Detections
Analytics
FreeBSD : mozilla -- multiple vulnerabilities (8065d37b-8e7c-4707-a608-1b0a2b8509c3)
high Nessus Plugin ID 91509
Language:
Synopsis
The remote FreeBSD host is missing one or more security-related updates.Description
Mozilla Foundation reports :MFSA 2016-49 Miscellaneous memory safety hazards (rv:47.0 / rv:45.2)
MFSA 2016-50 Buffer overflow parsing HTML5 fragments
MFSA 2016-51 Use-after-free deleting tables from a contenteditable document
MFSA 2016-52 Addressbar spoofing though the SELECT element
MFSA 2016-54 Partial same-origin-policy through setting location.host through data URI
MFSA 2016-56 Use-after-free when textures are used in WebGL operations after recycle pool destruction
MFSA 2016-57 Incorrect icon displayed on permissions notifications
MFSA 2016-58 Entering fullscreen and persistent pointerlock without user permission
MFSA 2016-59 Information disclosure of disabled plugins through CSS pseudo-classes
MFSA 2016-60 Java applets bypass CSP protections
Solution
Update the affected packages.See Also
http://www.nessus.org/u?ebb97f1d
https://www.mozilla.org/en-US/security/advisories/mfsa2016-49/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-50/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-51/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-52/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-54/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-56/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-57/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-58/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-59/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-60/
Plugin Details
Severity: High
ID: 91509
File Name: freebsd_pkg_8065d37b8e7c4707a6081b0a2b8509c3.nasl
Version: 2.12
Type: local
Family: FreeBSD Local Security Checks
Published: 6/8/2016
Updated: 1/4/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: High
Score: 8.9
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Temporal Score: 5.9
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS v3
Risk Factor: High
Base Score: 8.8
Temporal Score: 8.4
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:freebsd:freebsd:firefox, p-cpe:/a:freebsd:freebsd:firefox-esr, p-cpe:/a:freebsd:freebsd:libxul, p-cpe:/a:freebsd:freebsd:linux-firefox, p-cpe:/a:freebsd:freebsd:linux-seamonkey, p-cpe:/a:freebsd:freebsd:linux-thunderbird, p-cpe:/a:freebsd:freebsd:seamonkey, p-cpe:/a:freebsd:freebsd:thunderbird, cpe:/o:freebsd:freebsd
Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 6/7/2016
Vulnerability Publication Date: 6/7/2016
Reference Information
CVE: CVE-2016-2815, CVE-2016-2818, CVE-2016-2819, CVE-2016-2821, CVE-2016-2822, CVE-2016-2825, CVE-2016-2828, CVE-2016-2829, CVE-2016-2831, CVE-2016-2832, CVE-2016-2833