Detections
Analytics
FreeBSD : mozilla -- multiple vulnerabilities (610de647-af8d-11e3-a25b-b4b52fce4ce8)
critical Nessus Plugin ID 73111
Language:
Synopsis
The remote FreeBSD host is missing one or more security-related updates.Description
The Mozilla Project reports :MFSA 2014-15 Miscellaneous memory safety hazards (rv:28.0 / rv:24.4)
MFSA 2014-16 Files extracted during updates are not always read only
MFSA 2014-17 Out of bounds read during WAV file decoding
MFSA 2014-18 crypto.generateCRMFRequest does not validate type of key
MFSA 2014-19 Spoofing attack on WebRTC permission prompt
MFSA 2014-20 onbeforeunload and JavaScript navigation DOS
MFSA 2014-21 Local file access via Open Link in new tab
MFSA 2014-22 WebGL content injection from one domain to rendering in another
MFSA 2014-23 Content Security Policy for data: documents not preserved by session restore
MFSA 2014-24 Android Crash Reporter open to manipulation
MFSA 2014-25 Firefox OS DeviceStorageFile object vulnerable to relative path escape
MFSA 2014-26 Information disclosure through polygon rendering in MathML
MFSA 2014-27 Memory corruption in Cairo during PDF font rendering
MFSA 2014-28 SVG filters information disclosure through feDisplacementMap
MFSA 2014-29 Privilege escalation using WebIDL-implemented APIs
MFSA 2014-30 Use-after-free in TypeObject
MFSA 2014-31 Out-of-bounds read/write through neutering ArrayBuffer objects
MFSA 2014-32 Out-of-bounds write through TypedArrayObject after neutering
Solution
Update the affected packages.See Also
https://www.mozilla.org/en-US/security/advisories/mfsa2014-15/
https://www.mozilla.org/en-US/security/advisories/mfsa2014-16/
https://www.mozilla.org/en-US/security/advisories/mfsa2014-17/
https://www.mozilla.org/en-US/security/advisories/mfsa2014-18/
https://www.mozilla.org/en-US/security/advisories/mfsa2014-19/
https://www.mozilla.org/en-US/security/advisories/mfsa2014-20/
https://www.mozilla.org/en-US/security/advisories/mfsa2014-21/
https://www.mozilla.org/en-US/security/advisories/mfsa2014-22/
https://www.mozilla.org/en-US/security/advisories/mfsa2014-23/
https://www.mozilla.org/en-US/security/advisories/mfsa2014-24/
https://www.mozilla.org/en-US/security/advisories/mfsa2014-25/
https://www.mozilla.org/en-US/security/advisories/mfsa2014-26/
https://www.mozilla.org/en-US/security/advisories/mfsa2014-27/
https://www.mozilla.org/en-US/security/advisories/mfsa2014-28/
https://www.mozilla.org/en-US/security/advisories/mfsa2014-29/
https://www.mozilla.org/en-US/security/advisories/mfsa2014-30/
https://www.mozilla.org/en-US/security/advisories/mfsa2014-31/
https://www.mozilla.org/en-US/security/advisories/mfsa2014-32/
https://www.mozilla.org/en-US/security/known-vulnerabilities/
Plugin Details
Severity: Critical
ID: 73111
File Name: freebsd_pkg_610de647af8d11e3a25bb4b52fce4ce8.nasl
Version: 1.17
Type: local
Family: FreeBSD Local Security Checks
Published: 3/20/2014
Updated: 1/6/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Critical
Score: 9.5
CVSS v2
Risk Factor: Critical
Base Score: 10
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Information
CPE: p-cpe:/a:freebsd:freebsd:firefox, p-cpe:/a:freebsd:freebsd:firefox-esr, p-cpe:/a:freebsd:freebsd:linux-firefox, p-cpe:/a:freebsd:freebsd:linux-seamonkey, p-cpe:/a:freebsd:freebsd:linux-thunderbird, p-cpe:/a:freebsd:freebsd:seamonkey, p-cpe:/a:freebsd:freebsd:thunderbird, cpe:/o:freebsd:freebsd
Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 3/19/2014
Vulnerability Publication Date: 3/19/2014
Exploitable With
Metasploit (Firefox WebIDL Privileged Javascript Injection)
Reference Information
CVE: CVE-2014-1493, CVE-2014-1494, CVE-2014-1496, CVE-2014-1497, CVE-2014-1498, CVE-2014-1499, CVE-2014-1500, CVE-2014-1501, CVE-2014-1502, CVE-2014-1504, CVE-2014-1505, CVE-2014-1506, CVE-2014-1507, CVE-2014-1508, CVE-2014-1509, CVE-2014-1510, CVE-2014-1511, CVE-2014-1512, CVE-2014-1513, CVE-2014-1514