Ubuntu Security Notice (C) 2008-2014 Canonical, Inc. / NASL script (C) 2013-2014 Tenable Network Security, Inc.
The remote Ubuntu host is missing one or more security-related patches.
Several flaws were discovered in the browser engine. These problems
could allow an attacker to crash the browser and possibly execute
arbitrary code with user privileges. (CVE-2008-5500)
Boris Zbarsky discovered that the same-origin check in Firefox could
be bypassed by utilizing XBL-bindings. An attacker could exploit this
to read data from other domains. (CVE-2008-5503)
Marius Schilder discovered that Firefox did not properly handle
redirects to an outside domain when an XMLHttpRequest was made to a
same-origin resource. It's possible that sensitive information could
be revealed in the XMLHttpRequest response. (CVE-2008-5506)
Chris Evans discovered that Firefox did not properly protect a user's
into opening a malicious website, an attacker may be able to steal a
limited amount of private data. (CVE-2008-5507)
tricked into opening a malicious website, an attacker could exploit
another website or with chrome privileges. (CVE-2008-5511,
Update the affected packages.
Risk factor :
Critical / CVSS Base Score : 10.0