Vulnerability Description
The unity-firefox-extension package could be tricked into destroying the Unity webapps context, causing Firefox to crash. This could be achieved by spinning the event loop inside the webapps initialization callback. Fixed in 3.0.0+14.04.20140416-0ubuntu1.14.04.1 by shipping an empty package, thus disabling the extension entirely.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Canonical | Unity-Firefox-Extension | < 3.0.0\+14.04.20140416-0ubuntu1.14.04.1 |
| Canonical | Ubuntu Linux | 14.04 |
Related Weaknesses (CWE)
References
- https://launchpad.net/bugs/1175661ExploitVendor Advisory
- https://ubuntu.com/USN-2743-3Vendor Advisory
- https://launchpad.net/bugs/1175661ExploitVendor Advisory
- https://ubuntu.com/USN-2743-3Vendor Advisory
FAQ
What is CVE-2013-1054?
CVE-2013-1054 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The unity-firefox-extension package could be tricked into destroying the Unity webapps context, causing Firefox to crash. This could be achieved by spinning the event loop inside the webapps initializ...
How severe is CVE-2013-1054?
CVE-2013-1054 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-1054?
Check the references section above for vendor advisories and patch information. Affected products include: Canonical Unity-Firefox-Extension, Canonical Ubuntu Linux.