connections silently fail to simple TCP connections

MFSA-2015-16 Use-after-free in IndexedDB

MFSA-2015-17 Buffer overflow in libstagefright during MP4 video playback

MFSA-2015-18 Double-free when using non-default memory allocators with a zero-length XHR

MFSA-2015-19 Out-of-bounds read and write while rendering SVG content

MFSA-2015-20 Buffer overflow during CSS restyling

MFSA-2015-21 Buffer underflow during MP3 playback

MFSA-2015-22 Crash using DrawTarget in Cairo graphics library

MFSA-2015-23 Use-after-free in Developer Console date with OpenType Sanitiser

MFSA-2015-24 Reading of local files through manipulation of form autocomplete

MFSA-2015-25 Local files or privileged URLs in pages can be opened into new tabs

MFSA-2015-26 UI Tour whitelisted sites in background tab can spoof foreground tabs

MFSA-2015-27 Caja Compiler JavaScript sandbox bypass

Solution

Update the affected packages.

See Also

https://www.mozilla.org/en-US/security/advisories/mfsa2015-12/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-13/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-14/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-15/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-16/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-17/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-18/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-19/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-20/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-21/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-22/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-23/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-24/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-25/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-26/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-27/

https://www.mozilla.org/en-US/security/advisories/

http://www.nessus.org/u?e859c381

https://www.mozilla.org/en-US/security/advisories/mfsa2015-11/

Plugin Details

Severity: High

ID: 81588

File Name: freebsd_pkg_990291728253407d9d8b2cfeab9abf81.nasl

Version: 1.9

Type: local

Published: 3/2/2015

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:firefox-esr, p-cpe:/a:freebsd:freebsd:thunderbird, p-cpe:/a:freebsd:freebsd:seamonkey, p-cpe:/a:freebsd:freebsd:linux-seamonkey, p-cpe:/a:freebsd:freebsd:libxul, cpe:/o:freebsd:freebsd, p-cpe:/a:freebsd:freebsd:linux-firefox, p-cpe:/a:freebsd:freebsd:linux-thunderbird, p-cpe:/a:freebsd:freebsd:firefox

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2/27/2015

Vulnerability Publication Date: 2/24/2015

Reference Information

CVE: CVE-2015-0819, CVE-2015-0820, CVE-2015-0821, CVE-2015-0822, CVE-2015-0823, CVE-2015-0824, CVE-2015-0825, CVE-2015-0826, CVE-2015-0827, CVE-2015-0828, CVE-2015-0829, CVE-2015-0830, CVE-2015-0831, CVE-2015-0832, CVE-2015-0833, CVE-2015-0834, CVE-2015-0835, CVE-2015-0836