Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for unity-firefox-extension by Canonical

    CVE-2013-1055 (GCVE-0-2013-1055)

    Vulnerability from nvd – Published: 2021-04-07 19:20 – Updated: 2024-09-16 21:08
    VLAI
    Title
    Potential DoS through abuse of rate limit in libunity-webapps for Firefox
    Summary
    The unity-firefox-extension package could be tricked into dropping a C callback which was still in use, which Firefox would then free, causing Firefox to crash. This could be achieved by adding an action to the launcher and updating it with new callbacks until the libunity-webapps rate limit was hit. Fixed in 3.0.0+14.04.20140416-0ubuntu1.14.04.1 of unity-firefox-extension and in all versions of libunity-webapps by shipping an empty unity-firefox-extension package, thus disabling the extension entirely and invalidating the attack against the libunity-webapps package.
    CWE
    • CWE-404 - Improper Resource Shutdown or Release
    Assigner
    References
    URL Tags
    https://ubuntu.com/USN-2743-3 vendor-advisoryx_refsource_UBUNTU
    https://launchpad.net/bugs/1175691 vendor-advisoryx_refsource_UBUNTU
    Impacted products
    Vendor Product Version
    Canonical unity-firefox-extension Affected: 3.0.0 , < 3.0.0+14.04.20140416-0ubuntu1.14.04.1 (custom)
    Create a notification for this product.
    Canonical libunity-webapps Affected: 2.5.0 , < 2.5.0~+14.04.20140409-0ubuntu1 (custom)
    Create a notification for this product.
    Date Public
    2013-05-02 00:00
    Credits
    Chris Coulson
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T14:49:20.515Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://ubuntu.com/USN-2743-3"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://launchpad.net/bugs/1175691"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "unity-firefox-extension",
              "vendor": "Canonical",
              "versions": [
                {
                  "lessThan": "3.0.0+14.04.20140416-0ubuntu1.14.04.1",
                  "status": "affected",
                  "version": "3.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "libunity-webapps",
              "vendor": "Canonical",
              "versions": [
                {
                  "lessThan": "2.5.0~+14.04.20140409-0ubuntu1",
                  "status": "affected",
                  "version": "2.5.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Chris Coulson"
            }
          ],
          "datePublic": "2013-05-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The unity-firefox-extension package could be tricked into dropping a C callback which was still in use, which Firefox would then free, causing Firefox to crash. This could be achieved by adding an action to the launcher and updating it with new callbacks until the libunity-webapps rate limit was hit. Fixed in 3.0.0+14.04.20140416-0ubuntu1.14.04.1 of unity-firefox-extension and in all versions of libunity-webapps by shipping an empty unity-firefox-extension package, thus disabling the extension entirely and invalidating the attack against the libunity-webapps package."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-404",
                  "description": "CWE-404 Improper Resource Shutdown or Release",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-04-07T19:20:18.000Z",
            "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
            "shortName": "canonical"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://ubuntu.com/USN-2743-3"
            },
            {
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://launchpad.net/bugs/1175691"
            }
          ],
          "source": {
            "advisory": "https://ubuntu.com/USN-2743-3",
            "defect": [
              "https://launchpad.net/bugs/1175691"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Potential DoS through abuse of rate limit in libunity-webapps for Firefox",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "AKA": "",
              "ASSIGNER": "security@ubuntu.com",
              "DATE_PUBLIC": "2013-05-02T17:20:00.000Z",
              "ID": "CVE-2013-1055",
              "STATE": "PUBLIC",
              "TITLE": "Potential DoS through abuse of rate limit in libunity-webapps for Firefox"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "unity-firefox-extension",
                          "version": {
                            "version_data": [
                              {
                                "platform": "",
                                "version_affected": "\u003c",
                                "version_name": "3.0.0",
                                "version_value": "3.0.0+14.04.20140416-0ubuntu1.14.04.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "libunity-webapps",
                          "version": {
                            "version_data": [
                              {
                                "platform": "",
                                "version_affected": "\u003c",
                                "version_name": "2.5.0",
                                "version_value": "2.5.0~+14.04.20140409-0ubuntu1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Canonical"
                  }
                ]
              }
            },
            "configuration": [],
            "credit": [
              {
                "lang": "eng",
                "value": "Chris Coulson"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The unity-firefox-extension package could be tricked into dropping a C callback which was still in use, which Firefox would then free, causing Firefox to crash. This could be achieved by adding an action to the launcher and updating it with new callbacks until the libunity-webapps rate limit was hit. Fixed in 3.0.0+14.04.20140416-0ubuntu1.14.04.1 of unity-firefox-extension and in all versions of libunity-webapps by shipping an empty unity-firefox-extension package, thus disabling the extension entirely and invalidating the attack against the libunity-webapps package."
