Referenced CVEs:
CVE-2008-2785, CVE-2008-2933
Description:
=========================================================== Ubuntu Security Notice USN-623-1 July 17, 2008 firefox vulnerabilities CVE-2008-2785, CVE-2008-2933 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: firefox 1.5.dfsg+1.5.0.15~prepatch080614d-0ubuntu1 Ubuntu 7.04: firefox 2.0.0.16+0nobinonly-0ubuntu0.7.4 Ubuntu 7.10: firefox 2.0.0.16+1nobinonly-0ubuntu0.7.10 After a standard system upgrade you need to restart Firefox to effect the necessary changes. Details follow: A flaw was discovered in the browser engine. A variable could be made to overflow causing the browser to crash. If a user were tricked into opening a malicious web page, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-2785) Billy Rios discovered that Firefox did not properly perform URI splitting with pipe symbols when passed a command-line URI. If Firefox were passed a malicious URL, an attacker may be able to execute local content with chrome privileges. (CVE-2008-2933)
More...
