FreeBSD : mozilla -- multiple vulnerabilities (d0c97697-df2c-4b8b-bff2-cec24dc35af8)

High Nessus Plugin ID 82482

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

The Mozilla Project reports :

MFSA-2015-30 Miscellaneous memory safety hazards (rv:37.0 / rv:31.6)

MFSA-2015-31 Use-after-free when using the Fluendo MP3 GStreamer plugin

MFSA-2015-32 Add-on lightweight theme installation approval bypassed through MITM attack

MFSA-2015-33 resource:// documents can load privileged pages

MFSA-2015-34 Out of bounds read in QCMS library

MFSA-2015-35 Cursor clickjacking with flash and images

MFSA-2015-36 Incorrect memory management for simple-type arrays in WebRTC

MFSA-2015-37 CORS requests should not follow 30x redirections after preflight

MFSA-2015-38 Memory corruption crashes in Off Main Thread Compositing

MFSA-2015-39 Use-after-free due to type confusion flaws

MFSA-2015-40 Same-origin bypass through anchor navigation

MFSA-2015-41 PRNG weakness allows for DNS poisoning on Android

MFSA-2015-42 Windows can retain access to privileged content on navigation to unprivileged pages

Solution

Update the affected packages.

See Also

https://www.mozilla.org/en-US/security/advisories/mfsa2015-30/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-31/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-32/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-33/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-34/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-35/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-36/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-37/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-38/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-39/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-40/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-41/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-42/

https://www.mozilla.org/en-US/security/advisories/

http://www.nessus.org/u?1fb120cc

Plugin Details

Severity: High

ID: 82482

File Name: freebsd_pkg_d0c97697df2c4b8bbff2cec24dc35af8.nasl

Version: 1.10

Type: local

Published: 2015/04/01

Updated: 2019/07/10

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:firefox, p-cpe:/a:freebsd:freebsd:firefox-esr, p-cpe:/a:freebsd:freebsd:libxul, p-cpe:/a:freebsd:freebsd:linux-firefox, p-cpe:/a:freebsd:freebsd:linux-seamonkey, p-cpe:/a:freebsd:freebsd:linux-thunderbird, p-cpe:/a:freebsd:freebsd:seamonkey, p-cpe:/a:freebsd:freebsd:thunderbird, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2015/03/31

Vulnerability Publication Date: 2015/03/31

Exploitable With

Metasploit (Firefox PDF.js Privileged Javascript Injection)

Reference Information

CVE: CVE-2012-2808, CVE-2015-0800, CVE-2015-0801, CVE-2015-0802, CVE-2015-0803, CVE-2015-0804, CVE-2015-0805, CVE-2015-0806, CVE-2015-0807, CVE-2015-0808, CVE-2015-0810, CVE-2015-0811, CVE-2015-0812, CVE-2015-0813, CVE-2015-0814, CVE-2015-0815, CVE-2015-0816