                }
              ]
            },
            "exploit": [],
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-404 Improper Resource Shutdown or Release"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ubuntu.com/USN-2743-3",
                  "refsource": "UBUNTU",
                  "url": "https://ubuntu.com/USN-2743-3"
                },
                {
                  "name": "https://launchpad.net/bugs/1175691",
                  "refsource": "UBUNTU",
                  "url": "https://launchpad.net/bugs/1175691"
                }
              ]
            },
            "solution": [],
            "source": {
              "advisory": "https://ubuntu.com/USN-2743-3",
              "defect": [
                "https://launchpad.net/bugs/1175691"
              ],
              "discovery": "INTERNAL"
            },
            "work_around": []
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "assignerShortName": "canonical",
        "cveId": "CVE-2013-1055",
        "datePublished": "2021-04-07T19:20:18.808Z",
        "dateReserved": "2013-01-11T00:00:00.000Z",
        "dateUpdated": "2024-09-16T21:08:08.783Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-1054 (GCVE-0-2013-1054)

    Vulnerability from nvd – Published: 2021-04-07 19:20 – Updated: 2024-09-16 23:32
    VLAI
    Title
    Possible remote DOS in WebApps
    Summary
    The unity-firefox-extension package could be tricked into destroying the Unity webapps context, causing Firefox to crash. This could be achieved by spinning the event loop inside the webapps initialization callback. Fixed in 3.0.0+14.04.20140416-0ubuntu1.14.04.1 by shipping an empty package, thus disabling the extension entirely.
    CWE
    • CWE-404 - Improper Resource Shutdown or Release
    Assigner
    References
    URL Tags
    https://launchpad.net/bugs/1175661 vendor-advisoryx_refsource_UBUNTU
    https://ubuntu.com/USN-2743-3 vendor-advisoryx_refsource_UBUNTU
    Impacted products
    Vendor Product Version
    Canonical unity-firefox-extension Affected: 3.0.0 , < 3.0.0+14.04.20140416-0ubuntu1.14.04.1 (custom)
    Create a notification for this product.
    Date Public
    2013-05-02 00:00
    Credits
    Chris Coulson
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T14:49:20.622Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://launchpad.net/bugs/1175661"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://ubuntu.com/USN-2743-3"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "unity-firefox-extension",
              "vendor": "Canonical",
              "versions": [
                {
                  "lessThan": "3.0.0+14.04.20140416-0ubuntu1.14.04.1",
                  "status": "affected",
                  "version": "3.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Chris Coulson"
            }
          ],
          "datePublic": "2013-05-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The unity-firefox-extension package could be tricked into destroying the Unity webapps context, causing Firefox to crash. This could be achieved by spinning the event loop inside the webapps initialization callback. Fixed in 3.0.0+14.04.20140416-0ubuntu1.14.04.1 by shipping an empty package, thus disabling the extension entirely."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-404",
                  "description": "CWE-404 Improper Resource Shutdown or Release",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-04-07T19:20:18.000Z",
            "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
            "shortName": "canonical"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://launchpad.net/bugs/1175661"
            },
            {
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://ubuntu.com/USN-2743-3"
            }
          ],
          "source": {
            "advisory": "https://ubuntu.com/USN-2743-3",
            "defect": [
              "https://launchpad.net/bugs/1175661"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Possible remote DOS in WebApps",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "AKA": "",
              "ASSIGNER": "security@ubuntu.com",
              "DATE_PUBLIC": "2013-05-02T15:56:00.000Z",
              "ID": "CVE-2013-1054",
              "STATE": "PUBLIC",
              "TITLE": "Possible remote DOS in WebApps"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "unity-firefox-extension",
                          "version": {
                            "version_data": [
                              {
                                "platform": "",
                                "version_affected": "\u003c",
                                "version_name": "3.0.0",
                                "version_value": "3.0.0+14.04.20140416-0ubuntu1.14.04.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Canonical"
                  }
                ]
              }
            },
            "configuration": [],
            "credit": [
              {
                "lang": "eng",
                "value": "Chris Coulson"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The unity-firefox-extension package could be tricked into destroying the Unity webapps context, causing Firefox to crash. This could be achieved by spinning the event loop inside the webapps initialization callback. Fixed in 3.0.0+14.04.20140416-0ubuntu1.14.04.1 by shipping an empty package, thus disabling the extension entirely."
                }
              ]
            },
            "exploit": [],
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-404 Improper Resource Shutdown or Release"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://launchpad.net/bugs/1175661",
                  "refsource": "UBUNTU",
                  "url": "https://launchpad.net/bugs/1175661"
                },
                {
                  "name": "https://ubuntu.com/USN-2743-3",
                  "refsource": "UBUNTU",
                  "url": "https://ubuntu.com/USN-2743-3"
                }
              ]
            },
            "solution": [],
            "source": {
              "advisory": "https://ubuntu.com/USN-2743-3",
              "defect": [
                "https://launchpad.net/bugs/1175661"
              ],
              "discovery": "INTERNAL"
            },
            "work_around": []
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "assignerShortName": "canonical",
        "cveId": "CVE-2013-1054",
        "datePublished": "2021-04-07T19:20:18.126Z",
        "dateReserved": "2013-01-11T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:32:01.687Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-1055 (GCVE-0-2013-1055)

    Vulnerability from cvelistv5 – Published: 2021-04-07 19:20 – Updated: 2024-09-16 21:08
    VLAI
    Title
    Potential DoS through abuse of rate limit in libunity-webapps for Firefox
    Summary
    The unity-firefox-extension package could be tricked into dropping a C callback which was still in use, which Firefox would then free, causing Firefox to crash. This could be achieved by adding an action to the launcher and updating it with new callbacks until the libunity-webapps rate limit was hit. Fixed in 3.0.0+14.04.20140416-0ubuntu1.14.04.1 of unity-firefox-extension and in all versions of libunity-webapps by shipping an empty unity-firefox-extension package, thus disabling the extension entirely and invalidating the attack against the libunity-webapps package.
    CWE
    • CWE-404 - Improper Resource Shutdown or Release
    Assigner
    References
    URL Tags
    https://ubuntu.com/USN-2743-3 vendor-advisoryx_refsource_UBUNTU
    https://launchpad.net/bugs/1175691 vendor-advisoryx_refsource_UBUNTU
    Impacted products
    Vendor Product Version
    Canonical unity-firefox-extension Affected: 3.0.0 , < 3.0.0+14.04.20140416-0ubuntu1.14.04.1 (custom)
    Create a notification for this product.
    Canonical libunity-webapps Affected: 2.5.0 , < 2.5.0~+14.04.20140409-0ubuntu1 (custom)
    Create a notification for this product.
