4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
44.3%
The unity-firefox-extension package could be tricked into dropping a C
callback which was still in use, which Firefox would then free, causing
Firefox to crash. This could be achieved by adding an action to the
launcher and updating it with new callbacks until the libunity-webapps rate
limit was hit. Fixed in 3.0.0+14.04.20140416-0ubuntu1.14.04.1 of
unity-firefox-extension and in all versions of libunity-webapps by shipping
an empty unity-firefox-extension package, thus disabling the extension
entirely and invalidating the attack against the libunity-webapps package.
Author | Note |
---|---|
mdeslaur | plugin was disabled by shipping empty packages |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 14.04 | noarch | unity-firefox-extension | < 3.0.0+14.04.20140416-0ubuntu1.14.04.1 | UNKNOWN |
ubuntu | 15.04 | noarch | unity-firefox-extension | < 3.0.0+14.04.20140416-0ubuntu1.15.04.1 | UNKNOWN |
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
44.3%