Ubuntu Security Notice (C) 2008-2016 Canonical, Inc. / NASL script (C) 2009-2016 Tenable Network Security, Inc.
The remote Ubuntu host is missing one or more security-related
Justin Schuh, Tom Cross and Peter Williams discovered errors in the
Firefox URL parsing routines. If a user were tricked into opening a
crafted hyperlink, an attacker could overflow a stack buffer and
execute arbitrary code. (CVE-2008-0016)
It was discovered that the same-origin check in Firefox could be
bypassed. If a user were tricked into opening a malicious website, an
different website. (CVE-2008-3835)
allow an attacker to execute scripts from page content with chrome
Paul Nickerson discovered Firefox did not properly process mouse click
events. If a user were tricked into opening a malicious web page, an
attacker could move the content window, which could potentially be
used to force a user to perform unintended drag and drop operations.
Several problems were discovered in the browser engine. This could
allow an attacker to execute code with chrome privileges.
(CVE-2008-4058, CVE-2008-4059, CVE-2008-4060)
Drew Yao, David Maciejak and other Mozilla developers found several
problems in the browser engine of Firefox. If a user were tricked into
opening a malicious web page, an attacker could cause a denial of
service or possibly execute arbitrary code with the privileges of the
user invoking the program. (CVE-2008-4061, CVE-2008-4062,
processing certain BOM characters. An attacker could exploit this to
bypass script filters and perform cross-site scripting attacks.
Gareth Heyes discovered a flaw in the HTML parser of Firefox. If a
user were tricked into opening a malicious web page, an attacker could
bypass script filtering and perform cross-site scripting attacks.
Boris Zbarsky and Georgi Guninski independently discovered flaws in
the resource: protocol. An attacker could exploit this to perform
directory traversal, read information about the system, and prompt the
user to save information in a file. (CVE-2008-4067, CVE-2008-4068)
Billy Hoffman discovered a problem in the XBM decoder. If a user were
tricked into opening a malicious web page or XBM file, an attacker may
be able to cause a denial of service via application crash.
Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.
Update the affected packages.
Risk factor :
Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 8.7
Public Exploit Available : true
Family: Ubuntu Local Security Checks
Nessus Plugin ID: 36243 ()
Bugtraq ID: 31346
CVE ID: CVE-2008-0016
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now