CVE-2013-1055Improper Resource Shutdown or Release in Libunity-webapps

CWE-404Improper Resource Shutdown or Release4 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
0.2%
top 59.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Canonical Libunity-webappsCanonical Unity-firefox-extensionCanonical Ubuntu Linux
Timeline
PublishedApr 7
Latest updateMay 5

Description

The unity-firefox-extension package could be tricked into dropping a C callback which was still in use, which Firefox would then free, causing Firefox to crash. This could be achieved by adding an action to the launcher and updating it with new callbacks until the libunity-webapps rate limit was hit. Fixed in 3.0.0+14.04.20140416-0ubuntu1.14.04.1 of unity-firefox-extension and in all versions of libunity-webapps by shipping an empty unity-firefox-extension package, thus disabling the extension e

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:LExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

CVEListV5canonical/unity-firefox-extension3.0.03.0.0+14.04.20140416-0ubuntu1.14.04.1
NVDcanonical/unity-firefox-extension< 3.0.0\+14.04.20140416-0ubuntu1.14.04.1
CVEListV5canonical/libunity-webapps2.5.02.5.0~+14.04.20140409-0ubuntu1

Also affects: Ubuntu Linux 14.04, 15.04

🔴Vulnerability Details

3
GHSA
GHSA-42p7-ggcc-r5fp: The unity-firefox-extension package could be tricked into dropping a C callback which was still in use, which Firefox would then free, causing Firefox2022-05-05
OSV
CVE-2013-1055: The unity-firefox-extension package could be tricked into dropping a C callback which was still in use, which Firefox would then free, causing Firefox2021-04-07
CVEList
Potential DoS through abuse of rate limit in libunity-webapps for Firefox2021-04-07
CVE-2013-1055 — Improper Resource Shutdown or Release | cvebase