CVE-2013-1054

Summary

The unity-firefox-extension package could be tricked into destroying the Unity webapps context, causing Firefox to crash. This could be achieved by spinning the event loop inside the webapps initialization callback. Fixed in 3.0.0+14.04.20140416-0ubuntu1.14.04.1 by shipping an empty package, thus disabling the extension entirely.

Affected Software

VendorProductVersion RangeStatus
Canonicalunity-firefox-extension3.0.0 < 3.0.0+14.04.20140416-0ubuntu1.14.04.1affected

Weaknesses

  • CWE-404: CWE-404 Improper Resource Shutdown or Release

ADP Enrichment

CVE Program Container

Additional References

References