Ubuntu Security Notice (C) 2009-2013 Canonical, Inc. / NASL script (C) 2009-2013 Tenable Network Security, Inc.
The remote Ubuntu host is missing one or more security-related patches.
Firefox. If a user were tricked into viewing a malicious website, a
remote attacker could cause a denial of service or possibly execute
arbitrary code with the privileges of the user invoking the program.
(CVE-2009-1392, CVE-2009-1832, CVE-2009-1833, CVE-2009-1837,
Pavel Cvrcek discovered that Firefox would sometimes display certain
invalid Unicode characters as whitespace. An attacker could exploit
this to spoof the location bar, such as in a phishing attack.
Gregory Fleischer, Adam Barth and Collin Jackson discovered that
Firefox would allow access to local files from resources loaded via
the file: protocol. If a user were tricked into downloading then
opening a malicious file, an attacker could steal potentially
sensitive information. (CVE-2009-1835, CVE-2009-1839)
Shuo Chen, Ziqing Mao, Yi-Min Wang, and Ming Zhang discovered that
Firefox did not properly handle error responses when connecting to a
proxy server. If a remote attacker were able to perform a
man-in-the-middle attack, this flaw could be exploited to view
sensitive information. (CVE-2009-1836)
Wladimir Palant discovered Firefox did not check content-loading
policies when loading external script files into XUL documents. As a
result, Firefox might load malicious content under certain
It was discovered that Firefox could be made to run scripts with
elevated privileges. If a user were tricked into viewing a malicious
website, an attacker could cause a chrome privileged object, such as
the browser sidebar, to run arbitrary code via interactions with the
attacker controlled website. (CVE-2009-1841).
Update the affected packages.
Risk factor :
High / CVSS Base Score : 9.3