CVE-2013-1054 — Improper Resource Shutdown or Release in Unity-firefox-extension

CWE-404 — Improper Resource Shutdown or Release4 documents4 sources

Severity

6.5MEDIUMNVD

CNA4.3

EPSS

0.2%

top 62.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Canonical Unity-firefox-extension Canonical Ubuntu Linux

Timeline

PublishedApr 7

Latest updateMay 5

Description

The unity-firefox-extension package could be tricked into destroying the Unity webapps context, causing Firefox to crash. This could be achieved by spinning the event loop inside the webapps initialization callback. Fixed in 3.0.0+14.04.20140416-0ubuntu1.14.04.1 by shipping an empty package, thus disabling the extension entirely.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5canonical/unity-firefox-extension3.0.0 — 3.0.0+14.04.20140416-0ubuntu1.14.04.1

▶NVDcanonical/unity-firefox-extension< 3.0.0\+14.04.20140416-0ubuntu1.14.04.1

Also affects: Ubuntu Linux 14.04, 15.04

🔴Vulnerability Details

GHSA

GHSA-jh4r-88h5-574v: The unity-firefox-extension package could be tricked into destroying the Unity webapps context, causing Firefox to crash↗2022-05-05

▶

CVEList

Possible remote DOS in WebApps↗2021-04-07

▶

OSV

CVE-2013-1054: The unity-firefox-extension package could be tricked into destroying the Unity webapps context, causing Firefox to crash↗2021-04-07

▶