FreeBSD : mozilla -- multiple vulnerabilities (4f00dac0-1e18-4481-95af-7aaad63fd303)

Critical Nessus Plugin ID 88512

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

Mozilla Foundation reports :

MFSA 2016-01 Miscellaneous memory safety hazards (rv:44.0 / rv:38.6)

MFSA 2016-02 Out of Memory crash when parsing GIF format images

MFSA 2016-03 Buffer overflow in WebGL after out of memory allocation

MFSA 2016-04 Firefox allows for control characters to be set in cookie names

MFSA 2016-06 Missing delay following user click events in protocol handler dialog

MFSA 2016-09 Addressbar spoofing attacks

MFSA 2016-10 Unsafe memory manipulation found through code inspection

MFSA 2016-11 Application Reputation service disabled in Firefox 43

Solution

Update the affected packages.

See Also

https://www.mozilla.org/security/advisories/mfsa2016-01/

https://www.mozilla.org/security/advisories/mfsa2016-02/

https://www.mozilla.org/security/advisories/mfsa2016-03/

https://www.mozilla.org/security/advisories/mfsa2016-04/

https://www.mozilla.org/security/advisories/mfsa2016-06/

https://www.mozilla.org/security/advisories/mfsa2016-09/

https://www.mozilla.org/security/advisories/mfsa2016-10/

https://www.mozilla.org/security/advisories/mfsa2016-11/

http://www.nessus.org/u?10916cbd

Plugin Details

Severity: Critical

ID: 88512

File Name: freebsd_pkg_4f00dac01e18448195af7aaad63fd303.nasl

Version: 2.11

Type: local

Published: 2016/02/02

Modified: 2018/09/04

Dependencies: 12634

Risk Information

Risk Factor: Critical

CVSSv2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSSv3

Base Score: 10

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:firefox, p-cpe:/a:freebsd:freebsd:firefox-esr, p-cpe:/a:freebsd:freebsd:libxul, p-cpe:/a:freebsd:freebsd:linux-firefox, p-cpe:/a:freebsd:freebsd:linux-seamonkey, p-cpe:/a:freebsd:freebsd:linux-thunderbird, p-cpe:/a:freebsd:freebsd:seamonkey, p-cpe:/a:freebsd:freebsd:thunderbird, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2016/02/01

Vulnerability Publication Date: 2016/01/26

Reference Information

CVE: CVE-2015-7208, CVE-2016-1930, CVE-2016-1931, CVE-2016-1933, CVE-2016-1935, CVE-2016-1937, CVE-2016-1939, CVE-2016-1942, CVE-2016-1943, CVE-2016-1944, CVE-2016-1945, CVE-2016-1946, CVE-2016-1947