FreeBSD : mozilla -- multiple vulnerabilities (0998e79d-0055-11e3-905b-0025905a4771)

critical Nessus Plugin ID 69278

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

The Mozilla Project reports :

MFSA 2013-63 Miscellaneous memory safety hazards (rv:23.0 / rv:17.0.8)

MFSA 2013-64 Use after free mutating DOM during SetBody

MFSA 2013-65 Buffer underflow when generating CRMF requests

MFSA 2013-66 Buffer overflow in Mozilla Maintenance Service and Mozilla Updater

MFSA 2013-67 Crash during WAV audio file decoding

MFSA 2013-68 Document URI misrepresentation and masquerading

MFSA 2013-69 CRMF requests allow for code execution and XSS attacks

MFSA 2013-70 Bypass of XrayWrappers using XBL Scopes

MFSA 2013-71 Further Privilege escalation through Mozilla Updater

MFSA 2013-72 Wrong principal used for validating URI for some JavaScript components

MFSA 2013-73 Same-origin bypass with web workers and XMLHttpRequest

MFSA 2013-74 Firefox full and stub installer DLL hijacking

MFSA 2013-75 Local Java applets may read contents of local file system

Solution

Update the affected packages.

See Also

https://www.mozilla.org/en-US/security/advisories/mfsa2013-63/

https://www.mozilla.org/en-US/security/advisories/mfsa2013-64/

https://www.mozilla.org/en-US/security/advisories/mfsa2013-65/

https://www.mozilla.org/en-US/security/advisories/mfsa2013-66/

https://www.mozilla.org/en-US/security/advisories/mfsa2013-67/

https://www.mozilla.org/en-US/security/advisories/mfsa2013-68/

https://www.mozilla.org/en-US/security/advisories/mfsa2013-69/

https://www.mozilla.org/en-US/security/advisories/mfsa2013-70/

https://www.mozilla.org/en-US/security/advisories/mfsa2013-71/

https://www.mozilla.org/en-US/security/advisories/mfsa2013-72/

https://www.mozilla.org/en-US/security/known-vulnerabilities/

http://www.nessus.org/u?5ed72e18

Plugin Details

Severity: Critical

ID: 69278

File Name: freebsd_pkg_0998e79d005511e3905b0025905a4771.nasl

Version: 1.12

Type: local

Published: 8/9/2013

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.5

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:thunderbird, p-cpe:/a:freebsd:freebsd:seamonkey, p-cpe:/a:freebsd:freebsd:linux-seamonkey, cpe:/o:freebsd:freebsd, p-cpe:/a:freebsd:freebsd:linux-firefox, p-cpe:/a:freebsd:freebsd:linux-thunderbird, p-cpe:/a:freebsd:freebsd:firefox

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 8/8/2013

Vulnerability Publication Date: 8/6/2013

Exploitable With

Metasploit (Firefox toString console.time Privileged Javascript Injection)

Reference Information

CVE: CVE-2013-1701, CVE-2013-1702, CVE-2013-1704, CVE-2013-1705, CVE-2013-1706, CVE-2013-1707, CVE-2013-1708, CVE-2013-1709, CVE-2013-1710, CVE-2013-1711, CVE-2013-1712, CVE-2013-1713, CVE-2013-1714, CVE-2013-1715, CVE-2013-1717