Search criteria
ⓘ
Use full-text search for keyword queries.
Combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by dates instead of relevance.
4 vulnerabilities found for unity-firefox-extension by canonical
CVE-2013-1055 (GCVE-0-2013-1055)
Vulnerability from nvd – Published: 2021-04-07 19:20 – Updated: 2024-09-16 21:08
VLAI?
Title
Potential DoS through abuse of rate limit in libunity-webapps for Firefox
Summary
The unity-firefox-extension package could be tricked into dropping a C callback which was still in use, which Firefox would then free, causing Firefox to crash. This could be achieved by adding an action to the launcher and updating it with new callbacks until the libunity-webapps rate limit was hit. Fixed in 3.0.0+14.04.20140416-0ubuntu1.14.04.1 of unity-firefox-extension and in all versions of libunity-webapps by shipping an empty unity-firefox-extension package, thus disabling the extension entirely and invalidating the attack against the libunity-webapps package.
Severity ?
4.3 (Medium)
CWE
- CWE-404 - Improper Resource Shutdown or Release
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Canonical | unity-firefox-extension |
Affected:
3.0.0 , < 3.0.0+14.04.20140416-0ubuntu1.14.04.1
(custom)
|
|||||||
|
|||||||||
Date Public ?
2013-05-02 00:00
Credits
Chris Coulson
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:49:20.515Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://ubuntu.com/USN-2743-3"
},
{
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://launchpad.net/bugs/1175691"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "unity-firefox-extension",
"vendor": "Canonical",
"versions": [
{
"lessThan": "3.0.0+14.04.20140416-0ubuntu1.14.04.1",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
},
{
"product": "libunity-webapps",
"vendor": "Canonical",
"versions": [
{
"lessThan": "2.5.0~+14.04.20140409-0ubuntu1",
"status": "affected",
"version": "2.5.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Chris Coulson"
}
],
"datePublic": "2013-05-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The unity-firefox-extension package could be tricked into dropping a C callback which was still in use, which Firefox would then free, causing Firefox to crash. This could be achieved by adding an action to the launcher and updating it with new callbacks until the libunity-webapps rate limit was hit. Fixed in 3.0.0+14.04.20140416-0ubuntu1.14.04.1 of unity-firefox-extension and in all versions of libunity-webapps by shipping an empty unity-firefox-extension package, thus disabling the extension entirely and invalidating the attack against the libunity-webapps package."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "CWE-404 Improper Resource Shutdown or Release",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-07T19:20:18.000Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://ubuntu.com/USN-2743-3"
},
{
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://launchpad.net/bugs/1175691"
}
],
"source": {
"advisory": "https://ubuntu.com/USN-2743-3",
"defect": [
"https://launchpad.net/bugs/1175691"
],
"discovery": "INTERNAL"
},
"title": "Potential DoS through abuse of rate limit in libunity-webapps for Firefox",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2013-05-02T17:20:00.000Z",
"ID": "CVE-2013-1055",
"STATE": "PUBLIC",
"TITLE": "Potential DoS through abuse of rate limit in libunity-webapps for Firefox"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "unity-firefox-extension",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "\u003c",
"version_name": "3.0.0",
"version_value": "3.0.0+14.04.20140416-0ubuntu1.14.04.1"
}
]
}
},
{
"product_name": "libunity-webapps",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "\u003c",
"version_name": "2.5.0",
"version_value": "2.5.0~+14.04.20140409-0ubuntu1"
}
]
}
}
]
},
"vendor_name": "Canonical"
}
]
}
},
"configuration": [],
"credit": [
{
"lang": "eng",
"value": "Chris Coulson"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The unity-firefox-extension package could be tricked into dropping a C callback which was still in use, which Firefox would then free, causing Firefox to crash. This could be achieved by adding an action to the launcher and updating it with new callbacks until the libunity-webapps rate limit was hit. Fixed in 3.0.0+14.04.20140416-0ubuntu1.14.04.1 of unity-firefox-extension and in all versions of libunity-webapps by shipping an empty unity-firefox-extension package, thus disabling the extension entirely and invalidating the attack against the libunity-webapps package."
}
]
},
"exploit": [],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-404 Improper Resource Shutdown or Release"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ubuntu.com/USN-2743-3",
"refsource": "UBUNTU",
"url": "https://ubuntu.com/USN-2743-3"
},
{
"name": "https://launchpad.net/bugs/1175691",
"refsource": "UBUNTU",
"url": "https://launchpad.net/bugs/1175691"
}
]
},
"solution": [],
"source": {
"advisory": "https://ubuntu.com/USN-2743-3",
"defect": [
"https://launchpad.net/bugs/1175691"
],
"discovery": "INTERNAL"
},
"work_around": []
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2013-1055",
"datePublished": "2021-04-07T19:20:18.808Z",
"dateReserved": "2013-01-11T00:00:00.000Z",
"dateUpdated": "2024-09-16T21:08:08.783Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-1054 (GCVE-0-2013-1054)
Vulnerability from nvd – Published: 2021-04-07 19:20 – Updated: 2024-09-16 23:32
VLAI?
Title
Possible remote DOS in WebApps
Summary
The unity-firefox-extension package could be tricked into destroying the Unity webapps context, causing Firefox to crash. This could be achieved by spinning the event loop inside the webapps initialization callback. Fixed in 3.0.0+14.04.20140416-0ubuntu1.14.04.1 by shipping an empty package, thus disabling the extension entirely.
Severity ?
4.3 (Medium)
CWE
- CWE-404 - Improper Resource Shutdown or Release
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical | unity-firefox-extension |
Affected:
3.0.0 , < 3.0.0+14.04.20140416-0ubuntu1.14.04.1
(custom)
|
Date Public ?
2013-05-02 00:00
Credits
Chris Coulson
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:49:20.622Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://launchpad.net/bugs/1175661"
},
{
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://ubuntu.com/USN-2743-3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "unity-firefox-extension",
"vendor": "Canonical",
"versions": [
{
"lessThan": "3.0.0+14.04.20140416-0ubuntu1.14.04.1",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Chris Coulson"
}
],
"datePublic": "2013-05-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The unity-firefox-extension package could be tricked into destroying the Unity webapps context, causing Firefox to crash. This could be achieved by spinning the event loop inside the webapps initialization callback. Fixed in 3.0.0+14.04.20140416-0ubuntu1.14.04.1 by shipping an empty package, thus disabling the extension entirely."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "CWE-404 Improper Resource Shutdown or Release",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-07T19:20:18.000Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://launchpad.net/bugs/1175661"
},
{
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://ubuntu.com/USN-2743-3"
}
],
"source": {
"advisory": "https://ubuntu.com/USN-2743-3",
"defect": [
"https://launchpad.net/bugs/1175661"
],
"discovery": "INTERNAL"
},
"title": "Possible remote DOS in WebApps",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2013-05-02T15:56:00.000Z",
"ID": "CVE-2013-1054",
"STATE": "PUBLIC",
"TITLE": "Possible remote DOS in WebApps"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "unity-firefox-extension",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "\u003c",
"version_name": "3.0.0",
"version_value": "3.0.0+14.04.20140416-0ubuntu1.14.04.1"
}
]
}
}
]
},
"vendor_name": "Canonical"
}
]
}
},
"configuration": [],
"credit": [
{
"lang": "eng",
"value": "Chris Coulson"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The unity-firefox-extension package could be tricked into destroying the Unity webapps context, causing Firefox to crash. This could be achieved by spinning the event loop inside the webapps initialization callback. Fixed in 3.0.0+14.04.20140416-0ubuntu1.14.04.1 by shipping an empty package, thus disabling the extension entirely."
}
]
},
"exploit": [],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-404 Improper Resource Shutdown or Release"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://launchpad.net/bugs/1175661",
"refsource": "UBUNTU",
"url": "https://launchpad.net/bugs/1175661"
},
{
"name": "https://ubuntu.com/USN-2743-3",
"refsource": "UBUNTU",
"url": "https://ubuntu.com/USN-2743-3"
}
]
},
"solution": [],
"source": {
"advisory": "https://ubuntu.com/USN-2743-3",
"defect": [
"https://launchpad.net/bugs/1175661"
],
"discovery": "INTERNAL"
},
"work_around": []
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2013-1054",
"datePublished": "2021-04-07T19:20:18.126Z",
"dateReserved": "2013-01-11T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:32:01.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-1055 (GCVE-0-2013-1055)
Vulnerability from cvelistv5 – Published: 2021-04-07 19:20 – Updated: 2024-09-16 21:08
VLAI?
