The unity-firefox-extension package could be tricked into destroying the Unity webapps context, causing Firefox to crash. This could be achieved by spinning the event loop inside the webapps initialization callback. Fixed in 3.0.0+14.04.20140416-0ubuntu1.14.04.1 by shipping an empty package, thus disabling the extension entirely.
References
Link | Resource |
---|---|
https://launchpad.net/bugs/1175661 | Exploit Vendor Advisory |
https://ubuntu.com/USN-2743-3 | Vendor Advisory |
https://launchpad.net/bugs/1175661 | Exploit Vendor Advisory |
https://ubuntu.com/USN-2743-3 | Vendor Advisory |
Configurations
History
21 Nov 2024, 01:48
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 4.3
v3 : 4.3 |
References | () https://launchpad.net/bugs/1175661 - Exploit, Vendor Advisory | |
References | () https://ubuntu.com/USN-2743-3 - Vendor Advisory |
Information
Published : 2021-04-07 20:15
Updated : 2024-11-21 01:48
NVD link : CVE-2013-1054
Mitre link : CVE-2013-1054
CVE.ORG link : CVE-2013-1054
JSON object : View
Products Affected
canonical
- ubuntu_linux
- unity-firefox-extension
CWE
CWE-404
Improper Resource Shutdown or Release