CVE-2013-1054 Vulnerability Details

  /     /     /  

CVE-2013-1054 Metadata Quick Info

CVE Published: 07/04/2021 | CVE Updated: 16/09/2024 | CVE Year: 2013
Source: canonical | Vendor: Canonical | Product: unity-firefox-extension
Status : PUBLISHED

---

CVE-2013-1054 Description

The unity-firefox-extension package could be tricked into destroying the Unity webapps context, causing Firefox to crash. This could be achieved by spinning the event loop inside the webapps initialization callback. Fixed in 3.0.0+14.04.20140416-0ubuntu1.14.04.1 by shipping an empty package, thus disabling the extension entirely.

Metrics

CVSS Version: 3.1 | Base Score: 4.3 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* NONE
    User Interaction (UI)* REQUIRED
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* NONE
    Integrity Impact (I)* NONE
    Availability Impact (A)* LOW

Weakness Enumeration (CWE)

CWE-ID: CWE-404
CWE Name: CWE-404 Improper Resource Shutdown or Release
Source: Canonical

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).