Vulnerability Description
The unity-firefox-extension package could be tricked into dropping a C callback which was still in use, which Firefox would then free, causing Firefox to crash. This could be achieved by adding an action to the launcher and updating it with new callbacks until the libunity-webapps rate limit was hit. Fixed in 3.0.0+14.04.20140416-0ubuntu1.14.04.1 of unity-firefox-extension and in all versions of libunity-webapps by shipping an empty unity-firefox-extension package, thus disabling the extension entirely and invalidating the attack against the libunity-webapps package.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Canonical | Unity-Firefox-Extension | < 3.0.0\+14.04.20140416-0ubuntu1.14.04.1 |
| Canonical | Ubuntu Linux | 14.04 |
Related Weaknesses (CWE)
References
- https://launchpad.net/bugs/1175691ExploitVendor Advisory
- https://ubuntu.com/USN-2743-3Vendor Advisory
- https://launchpad.net/bugs/1175691ExploitVendor Advisory
- https://ubuntu.com/USN-2743-3Vendor Advisory
FAQ
What is CVE-2013-1055?
CVE-2013-1055 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The unity-firefox-extension package could be tricked into dropping a C callback which was still in use, which Firefox would then free, causing Firefox to crash. This could be achieved by adding an act...
How severe is CVE-2013-1055?
CVE-2013-1055 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-1055?
Check the references section above for vendor advisories and patch information. Affected products include: Canonical Unity-Firefox-Extension, Canonical Ubuntu Linux.