The holes were found in the Qt software which could allow the hacker to view users information.Canonical found that Qt allowed redirecting
requests from http to file schemes. If an attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive
information. This issue only affected Ubuntu 11.10, Ubuntu 12.04 LTS, and Ubuntu 12.10
Canonical also discovered the vulnerability in jQuery incorrectly handling of selecting elements using location.hash, resulting in a possible cross-site scripting (XSS) . With cross-site scripting vulnerabilities, if a user were tricked into viewing a specially crafted page, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain.
Ubuntu has released the latest updates to fix the issues.