FreeBSD : mozilla -- multiple vulnerabilities (2273879e-8a2f-11dd-a6fe-0030843d3802)

critical Nessus Plugin ID 34270

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

The Mozilla Foundation reports :

MFSA 2008-37UTF-8 URL stack-based buffer overflow

MFSA 2008-38nsXMLDocument::OnChannelRedirect() same-origin violation

MFSA 2008-39Privilege escalation using feed preview page and XSS flaw

MFSA 2008-40Forced mouse drag

MFSA 2008-41Privilege escalation via XPCnativeWrapper pollution

MFSA 2008-42Crashes with evidence of memory corruption (rv:1.9.0.2/1.8.1.17)

MFSA 2008-43BOM characters stripped from JavaScript before execution

MFSA 2008-44resource: traversal vulnerabilities

MFSA 2008-45XBM image uninitialized memory reading

Solution

Update the affected packages.

See Also

https://www.mozilla.org/en-US/security/advisories/mfsa2008-37/

https://www.mozilla.org/en-US/security/advisories/mfsa2008-38/

https://www.mozilla.org/en-US/security/advisories/mfsa2008-39/

https://www.mozilla.org/en-US/security/advisories/mfsa2008-40/

https://www.mozilla.org/en-US/security/advisories/mfsa2008-41/

https://www.mozilla.org/en-US/security/advisories/mfsa2008-42/

https://www.mozilla.org/en-US/security/advisories/mfsa2008-43/

https://www.mozilla.org/en-US/security/advisories/mfsa2008-44/

https://www.mozilla.org/en-US/security/advisories/mfsa2008-45/

http://www.nessus.org/u?3e7b079c

Plugin Details

Severity: Critical

ID: 34270

File Name: freebsd_pkg_2273879e8a2f11dda6fe0030843d3802.nasl

Version: 1.26

Type: local

Published: 9/24/2008

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:firefox, p-cpe:/a:freebsd:freebsd:flock, p-cpe:/a:freebsd:freebsd:linux-firefox, p-cpe:/a:freebsd:freebsd:linux-firefox-devel, p-cpe:/a:freebsd:freebsd:linux-flock, p-cpe:/a:freebsd:freebsd:linux-seamonkey, p-cpe:/a:freebsd:freebsd:linux-seamonkey-devel, p-cpe:/a:freebsd:freebsd:linux-thunderbird, p-cpe:/a:freebsd:freebsd:seamonkey, p-cpe:/a:freebsd:freebsd:thunderbird, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/24/2008

Vulnerability Publication Date: 9/24/2008

Exploitable With

CANVAS (CANVAS)

Core Impact

Reference Information

CVE: CVE-2008-0016, CVE-2008-3835, CVE-2008-3836, CVE-2008-3837, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062, CVE-2008-4063, CVE-2008-4064, CVE-2008-4065, CVE-2008-4067, CVE-2008-4068, CVE-2008-4069

CWE: 119, 189, 200, 22, 264, 399, 79