CVE-2013-1055

Name of the Vulnerable Software and Affected Versions unity-firefox-extension versions prior to 3.0.0+14.04.20140416-0ubuntu1.14.04.1

Description The issue is related to resource release errors in the unity-firefox-extension package. It can be exploited by a remote attacker to cause a denial of service. The exploitation involves tricking the package into dropping a C callback that is still in use, leading to a crash when Firefox attempts to free it. This can be achieved by adding an action to the launcher and updating it with new callbacks until a rate limit is hit.

Recommendations For versions prior to 3.0.0+14.04.20140416-0ubuntu1.14.04.1, update to version 3.0.0+14.04.20140416-0ubuntu1.14.04.1 or later of unity-firefox-extension to resolve the issue. Alternatively, consider disabling the unity-firefox-extension package entirely, as done in the fixed versions of libunity-webapps, to prevent the attack.