FreeBSD : mozilla -- multiple vulnerabilities (44d9daee-940c-4179-86bb-6e3ffd617869) (Logjam)

low Nessus Plugin ID 84780
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

The Mozilla Project reports :

MFSA 2015-59 Miscellaneous memory safety hazards (rv:39.0 / rv:31.8 / rv:38.1)

MFSA 2015-60 Local files or privileged URLs in pages can be opened into new tabs

MFSA 2015-61 Type confusion in Indexed Database Manager

MFSA 2015-62 Out-of-bound read while computing an oscillator rendering range in Web Audio

MFSA 2015-63 Use-after-free in Content Policy due to microtask execution error

MFSA 2015-64 ECDSA signature validation fails to handle some signatures correctly

MFSA 2015-65 Use-after-free in workers while using XMLHttpRequest

MFSA 2015-66 Vulnerabilities found through code inspection

MFSA 2015-67 Key pinning is ignored when overridable errors are encountered

MFSA 2015-68 OS X crash reports may contain entered key press information

MFSA 2015-69 Privilege escalation through internal workers

MFSA 2015-70 NSS accepts export-length DHE keys with regular DHE cipher suites

MFSA 2015-71 NSS incorrectly permits skipping of ServerKeyExchange

Solution

Update the affected packages.

See Also

https://www.mozilla.org/en-US/security/advisories/mfsa2015-59/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-60/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-61/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-62/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-63/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-64/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-65/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-66/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-67/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-68/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-69/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-70/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-71/

http://www.nessus.org/u?89f2cf85

Plugin Details

Severity: Low

ID: 84780

File Name: freebsd_pkg_44d9daee940c417986bb6e3ffd617869.nasl

Version: 2.12

Type: local

Published: 7/16/2015

Updated: 1/6/2021

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: Low

Base Score: 3.7

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:firefox, p-cpe:/a:freebsd:freebsd:firefox-esr, p-cpe:/a:freebsd:freebsd:libxul, p-cpe:/a:freebsd:freebsd:linux-firefox, p-cpe:/a:freebsd:freebsd:linux-seamonkey, p-cpe:/a:freebsd:freebsd:linux-thunderbird, p-cpe:/a:freebsd:freebsd:seamonkey, p-cpe:/a:freebsd:freebsd:thunderbird, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 7/16/2015

Vulnerability Publication Date: 7/2/2015

Reference Information

CVE: CVE-2015-2721, CVE-2015-2722, CVE-2015-2724, CVE-2015-2725, CVE-2015-2726, CVE-2015-2727, CVE-2015-2728, CVE-2015-2729, CVE-2015-2730, CVE-2015-2731, CVE-2015-2733, CVE-2015-2734, CVE-2015-2735, CVE-2015-2736, CVE-2015-2737, CVE-2015-2738, CVE-2015-2739, CVE-2015-2740, CVE-2015-2741, CVE-2015-2742, CVE-2015-2743, CVE-2015-4000