CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
Confidence
High
EPSS
Percentile
97.4%
USN-626-1 fixed vulnerabilities in xulrunner-1.9. The changes required
that Devhelp, Epiphany, Midbrowser and Yelp also be updated to use the
new xulrunner-1.9.
Original advisory details:
A flaw was discovered in the browser engine. A variable could be made to
overflow causing the browser to crash. If a user were tricked into opening
a malicious web page, an attacker could cause a denial of service or
possibly execute arbitrary code with the privileges of the user invoking
the program. (CVE-2008-2785)
Billy Rios discovered that Firefox and xulrunner, as used by browsers
such as Epiphany, did not properly perform URI splitting with pipe
symbols when passed a command-line URI. If Firefox or xulrunner were
passed a malicious URL, an attacker may be able to execute local
content with chrome privileges. (CVE-2008-2933)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 8.04 | noarch | midbrowser | <ย 0.3.0rc1a-1~8.04.2 | UNKNOWN |
Ubuntu | 8.04 | noarch | epiphany-gecko | <ย 2.22.2-0ubuntu0.8.04.5 | UNKNOWN |
Ubuntu | 8.04 | noarch | epiphany-browser-dbg | <ย 2.22.2-0ubuntu0.8.04.5 | UNKNOWN |
Ubuntu | 8.04 | noarch | devhelp | <ย 0.19-1ubuntu1.8.04.3 | UNKNOWN |
Ubuntu | 8.04 | noarch | libdevhelp-1-0 | <ย 0.19-1ubuntu1.8.04.3 | UNKNOWN |
Ubuntu | 8.04 | noarch | libdevhelp-1-dev | <ย 0.19-1ubuntu1.8.04.3 | UNKNOWN |
Ubuntu | 8.04 | noarch | yelp | <ย 2.22.1-0ubuntu2.8.04.2 | UNKNOWN |