FreeBSD : mozilla -- heap overflow in NNTP handler (3fbf9db2-658b-11d9-abad-000a95bc6fae)

medium Nessus Plugin ID 18912

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

Maurycy Prodeus reports a critical vulnerability in Mozilla-based browsers :

Mozilla browser supports NNTP urls. Remote side is able to trigger news:// connection to any server. I found a flaw in NNTP handling code which may cause heap overflow and allow remote attacker to execute arbitrary code on client machine.

Solution

Update the affected packages.

See Also

https://isec.pl/en/vulnerabilities/isec-0020-mozilla.txt

https://marc.info/?l=bugtraq&m=110436284718949

http://www.nessus.org/u?fc788a63

Plugin Details

Severity: Medium

ID: 18912

File Name: freebsd_pkg_3fbf9db2658b11d9abad000a95bc6fae.nasl

Version: 1.17

Type: local

Published: 7/13/2005

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:de-linux-netscape, p-cpe:/a:freebsd:freebsd:de-netscape7, p-cpe:/a:freebsd:freebsd:fr-linux-netscape, p-cpe:/a:freebsd:freebsd:fr-netscape7, p-cpe:/a:freebsd:freebsd:ja-linux-netscape, p-cpe:/a:freebsd:freebsd:ja-netscape7, p-cpe:/a:freebsd:freebsd:linux-mozilla, p-cpe:/a:freebsd:freebsd:linux-mozilla-devel, p-cpe:/a:freebsd:freebsd:linux-netscape, p-cpe:/a:freebsd:freebsd:mozilla, p-cpe:/a:freebsd:freebsd:mozilla%2bipv6, p-cpe:/a:freebsd:freebsd:mozilla-embedded, p-cpe:/a:freebsd:freebsd:mozilla-gtk, p-cpe:/a:freebsd:freebsd:mozilla-gtk1, p-cpe:/a:freebsd:freebsd:mozilla-gtk2, p-cpe:/a:freebsd:freebsd:netscape7, p-cpe:/a:freebsd:freebsd:pt_br-netscape7, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 1/13/2005

Vulnerability Publication Date: 12/29/2004

Reference Information

CVE: CVE-2004-1316