CVE-2013-1055
MEDIUMunity-firefox-extension < 3.0.0+14.04.20140416-0ubuntu1.14.04.1 - Use-After-Free via Launcher Action Callback
Title source: llmDescription
The unity-firefox-extension package could be tricked into dropping a C callback which was still in use, which Firefox would then free, causing Firefox to crash. This could be achieved by adding an action to the launcher and updating it with new callbacks until the libunity-webapps rate limit was hit. Fixed in 3.0.0+14.04.20140416-0ubuntu1.14.04.1 of unity-firefox-extension and in all versions of libunity-webapps by shipping an empty unity-firefox-extension package, thus disabling the extension entirely and invalidating the attack against the libunity-webapps package.
References (2)
Core 2
Core References
Vendor Advisory vendor-advisory
x_refsource_ubuntu
https://ubuntu.com/USN-2743-3
Exploit, Vendor Advisory vendor-advisory
x_refsource_ubuntu
https://launchpad.net/bugs/1175691
Scores
CVSS v3
4.3
EPSS
0.0127
EPSS Percentile
66.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Details
CWE
CWE-404
Status
published
Products (3)
canonical/ubuntu_linux
14.04
canonical/ubuntu_linux
15.04
canonical/unity-firefox-extension
< 3.0.0\+14.04.20140416-0ubuntu1.14.04.1
Published
Apr 07, 2021
Tracked Since
Feb 18, 2026