36 hours ago
Let's assume an application in Ubuntu is compromised.
Since, by default, downloaded applications do not have root privileges, no major damage can occur. The worst a malicious hacker can possibly do is mess with non-system related files or folders, right?
However, can the non-privileged compromised application open other applications or programs within Ubuntu? For example, the Software Centre or the Terminal
Yes, any process running with the privileges of one user is allowed do anything that user is allowed to do herself.
As you correctly state, this is less of a problem, if that user doesn't have super-user privileges, which would allow him and any of her processes to modify the system configuration. Installing system-wide packages through a front-end like Software Center still requires super-user privileges.
For that reason, one should carefully choose which programs to run at elevated privileges.
29 hours ago
a lot of security holes allow "arbitrary code" and many applications, firefox for example, or vim, allow you to start external programs or a shell or other code. Once a malicious user gets a shell they can do damage without root access or they can try to escalate privileges.
This is where one would use something such as apparmor or selinux to prevent further damage.