FreeBSD : firefox -- multiple vulnerabilities (8b491182-f842-11dd-94d9-0030843d3802)

critical Nessus Plugin ID 35640

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

Mozilla Foundation reports :

MFSA 2009-06: Directives to not cache pages ignored

MFSA 2009-05: XMLHttpRequest allows reading HTTPOnly cookies

MFSA 2009-04: Chrome privilege escalation via local .desktop files

MFSA 2009-03: Local file stealing with SessionStore

MFSA 2009-02: XSS using a chrome XBL method and window.eval

MFSA 2009-01: Crashes with evidence of memory corruption (rv:1.9.0.6)

Solution

Update the affected packages.

See Also

https://www.mozilla.org/en-US/security/advisories/mfsa2009-01/

https://www.mozilla.org/en-US/security/advisories/mfsa2009-02/

https://www.mozilla.org/en-US/security/advisories/mfsa2009-03/

https://www.mozilla.org/en-US/security/advisories/mfsa2009-04/

https://www.mozilla.org/en-US/security/advisories/mfsa2009-05/

https://www.mozilla.org/en-US/security/advisories/mfsa2009-06/

http://www.nessus.org/u?22e75117

Plugin Details

Severity: Critical

ID: 35640

File Name: freebsd_pkg_8b491182f84211dd94d90030843d3802.nasl

Version: 1.24

Type: local

Published: 2/12/2009

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:thunderbird, p-cpe:/a:freebsd:freebsd:seamonkey, p-cpe:/a:freebsd:freebsd:linux-seamonkey, p-cpe:/a:freebsd:freebsd:linux-seamonkey-devel, p-cpe:/a:freebsd:freebsd:linux-firefox-devel, cpe:/o:freebsd:freebsd, p-cpe:/a:freebsd:freebsd:linux-firefox, p-cpe:/a:freebsd:freebsd:linux-thunderbird, p-cpe:/a:freebsd:freebsd:firefox

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2/11/2009

Vulnerability Publication Date: 2/4/2009

Reference Information

CVE: CVE-2009-0352, CVE-2009-0353, CVE-2009-0354, CVE-2009-0355, CVE-2009-0356, CVE-2009-0357, CVE-2009-0358

CWE: 200, 264, 399, 59, 79

Secunia: 33799