Ubuntu Security Notice (C) 2007-2015 Canonical, Inc. / NASL script (C) 2007-2015 Tenable Network Security, Inc.
The remote Ubuntu host is missing one or more security-related patches.
A flaw was discovered in handling of 'about:blank' windows used by
addons. A malicious website could exploit this to modify the contents,
or steal confidential data (such as passwords), of other web pages.
Jesper Johansson discovered that spaces and double-quotes were not
correctly handled when launching external programs. In rare
configurations, after tricking a user into opening a malicious web
page, an attacker could execute helpers with arbitrary arguments with
the user's privileges. (CVE-2007-3845).
Update the affected packages.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 8.1
Public Exploit Available : true
Family: Ubuntu Local Security Checks
Nessus Plugin ID: 28095 ()
Bugtraq ID: 2505325142
CVE ID: CVE-2007-3844CVE-2007-3845
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.