Ubuntu Security Notice (C) 2008-2015 Canonical, Inc. / NASL script (C) 2008-2015 Tenable Network Security, Inc.
The remote Ubuntu host is missing one or more security-related patches.
USN-626-1 fixed vulnerabilities in xulrunner-1.9. The changes required
that Devhelp, Epiphany, Midbrowser and Yelp also be updated to use the
A flaw was discovered in the browser engine. A variable could be made
to overflow causing the browser to crash. If a user were tricked into
opening a malicious web page, an attacker could cause a denial of
service or possibly execute arbitrary code with the privileges of the
user invoking the program. (CVE-2008-2785)
Billy Rios discovered that Firefox and xulrunner, as used by
browsers such as Epiphany, did not properly perform URI
splitting with pipe symbols when passed a command-line URI.
If Firefox or xulrunner were passed a malicious URL, an
attacker may be able to execute local content with chrome
Update the affected packages.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 8.1
Public Exploit Available : false