9.3 High
AI Score
Confidence
High
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.435 Medium
EPSS
Percentile
97.3%
USN-626-1 fixed vulnerabilities in xulrunner-1.9. The changes required
that Devhelp, Epiphany, Midbrowser and Yelp also be updated to use the
new xulrunner-1.9.
Original advisory details:
A flaw was discovered in the browser engine. A variable could be made to
overflow causing the browser to crash. If a user were tricked into opening
a malicious web page, an attacker could cause a denial of service or
possibly execute arbitrary code with the privileges of the user invoking
the program. (CVE-2008-2785)
Billy Rios discovered that Firefox and xulrunner, as used by browsers
such as Epiphany, did not properly perform URI splitting with pipe
symbols when passed a command-line URI. If Firefox or xulrunner were
passed a malicious URL, an attacker may be able to execute local
content with chrome privileges. (CVE-2008-2933)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 8.04 | noarch | midbrowser | < 0.3.0rc1a-1~8.04.2 | UNKNOWN |
Ubuntu | 8.04 | noarch | epiphany-gecko | < 2.22.2-0ubuntu0.8.04.5 | UNKNOWN |
Ubuntu | 8.04 | noarch | epiphany-browser-dbg | < 2.22.2-0ubuntu0.8.04.5 | UNKNOWN |
Ubuntu | 8.04 | noarch | devhelp | < 0.19-1ubuntu1.8.04.3 | UNKNOWN |
Ubuntu | 8.04 | noarch | libdevhelp-1-0 | < 0.19-1ubuntu1.8.04.3 | UNKNOWN |
Ubuntu | 8.04 | noarch | libdevhelp-1-dev | < 0.19-1ubuntu1.8.04.3 | UNKNOWN |
Ubuntu | 8.04 | noarch | yelp | < 2.22.1-0ubuntu2.8.04.2 | UNKNOWN |