[USN-626-1] Firefox and xulrunner vulnerabilities
Severity
High
CVEs
3
firefox-3.0, xulrunner-1.9 vulnerabilities
A flaw was discovered in the browser engine. A variable could be made to
overflow causing the browser to crash. If a user were tricked into opening
a malicious web page, an attacker could cause a denial of service or
possibly execute arbitrary code with the privileges of the user invoking
the program. (CVE-2008-2785)
Billy Rios discovered that Firefox and xulrunner, as used by browsers
such as Epiphany, did not properly perform URI splitting with pipe
symbols when passed a command-line URI. If Firefox or xulrunner were
passed a malicious URL, an attacker may be able to execute local
content with chrome privileges. (CVE-2008-2933)
- ID
- USN-626-1
- Severity
- high
- Severity from
- CVE-2008-2785
- URL
- https://ubuntu.com/security/notices/USN-626-1
- Published
-
2008-07-28T23:13:33
(16 years ago) - Modified
-
2008-07-28T23:13:33
(16 years ago) - Other Advisories
ELSA-2008-0597
FEDORA-2008-6491
GLSA-200808-03
VU:130923| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |