CVE-2013-1054

The unity-firefox-extension package could be tricked into destroying the Unity webapps context, causing Firefox to crash. This could be achieved by spinning the event loop inside the webapps initialization callback. Fixed in 3.0.0+14.04.20140416-0ubuntu1.14.04.1 by shipping an empty package, thus disabling the extension entirely.

Published: Apr 7, 2021
Updated: Apr 13, 2023
CVE: CVE-2013-1054
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:N/A:P

CWEs:

CWE-404

Affected Software
References

Software	From	Fixed in
canonical / unity-firefox-extension	-	3.0.0\+14.04.20140416-0ubuntu1.14.04.1
canonical / ubuntu_linux	15.04	15.04.x
canonical / ubuntu_linux	14.04	14.04.x

https://launchpad.net/bugs/1175661
https://ubuntu.com/USN-2743-3

Vulnerability Database

289,689

CVE-2013-1054