Detections
Analytics

FreeBSD : mozilla -- multiple vulnerabilities (84630f4a-cd8c-11da-b7b9-000c6ec775d9)

critical Nessus Plugin ID 21461

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

A Mozilla Foundation Security Advisory reports of multiple issues.
Several of which can be used to run arbitrary code with the privilege of the user running the program.

- MFSA 2006-29 Spoofing with translucent windows

- MFSA 2006-28 Security check of js_ValueToFunctionObject() can be circumvented

- MFSA 2006-26 Mail Multiple Information Disclosure

- MFSA 2006-25 Privilege escalation through Print Preview

- MFSA 2006-24 Privilege escalation using crypto.generateCRMFRequest

- MFSA 2006-23 File stealing by changing input type

- MFSA 2006-22 CSS Letter-Spacing Heap Overflow Vulnerability

- MFSA 2006-20 Crashes with evidence of memory corruption (rv:1.8.0.2)

- MFSA 2006-19 Cross-site scripting using .valueOf.call()

- MFSA 2006-18 Mozilla Firefox Tag Order Vulnerability

- MFSA 2006-17 cross-site scripting through window.controllers

- MFSA 2006-16 Accessing XBL compilation scope via valueOf.call()

- MFSA 2006-15 Privilege escalation using a JavaScript function's cloned parent

- MFSA 2006-14 Privilege escalation via XBL.method.eval

- MFSA 2006-13 Downloading executables with 'Save Image As...'

- MFSA 2006-12 Secure-site spoof (requires security warning dialog)

- MFSA 2006-11 Crashes with evidence of memory corruption (rv:1.8)

- MFSA 2006-10 JavaScript garbage-collection hazard audit

- MFSA 2006-09 Cross-site JavaScript injection using event handlers

Solution

Update the affected packages.

See Also

https://www.mozilla.org/en-US/security/advisories/mfsa2006-09/

https://www.mozilla.org/en-US/security/advisories/mfsa2006-10/

https://www.mozilla.org/en-US/security/advisories/mfsa2006-11/

https://www.mozilla.org/en-US/security/advisories/mfsa2006-12/

https://www.mozilla.org/en-US/security/advisories/mfsa2006-13/

https://www.mozilla.org/en-US/security/advisories/mfsa2006-14/

https://www.mozilla.org/en-US/security/advisories/mfsa2006-15/

https://www.mozilla.org/en-US/security/advisories/mfsa2006-16/

https://www.mozilla.org/en-US/security/advisories/mfsa2006-17/

https://www.mozilla.org/en-US/security/advisories/mfsa2006-18/

https://www.mozilla.org/en-US/security/advisories/mfsa2006-19/

https://www.mozilla.org/en-US/security/advisories/mfsa2006-20/

https://www.mozilla.org/en-US/security/advisories/mfsa2006-22/

https://www.mozilla.org/en-US/security/advisories/mfsa2006-23/

https://www.mozilla.org/en-US/security/advisories/mfsa2006-25/

https://www.mozilla.org/en-US/security/advisories/mfsa2006-26/

https://www.mozilla.org/en-US/security/advisories/mfsa2006-28/

https://www.mozilla.org/en-US/security/advisories/mfsa2006-29/

https://www.zerodayinitiative.com/advisories/ZDI-06-010.html

http://www.nessus.org/u?6fa96c5c

http://www.nessus.org/u?415f7da4

Plugin Details

Severity: Critical

ID: 21461

File Name: freebsd_pkg_84630f4acd8c11dab7b9000c6ec775d9.nasl

Version: 1.21

Type: local

Published: 5/13/2006

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:firefox, p-cpe:/a:freebsd:freebsd:linux-firefox, p-cpe:/a:freebsd:freebsd:linux-mozilla, p-cpe:/a:freebsd:freebsd:linux-mozilla-devel, p-cpe:/a:freebsd:freebsd:linux-seamonkey, p-cpe:/a:freebsd:freebsd:mozilla, p-cpe:/a:freebsd:freebsd:mozilla-thunderbird, p-cpe:/a:freebsd:freebsd:seamonkey, p-cpe:/a:freebsd:freebsd:thunderbird, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 4/16/2006

Vulnerability Publication Date: 4/13/2006

Reference Information

CVE: CVE-2006-0749, CVE-2006-1045, CVE-2006-1529, CVE-2006-1530, CVE-2006-1531, CVE-2006-1723, CVE-2006-1724, CVE-2006-1725, CVE-2006-1726, CVE-2006-1727, CVE-2006-1728, CVE-2006-1729, CVE-2006-1730, CVE-2006-1731, CVE-2006-1732, CVE-2006-1733, CVE-2006-1734, CVE-2006-1735, CVE-2006-1736, CVE-2006-1737, CVE-2006-1738, CVE-2006-1739, CVE-2006-1740, CVE-2006-1741, CVE-2006-1742, CVE-2006-1790