CVE-2013-1054
Published: 7 April 2021
The unity-firefox-extension package could be tricked into destroying the Unity webapps context, causing Firefox to crash. This could be achieved by spinning the event loop inside the webapps initialization callback. Fixed in 3.0.0+14.04.20140416-0ubuntu1.14.04.1 by shipping an empty package, thus disabling the extension entirely.
Notes
Author | Note |
---|---|
mdeslaur | plugin was disabled by shipping empty packages |
Priority
Status
Package | Release | Status |
---|---|---|
unity-firefox-extension Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Does not exist
|
|
quantal |
Ignored
(end of life)
|
|
raring |
Ignored
(end of life)
|
|
saucy |
Ignored
(end of life)
|
|
trusty |
Released
(3.0.0+14.04.20140416-0ubuntu1.14.04.1)
|
|
upstream |
Needs triage
|
|
vivid |
Released
(3.0.0+14.04.20140416-0ubuntu1.15.04.1)
|
|
wily |
Does not exist
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 6.5 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | Required |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | None |
Availability impact | High |
Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |