Detections
Analytics
FreeBSD : mozilla -- multiple vulnerabilities (e3ff776b-2ba6-11e1-93c6-0011856a6e37)
critical Nessus Plugin ID 57355
Language:
Synopsis
The remote FreeBSD host is missing one or more security-related updates.Description
The Mozilla Project reports :MFSA 2011-53 Miscellaneous memory safety hazards (rv:9.0)
MFSA 2011-54 Potentially exploitable crash in the YARR regular expression library
MFSA 2011-55 nsSVGValue out-of-bounds access
MFSA 2011-56 Key detection without JavaScript via SVG animation
MFSA 2011-58 Crash scaling video to extreme sizes
Solution
Update the affected packages.See Also
https://www.mozilla.org/en-US/security/advisories/mfsa2011-53/
https://www.mozilla.org/en-US/security/advisories/mfsa2011-54/
https://www.mozilla.org/en-US/security/advisories/mfsa2011-55/
https://www.mozilla.org/en-US/security/advisories/mfsa2011-56/
https://www.mozilla.org/en-US/security/advisories/mfsa2011-58/
Plugin Details
Severity: Critical
ID: 57355
File Name: freebsd_pkg_e3ff776b2ba611e193c60011856a6e37.nasl
Version: 1.16
Type: local
Family: FreeBSD Local Security Checks
Published: 12/21/2011
Updated: 1/6/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: High
Score: 8.5
CVSS v2
Risk Factor: Critical
Base Score: 10
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: p-cpe:/a:freebsd:freebsd:firefox, p-cpe:/a:freebsd:freebsd:linux-firefox, p-cpe:/a:freebsd:freebsd:linux-seamonkey, p-cpe:/a:freebsd:freebsd:linux-thunderbird, p-cpe:/a:freebsd:freebsd:seamonkey, p-cpe:/a:freebsd:freebsd:thunderbird, cpe:/o:freebsd:freebsd
Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 12/21/2011
Vulnerability Publication Date: 12/20/2011
Exploitable With
CANVAS (CANVAS)
Metasploit (Firefox nsSVGValue Out-of-Bounds Access Vulnerability)
Reference Information
CVE: CVE-2011-3658, CVE-2011-3660, CVE-2011-3661, CVE-2011-3663, CVE-2011-3665