FreeBSD : mozilla -- multiple vulnerabilities (2d56c7f4-b354-428f-8f48-38150c607a05)

High Nessus Plugin ID 86079

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 6.7

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

The Mozilla Project reports :

MFSA 2015-96 Miscellaneous memory safety hazards (rv:41.0 / rv:38.3)

MFSA 2015-97 Memory leak in mozTCPSocket to servers

MFSA 2015-98 Out of bounds read in QCMS library with ICC V4 profile attributes

MFSA 2015-99 Site attribute spoofing on Android by pasting URL with unknown scheme

MFSA 2015-100 Arbitrary file manipulation by local user through Mozilla updater

MFSA 2015-101 Buffer overflow in libvpx while parsing vp9 format video

MFSA 2015-102 Crash when using debugger with SavedStacks in JavaScript

MFSA 2015-103 URL spoofing in reader mode

MFSA 2015-104 Use-after-free with shared workers and IndexedDB

MFSA 2015-105 Buffer overflow while decoding WebM video

MFSA 2015-106 Use-after-free while manipulating HTML media content

MFSA 2015-107 Out-of-bounds read during 2D canvas display on Linux 16-bit color depth systems

MFSA 2015-108 Scripted proxies can access inner window

MFSA 2015-109 JavaScript immutable property enforcement can be bypassed

MFSA 2015-110 Dragging and dropping images exposes final URL after redirects

MFSA 2015-111 Errors in the handling of CORS preflight request headers

MFSA 2015-112 Vulnerabilities found through code inspection

MFSA 2015-113 Memory safety errors in libGLES in the ANGLE graphics library

MFSA 2015-114 Information disclosure via the High Resolution Time API

Solution

Update the affected packages.

See Also

https://www.mozilla.org/en-US/security/advisories/mfsa2015-96/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-97/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-98/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-99/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-100/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-101/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-102/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-103/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-104/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-105/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-106/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-107/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-108/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-109/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-110/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-111/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-112/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-113/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-114/

http://www.nessus.org/u?ae1ba50a

Plugin Details

Severity: High

ID: 86079

File Name: freebsd_pkg_2d56c7f4b354428f8f4838150c607a05.nasl

Version: 2.9

Type: local

Published: 2015/09/23

Updated: 2020/09/23

Dependencies: 12634

Risk Information

Risk Factor: High

VPR Score: 6.7

CVSS v2.0

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:firefox, p-cpe:/a:freebsd:freebsd:firefox-esr, p-cpe:/a:freebsd:freebsd:libxul, p-cpe:/a:freebsd:freebsd:linux-firefox, p-cpe:/a:freebsd:freebsd:linux-seamonkey, p-cpe:/a:freebsd:freebsd:linux-thunderbird, p-cpe:/a:freebsd:freebsd:seamonkey, p-cpe:/a:freebsd:freebsd:thunderbird, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2015/09/22

Vulnerability Publication Date: 2015/09/22

Reference Information

CVE: CVE-2015-4476, CVE-2015-4500, CVE-2015-4501, CVE-2015-4502, CVE-2015-4503, CVE-2015-4504, CVE-2015-4505, CVE-2015-4506, CVE-2015-4507, CVE-2015-4508, CVE-2015-4509, CVE-2015-4510, CVE-2015-4512, CVE-2015-4516, CVE-2015-4517, CVE-2015-4519, CVE-2015-4520, CVE-2015-4521, CVE-2015-4522, CVE-2015-7174, CVE-2015-7175, CVE-2015-7176, CVE-2015-7177, CVE-2015-7178, CVE-2015-7179, CVE-2015-7180