Vulnerability Details : CVE-2013-1055
Potential exploit
The unity-firefox-extension package could be tricked into dropping a C callback which was still in use, which Firefox would then free, causing Firefox to crash. This could be achieved by adding an action to the launcher and updating it with new callbacks until the libunity-webapps rate limit was hit. Fixed in 3.0.0+14.04.20140416-0ubuntu1.14.04.1 of unity-firefox-extension and in all versions of libunity-webapps by shipping an empty unity-firefox-extension package, thus disabling the extension entirely and invalidating the attack against the libunity-webapps package.
Products affected by CVE-2013-1055
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:unity-firefox-extension:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-1055
0.21%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 44 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-1055
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST | |
|
4.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L |
2.8
|
1.4
|
NIST | |
|
4.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L |
2.8
|
1.4
|
Canonical Ltd. |
CWE ids for CVE-2013-1055
-
The product does not release or incorrectly releases a resource before it is made available for re-use.Assigned by:
- nvd@nist.gov (Primary)
- security@ubuntu.com (Secondary)
References for CVE-2013-1055
-
https://launchpad.net/bugs/1175691
Bug #1175691 “Rate limit in libunity-webapps can be abused to ma...” : Bugs : unity-firefox-extension package : UbuntuExploit;Vendor Advisory
-
https://ubuntu.com/USN-2743-3
Vendor Advisory
Jump to