CVE-2013-1055

Published on: 04/07/2021 12:00:00 AM UTC

Last Modified on: 04/07/2021 08:30:00 PM UTC

CVE-2013-1055 - advisory for https://ubuntu.com/USN-2743-3

Source: Mitre
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

The following vulnerability was found:

The unity-firefox-extension package could be tricked into dropping a C callback which was still in use, which Firefox would then free, causing Firefox to crash. This could be achieved by adding an action to the launcher and updating it with new callbacks until the libunity-webapps rate limit was hit. Fixed in 3.0.0+14.04.20140416-0ubuntu1.14.04.1 of unity-firefox-extension and in all versions of libunity-webapps by shipping an empty unity-firefox-extension package, thus disabling the extension entirely and invalidating the attack against the libunity-webapps package.

  • CVE-2013-1055 has been assigned by [email protected] to track the vulnerability
  • Affected Vendor/Software: Canonical - unity-firefox-extension version < 3.0.0+14.04.20140416-0ubuntu1.14.04.1
  • Affected Vendor/Software: Canonical - libunity-webapps version < 2.5.0~+14.04.20140409-0ubuntu1

CVE References

Description Tags Link
No Description Provided ubuntu.com

Inactive LinkNot Archived
URL Logo UBUNTU ubuntu.com/USN-2743-3
Bug #1175691 “Rate limit in libunity-webapps can be abused to ma...” : Bugs : unity-firefox-extension package : Ubuntu launchpad.net
text/html
URL Logo UBUNTU launchpad.net/bugs/1175691

Known Affected Software

Vendor Product Version
Canonical Unity-firefox-extension< 3.0.0+14.04.20140416-0ubuntu1.14.04.1
Canonical Libunity-webapps< 2.5.0~+14.04.20140409-0ubuntu1

Discovery Credit

Chris Coulson