USN-895-1 : firefox-3.0, xulrunner-1.9 vulnerabilities

NASLDB: USN-895-1 : firefox-3.0, xulrunner-1.9 vulnerabilities

General

ID: 44655
Name: USN-895-1 : firefox-3.0, xulrunner-1.9 vulnerabilities

Summary: Checks dpkg output for updated package(s)

Credits: –

Classification

Risk: –

CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS Temporal Vector: –

Port: 0
Family: Ubuntu Local Security Checks
Type: Local

Description

Several flaws were discovered in the browser engine of Firefox. If a
user were tricked into viewing a malicious website, a remote attacker
could cause a denial of service or possibly execute arbitrary code
with the privileges of the user invoking the program. (CVE-2010-0159)

Orlando Barrera II discovered a flaw in the Web Workers
implementation of Firefox. If a user were tricked into posting to a
malicious website, an attacker could cause a denial of service or
possibly execute arbitrary code with the privileges of the user
invoking the program. (CVE-2010-0160)

Alin Rad Pop discovered that Firefox’s HTML parser would incorrectly
free memory under certain circumstances. If the browser could be made
to access these freed memory objects, an attacker could exploit this
to execute arbitrary code with the privileges of the user invoking
the program. (CVE-2009-1571)

Hidetake Jo discovered that the showModalDialog in Firefox did not
always honor the same-origin policy. An attacker could exploit this
to run untrusted JavaScript from other domains. (CVE-2009-3988)

Georgi Guninski discovered that the same-origin check in Firefox
could be bypassed by utilizing a crafted SVG image. If a user were
tricked into viewing a malicious website, an attacker could exploit
this to read data from other domains. (CVE-2010-0162)