Ubuntu.comUB:CVE-2013-1054CVE-2013-1054
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
46.8%
The unity-firefox-extension package could be tricked into destroying the
Unity webapps context, causing Firefox to crash. This could be achieved by
spinning the event loop inside the webapps initialization callback. Fixed
in 3.0.0+14.04.20140416-0ubuntu1.14.04.1 by shipping an empty package, thus
disabling the extension entirely.
Bugs
Notes
| Author | Note |
|---|---|
| mdeslaur | plugin was disabled by shipping empty packages |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 14.04 | noarch | unity-firefox-extension | < 3.0.0+14.04.20140416-0ubuntu1.14.04.1 | UNKNOWN |
| ubuntu | 15.04 | noarch | unity-firefox-extension | < 3.0.0+14.04.20140416-0ubuntu1.15.04.1 | UNKNOWN |
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
46.8%