Ubuntu Security Notice (C) 2007-2014 Canonical, Inc. / NASL script (C) 2007-2014 Tenable Network Security, Inc.
The remote Ubuntu host is missing one or more security-related patches.
It was discovered that Firefox incorrectly associated redirected sites
as the origin of 'jar:' contents. A malicious website could exploit
this to modify or steal confidential data (such as passwords) from
other web sites. (CVE-2007-5947)
tricking a user into opening a malicious web page, an attacker could
execute arbitrary code with the user's privileges. (CVE-2007-5959)
manipulate Firefox's Referer header. A malicious website could exploit
this to conduct cross-site request forgeries against sites that relied
only on Referer headers for protection from such attacks.
Update the affected packages.
Risk factor :
High / CVSS Base Score : 9.3