    Date Public
    2013-05-02 00:00
    Credits
    Chris Coulson
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T14:49:20.515Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://ubuntu.com/USN-2743-3"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://launchpad.net/bugs/1175691"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "unity-firefox-extension",
              "vendor": "Canonical",
              "versions": [
                {
                  "lessThan": "3.0.0+14.04.20140416-0ubuntu1.14.04.1",
                  "status": "affected",
                  "version": "3.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "libunity-webapps",
              "vendor": "Canonical",
              "versions": [
                {
                  "lessThan": "2.5.0~+14.04.20140409-0ubuntu1",
                  "status": "affected",
                  "version": "2.5.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Chris Coulson"
            }
          ],
          "datePublic": "2013-05-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The unity-firefox-extension package could be tricked into dropping a C callback which was still in use, which Firefox would then free, causing Firefox to crash. This could be achieved by adding an action to the launcher and updating it with new callbacks until the libunity-webapps rate limit was hit. Fixed in 3.0.0+14.04.20140416-0ubuntu1.14.04.1 of unity-firefox-extension and in all versions of libunity-webapps by shipping an empty unity-firefox-extension package, thus disabling the extension entirely and invalidating the attack against the libunity-webapps package."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-404",
                  "description": "CWE-404 Improper Resource Shutdown or Release",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-04-07T19:20:18.000Z",
            "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
            "shortName": "canonical"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://ubuntu.com/USN-2743-3"
            },
            {
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://launchpad.net/bugs/1175691"
            }
          ],
          "source": {
            "advisory": "https://ubuntu.com/USN-2743-3",
            "defect": [
              "https://launchpad.net/bugs/1175691"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Potential DoS through abuse of rate limit in libunity-webapps for Firefox",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "AKA": "",
              "ASSIGNER": "security@ubuntu.com",
              "DATE_PUBLIC": "2013-05-02T17:20:00.000Z",
              "ID": "CVE-2013-1055",
              "STATE": "PUBLIC",
              "TITLE": "Potential DoS through abuse of rate limit in libunity-webapps for Firefox"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "unity-firefox-extension",
                          "version": {
                            "version_data": [
                              {
                                "platform": "",
                                "version_affected": "\u003c",
                                "version_name": "3.0.0",
                                "version_value": "3.0.0+14.04.20140416-0ubuntu1.14.04.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "libunity-webapps",
                          "version": {
                            "version_data": [
                              {
                                "platform": "",
                                "version_affected": "\u003c",
                                "version_name": "2.5.0",
                                "version_value": "2.5.0~+14.04.20140409-0ubuntu1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Canonical"
                  }
                ]
              }
            },
            "configuration": [],
            "credit": [
              {
                "lang": "eng",
                "value": "Chris Coulson"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The unity-firefox-extension package could be tricked into dropping a C callback which was still in use, which Firefox would then free, causing Firefox to crash. This could be achieved by adding an action to the launcher and updating it with new callbacks until the libunity-webapps rate limit was hit. Fixed in 3.0.0+14.04.20140416-0ubuntu1.14.04.1 of unity-firefox-extension and in all versions of libunity-webapps by shipping an empty unity-firefox-extension package, thus disabling the extension entirely and invalidating the attack against the libunity-webapps package."
                }
              ]
            },
            "exploit": [],
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-404 Improper Resource Shutdown or Release"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ubuntu.com/USN-2743-3",
                  "refsource": "UBUNTU",
                  "url": "https://ubuntu.com/USN-2743-3"
                },
                {
                  "name": "https://launchpad.net/bugs/1175691",
                  "refsource": "UBUNTU",
                  "url": "https://launchpad.net/bugs/1175691"
                }
              ]
            },
            "solution": [],
            "source": {
              "advisory": "https://ubuntu.com/USN-2743-3",
              "defect": [
                "https://launchpad.net/bugs/1175691"
              ],
              "discovery": "INTERNAL"
            },
            "work_around": []
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "assignerShortName": "canonical",
        "cveId": "CVE-2013-1055",
        "datePublished": "2021-04-07T19:20:18.808Z",
        "dateReserved": "2013-01-11T00:00:00.000Z",
        "dateUpdated": "2024-09-16T21:08:08.783Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-1054 (GCVE-0-2013-1054)

    Vulnerability from cvelistv5 – Published: 2021-04-07 19:20 – Updated: 2024-09-16 23:32
    VLAI
    Title
    Possible remote DOS in WebApps
    Summary
    The unity-firefox-extension package could be tricked into destroying the Unity webapps context, causing Firefox to crash. This could be achieved by spinning the event loop inside the webapps initialization callback. Fixed in 3.0.0+14.04.20140416-0ubuntu1.14.04.1 by shipping an empty package, thus disabling the extension entirely.
    CWE
    • CWE-404 - Improper Resource Shutdown or Release
    Assigner
    References
    URL Tags
    https://launchpad.net/bugs/1175661 vendor-advisoryx_refsource_UBUNTU
    https://ubuntu.com/USN-2743-3 vendor-advisoryx_refsource_UBUNTU
    Impacted products
    Vendor Product Version
    Canonical unity-firefox-extension Affected: 3.0.0 , < 3.0.0+14.04.20140416-0ubuntu1.14.04.1 (custom)
    Create a notification for this product.
    Date Public
    2013-05-02 00:00
    Credits
    Chris Coulson
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T14:49:20.622Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://launchpad.net/bugs/1175661"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://ubuntu.com/USN-2743-3"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "unity-firefox-extension",
              "vendor": "Canonical",
              "versions": [
                {
                  "lessThan": "3.0.0+14.04.20140416-0ubuntu1.14.04.1",
                  "status": "affected",
                  "version": "3.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Chris Coulson"
            }
          ],
          "datePublic": "2013-05-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The unity-firefox-extension package could be tricked into destroying the Unity webapps context, causing Firefox to crash. This could be achieved by spinning the event loop inside the webapps initialization callback. Fixed in 3.0.0+14.04.20140416-0ubuntu1.14.04.1 by shipping an empty package, thus disabling the extension entirely."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-404",
                  "description": "CWE-404 Improper Resource Shutdown or Release",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-04-07T19:20:18.000Z",
            "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
            "shortName": "canonical"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://launchpad.net/bugs/1175661"
            },
            {
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://ubuntu.com/USN-2743-3"
            }
          ],
          "source": {
            "advisory": "https://ubuntu.com/USN-2743-3",
            "defect": [
              "https://launchpad.net/bugs/1175661"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Possible remote DOS in WebApps",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "AKA": "",
              "ASSIGNER": "security@ubuntu.com",
              "DATE_PUBLIC": "2013-05-02T15:56:00.000Z",
              "ID": "CVE-2013-1054",
              "STATE": "PUBLIC",
              "TITLE": "Possible remote DOS in WebApps"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "unity-firefox-extension",
                          "version": {
                            "version_data": [
                              {
                                "platform": "",
                                "version_affected": "\u003c",
                                "version_name": "3.0.0",
                                "version_value": "3.0.0+14.04.20140416-0ubuntu1.14.04.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Canonical"
                  }
                ]
              }
            },
            "configuration": [],
            "credit": [
              {
                "lang": "eng",
                "value": "Chris Coulson"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The unity-firefox-extension package could be tricked into destroying the Unity webapps context, causing Firefox to crash. This could be achieved by spinning the event loop inside the webapps initialization callback. Fixed in 3.0.0+14.04.20140416-0ubuntu1.14.04.1 by shipping an empty package, thus disabling the extension entirely."
                }
              ]
            },
            "exploit": [],
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-404 Improper Resource Shutdown or Release"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://launchpad.net/bugs/1175661",
                  "refsource": "UBUNTU",
                  "url": "https://launchpad.net/bugs/1175661"
                },
                {
                  "name": "https://ubuntu.com/USN-2743-3",
                  "refsource": "UBUNTU",
                  "url": "https://ubuntu.com/USN-2743-3"
                }
              ]
            },
            "solution": [],
            "source": {
              "advisory": "https://ubuntu.com/USN-2743-3",
              "defect": [
                "https://launchpad.net/bugs/1175661"
              ],
              "discovery": "INTERNAL"
            },
            "work_around": []
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "assignerShortName": "canonical",
        "cveId": "CVE-2013-1054",
        "datePublished": "2021-04-07T19:20:18.126Z",
        "dateReserved": "2013-01-11T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:32:01.687Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }