CVE-2013-1055
Last modified
CVE-2013-1055 is a medium-severity vulnerability rated 4.3/10 on the CVSS scale. The unity-firefox-extension package could be tricked into dropping a C callback which was still in use, which Firefox would then free, causing Firefox to crash. This could be achieved by adding an action to the launcher and updating it with new callbacks until the libunity-webapps rate limit was hit. EPSS estimates a 1.27% chance of exploitation in the next 30 days.
Description
The unity-firefox-extension package could be tricked into dropping a C callback which was still in use, which Firefox would then free, causing Firefox to crash. This could be achieved by adding an action to the launcher and updating it with new callbacks until the libunity-webapps rate limit was hit. Fixed in 3.0.0+14.04.20140416-0ubuntu1.14.04.1 of unity-firefox-extension and in all versions of libunity-webapps by shipping an empty unity-firefox-extension package, thus disabling the extension entirely and invalidating the attack against the libunity-webapps package.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Canonical | Unity-Firefox-Extension | < 3.0.0\+14.04.20140416-0ubuntu1.14.04.1 |
| Canonical | Ubuntu Linux | 14.04 |
| Canonical | Ubuntu Linux | 15.04 |
References
- https://launchpad.net/bugs/1175691Exploit, Vendor Advisory
- https://ubuntu.com/USN-2743-3Vendor Advisory
- https://launchpad.net/bugs/1175691Exploit, Vendor Advisory
- https://ubuntu.com/USN-2743-3Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2013-1055?
How severe is CVE-2013-1055?
How do I fix CVE-2013-1055?
Are you affected by CVE-2013-1055?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST