The unity-firefox-extension package could be tricked into dropping a C callback which was still in use, which Firefox would then free, causing Firefox to crash. This could be achieved by adding an action to the launcher and updating it with new callbacks until the libunity-webapps rate limit was hit. Fixed in 3.0.0+14.04.20140416-0ubuntu1.14.04.1 of unity-firefox-extension and in all versions of libunity-webapps by shipping an empty unity-firefox-extension package, thus disabling the extension entirely and invalidating the attack against the libunity-webapps package.
References
Link | Resource |
---|---|
https://launchpad.net/bugs/1175691 | Exploit Vendor Advisory |
https://ubuntu.com/USN-2743-3 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: canonical
Published: 2013-05-02T00:00:00
Updated: 2021-04-07T19:20:18
Reserved: 2013-01-11T00:00:00
Link: CVE-2013-1055
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-04-07T20:15:13.090
Modified: 2021-04-20T19:21:11.393
Link: CVE-2013-1055
JSON object: View
Redhat Information
No data.
CWE