CVE-2013-1054
MEDIUMunity-firefox-extension < 3.0.0+14.04.20140416-0ubuntu1.14.04.1 - Denial of Service via Event Loop Spin
Title source: llmDescription
The unity-firefox-extension package could be tricked into destroying the Unity webapps context, causing Firefox to crash. This could be achieved by spinning the event loop inside the webapps initialization callback. Fixed in 3.0.0+14.04.20140416-0ubuntu1.14.04.1 by shipping an empty package, thus disabling the extension entirely.
References (2)
Core 2
Core References
Exploit, Vendor Advisory vendor-advisory
x_refsource_ubuntu
https://launchpad.net/bugs/1175661
Vendor Advisory vendor-advisory
x_refsource_ubuntu
https://ubuntu.com/USN-2743-3
Scores
CVSS v3
4.3
EPSS
0.0134
EPSS Percentile
67.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Details
CWE
CWE-404
Status
published
Products (3)
canonical/ubuntu_linux
14.04
canonical/ubuntu_linux
15.04
canonical/unity-firefox-extension
< 3.0.0\+14.04.20140416-0ubuntu1.14.04.1
Published
Apr 07, 2021
Tracked Since
Feb 18, 2026