Title
Potential DoS through abuse of rate limit in libunity-webapps for Firefox
Summary
The unity-firefox-extension package could be tricked into dropping a C callback which was still in use, which Firefox would then free, causing Firefox to crash. This could be achieved by adding an action to the launcher and updating it with new callbacks until the libunity-webapps rate limit was hit. Fixed in 3.0.0+14.04.20140416-0ubuntu1.14.04.1 of unity-firefox-extension and in all versions of libunity-webapps by shipping an empty unity-firefox-extension package, thus disabling the extension entirely and invalidating the attack against the libunity-webapps package.
Severity ?
4.3 (Medium)
CWE
- CWE-404 - Improper Resource Shutdown or Release
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Canonical | unity-firefox-extension |
Affected:
3.0.0 , < 3.0.0+14.04.20140416-0ubuntu1.14.04.1
(custom)
|
|||||||
|
|||||||||
Date Public ?
2013-05-02 00:00
Credits
Chris Coulson
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:49:20.515Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://ubuntu.com/USN-2743-3"
},
{
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://launchpad.net/bugs/1175691"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "unity-firefox-extension",
"vendor": "Canonical",
"versions": [
{
"lessThan": "3.0.0+14.04.20140416-0ubuntu1.14.04.1",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
},
{
"product": "libunity-webapps",
"vendor": "Canonical",
"versions": [
{
"lessThan": "2.5.0~+14.04.20140409-0ubuntu1",
"status": "affected",
"version": "2.5.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Chris Coulson"
}
],
"datePublic": "2013-05-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The unity-firefox-extension package could be tricked into dropping a C callback which was still in use, which Firefox would then free, causing Firefox to crash. This could be achieved by adding an action to the launcher and updating it with new callbacks until the libunity-webapps rate limit was hit. Fixed in 3.0.0+14.04.20140416-0ubuntu1.14.04.1 of unity-firefox-extension and in all versions of libunity-webapps by shipping an empty unity-firefox-extension package, thus disabling the extension entirely and invalidating the attack against the libunity-webapps package."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "CWE-404 Improper Resource Shutdown or Release",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-07T19:20:18.000Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://ubuntu.com/USN-2743-3"
},
{
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://launchpad.net/bugs/1175691"
}
],
"source": {
"advisory": "https://ubuntu.com/USN-2743-3",
"defect": [
"https://launchpad.net/bugs/1175691"
],
"discovery": "INTERNAL"
},
"title": "Potential DoS through abuse of rate limit in libunity-webapps for Firefox",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2013-05-02T17:20:00.000Z",
"ID": "CVE-2013-1055",
"STATE": "PUBLIC",
"TITLE": "Potential DoS through abuse of rate limit in libunity-webapps for Firefox"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "unity-firefox-extension",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "\u003c",
"version_name": "3.0.0",
"version_value": "3.0.0+14.04.20140416-0ubuntu1.14.04.1"
}
]
}
},
{
"product_name": "libunity-webapps",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "\u003c",
"version_name": "2.5.0",
"version_value": "2.5.0~+14.04.20140409-0ubuntu1"
}
]
}
}
]
},
"vendor_name": "Canonical"
}
]
}
},
"configuration": [],
"credit": [
{
"lang": "eng",
"value": "Chris Coulson"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The unity-firefox-extension package could be tricked into dropping a C callback which was still in use, which Firefox would then free, causing Firefox to crash. This could be achieved by adding an action to the launcher and updating it with new callbacks until the libunity-webapps rate limit was hit. Fixed in 3.0.0+14.04.20140416-0ubuntu1.14.04.1 of unity-firefox-extension and in all versions of libunity-webapps by shipping an empty unity-firefox-extension package, thus disabling the extension entirely and invalidating the attack against the libunity-webapps package."
}
]
},
"exploit": [],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-404 Improper Resource Shutdown or Release"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ubuntu.com/USN-2743-3",
"refsource": "UBUNTU",
"url": "https://ubuntu.com/USN-2743-3"
},
{
"name": "https://launchpad.net/bugs/1175691",
"refsource": "UBUNTU",
"url": "https://launchpad.net/bugs/1175691"
}
]
},
"solution": [],
"source": {
"advisory": "https://ubuntu.com/USN-2743-3",
"defect": [
"https://launchpad.net/bugs/1175691"
],
"discovery": "INTERNAL"
},
"work_around": []
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2013-1055",
"datePublished": "2021-04-07T19:20:18.808Z",
"dateReserved": "2013-01-11T00:00:00.000Z",
"dateUpdated": "2024-09-16T21:08:08.783Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-1054 (GCVE-0-2013-1054)
Vulnerability from cvelistv5 – Published: 2021-04-07 19:20 – Updated: 2024-09-16 23:32
VLAI?
Title
Possible remote DOS in WebApps
Summary
The unity-firefox-extension package could be tricked into destroying the Unity webapps context, causing Firefox to crash. This could be achieved by spinning the event loop inside the webapps initialization callback. Fixed in 3.0.0+14.04.20140416-0ubuntu1.14.04.1 by shipping an empty package, thus disabling the extension entirely.
Severity ?
4.3 (Medium)
CWE
- CWE-404 - Improper Resource Shutdown or Release
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical | unity-firefox-extension |
Affected:
3.0.0 , < 3.0.0+14.04.20140416-0ubuntu1.14.04.1
(custom)
|
Date Public ?
2013-05-02 00:00
Credits
Chris Coulson
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:49:20.622Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://launchpad.net/bugs/1175661"
},
{
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://ubuntu.com/USN-2743-3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "unity-firefox-extension",
"vendor": "Canonical",
"versions": [
{
"lessThan": "3.0.0+14.04.20140416-0ubuntu1.14.04.1",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Chris Coulson"
}
],
"datePublic": "2013-05-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The unity-firefox-extension package could be tricked into destroying the Unity webapps context, causing Firefox to crash. This could be achieved by spinning the event loop inside the webapps initialization callback. Fixed in 3.0.0+14.04.20140416-0ubuntu1.14.04.1 by shipping an empty package, thus disabling the extension entirely."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "CWE-404 Improper Resource Shutdown or Release",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-07T19:20:18.000Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://launchpad.net/bugs/1175661"
},
{
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://ubuntu.com/USN-2743-3"
}
],
"source": {
"advisory": "https://ubuntu.com/USN-2743-3",
"defect": [
"https://launchpad.net/bugs/1175661"
],
"discovery": "INTERNAL"
},
"title": "Possible remote DOS in WebApps",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2013-05-02T15:56:00.000Z",
"ID": "CVE-2013-1054",
"STATE": "PUBLIC",
"TITLE": "Possible remote DOS in WebApps"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "unity-firefox-extension",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "\u003c",
"version_name": "3.0.0",
"version_value": "3.0.0+14.04.20140416-0ubuntu1.14.04.1"
}
]
}
}
]
},
"vendor_name": "Canonical"
}
]
}
},
"configuration": [],
"credit": [
{
"lang": "eng",
"value": "Chris Coulson"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The unity-firefox-extension package could be tricked into destroying the Unity webapps context, causing Firefox to crash. This could be achieved by spinning the event loop inside the webapps initialization callback. Fixed in 3.0.0+14.04.20140416-0ubuntu1.14.04.1 by shipping an empty package, thus disabling the extension entirely."
}
]
},
"exploit": [],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-404 Improper Resource Shutdown or Release"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://launchpad.net/bugs/1175661",
"refsource": "UBUNTU",
"url": "https://launchpad.net/bugs/1175661"
},
{
"name": "https://ubuntu.com/USN-2743-3",
"refsource": "UBUNTU",
"url": "https://ubuntu.com/USN-2743-3"
}
]
},
"solution": [],
"source": {
"advisory": "https://ubuntu.com/USN-2743-3",
"defect": [
"https://launchpad.net/bugs/1175661"
],
"discovery": "INTERNAL"
},
"work_around": []
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2013-1054",
"datePublished": "2021-04-07T19:20:18.126Z",
"dateReserved": "2013-01-11T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:32:01.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}