Referenced CVEs:
CVE-2009-1044, CVE-2009-1169
Description:
===========================================================Ubuntu Security Notice USN-745-1 March 28, 2009firefox, firefox-3.0, xulrunner-1.9 vulnerabilitiesCVE-2009-1044, CVE-2009-1169===========================================================A security issue affects the following Ubuntu releases:Ubuntu 6.06 LTSUbuntu 7.10Ubuntu 8.04 LTSUbuntu 8.10This advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 6.06 LTS: firefox 1.5.dfsg+1.5.0.15~prepatch080614l-0ubuntu1Ubuntu 7.10: firefox 2.0.0.21~tb.21.308+nobinonly-0ubuntu0.7.10.1Ubuntu 8.04 LTS: firefox-3.0 3.0.8+nobinonly-0ubuntu0.8.04.2 xulrunner-1.9 1.9.0.8+nobinonly-0ubuntu0.8.04.1Ubuntu 8.10: abrowser 3.0.8+nobinonly-0ubuntu0.8.10.2 firefox-3.0 3.0.8+nobinonly-0ubuntu0.8.10.2 xulrunner-1.9 1.9.0.8+nobinonly-0ubuntu0.8.10.1After a standard system upgrade you need to restart Firefox and anyapplications that use xulrunner, such as Epiphany, to effect the necessarychanges.Details follow:It was discovered that Firefox did not properly perform XUL garbagecollection. If a user were tricked into viewing a malicious website, aremote attacker could cause a denial of service or execute arbitrary codewith the privileges of the user invoking the program. This issue onlyaffected Ubuntu 8.04 LTS and 8.10. (CVE-2009-1044)A flaw was discovered in the way Firefox performed XSLT transformations.If a user were tricked into opening a crafted XSL stylesheet, an attackercould cause a denial of service or execute arbitrary code with theprivileges of the user invoking the program. (CVE-2009-1169)
More...
