CVE-2013-1055

Published: Apr 7, 2021

Modified: Sep 16, 2024

PUBLISHED

CVSS v3.1

4.3

MEDIUM

Description

The unity-firefox-extension package could be tricked into dropping a C callback which was still in use, which Firefox would then free, causing Firefox to crash. This could be achieved by adding an action to the launcher and updating it with new callbacks until the libunity-webapps rate limit was hit. Fixed in 3.0.0+14.04.20140416-0ubuntu1.14.04.1 of unity-firefox-extension and in all versions of libunity-webapps by shipping an empty unity-firefox-extension package, thus disabling the extension entirely and invalidating the attack against the libunity-webapps package.

Vendor	Product	Versions
Canonical	unity-firefox-extension	affected `3.0.0 - < 3.0.0+14.04.20140416-0ubuntu1.14.04.1`
Canonical	libunity-webapps	affected `2.5.0 - < 2.5.0~+14.04.20140409-0ubuntu1`

Weaknesses (CWE)

CWE-404

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

References

https://ubuntu.com/USN-2743-3

vendor-advisory

x_refsource_UBUNTU

https://launchpad.net/bugs/1175691

vendor-advisory

x_refsource_UBUNTU

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2013-1055

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References