admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

unity-firefox-extension, libunity-webapps vulnerabilities

Browse Source
This commit is contained in:
Avital Ostromich 2021-04-07 14:57:46 -04:00
parent 14d180c001
commit b7ad3f1fea
No known key found for this signature in database
GPG Key ID: 264AF3C1D26BC982
2 changed files with 205 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

101
2013/1xxx/CVE-2013-1054.json
View File

@ -1,9 +1,45 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"AKA": "",
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2013-05-02T15:56:00.000Z",
"ID": "CVE-2013-1054",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Possible remote DOS in WebApps"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "unity-firefox-extension",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "<",
"version_name": "3.0.0",
"version_value": "3.0.0+14.04.20140416-0ubuntu1.14.04.1"
}
]
}
}
]
},
"vendor_name": "Canonical"
}
]
}
},
"configuration": [],
"credit": [
{
"lang": "eng",
"value": "Chris Coulson"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
@ -11,8 +47,63 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The unity-firefox-extension package could be tricked into destroying the Unity webapps context, causing Firefox to crash. This could be achieved by spinning the event loop inside the webapps initialization callback. Fixed in 3.0.0+14.04.20140416-0ubuntu1.14.04.1 by shipping an empty package, thus disabling the extension entirely."
}
]
}
}
},
"exploit": [],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-404 Improper Resource Shutdown or Release"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://launchpad.net/bugs/1175661",
"refsource": "UBUNTU",
"url": "https://launchpad.net/bugs/1175661"
},
{
"name": "https://ubuntu.com/USN-2743-3",
"refsource": "UBUNTU",
"url": "https://ubuntu.com/USN-2743-3"
}
]
},
"solution": [],
"source": {
"advisory": "https://ubuntu.com/USN-2743-3",
"defect": [
"https://launchpad.net/bugs/1175661"
],
"discovery": "INTERNAL"
},
"work_around": []
}

114
2013/1xxx/CVE-2013-1055.json
View File

@ -1,9 +1,58 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"AKA": "",
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2013-05-02T17:20:00.000Z",
"ID": "CVE-2013-1055",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Potential DoS through abuse of rate limit in libunity-webapps for Firefox"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "unity-firefox-extension",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "<",
"version_name": "3.0.0",
"version_value": "3.0.0+14.04.20140416-0ubuntu1.14.04.1"
}
]
}
},
{
"product_name": "libunity-webapps",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "<",
"version_name": "2.5.0",
"version_value": "2.5.0~+14.04.20140409-0ubuntu1"
}
]
}
}
]
},
"vendor_name": "Canonical"
}
]
}
},
"configuration": [],
"credit": [
{
"lang": "eng",
"value": "Chris Coulson"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
@ -11,8 +60,63 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The unity-firefox-extension package could be tricked into dropping a C callback which was still in use, which Firefox would then free, causing Firefox to crash. This could be achieved by adding an action to the launcher and updating it with new callbacks until the libunity-webapps rate limit was hit. Fixed in 3.0.0+14.04.20140416-0ubuntu1.14.04.1 of unity-firefox-extension and in all versions of libunity-webapps by shipping an empty unity-firefox-extension package, thus disabling the extension entirely and invalidating the attack against the libunity-webapps package."
}
]
}
}
},
"exploit": [],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-404 Improper Resource Shutdown or Release"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://launchpad.net/bugs/1175691",
"refsource": "UBUNTU",
"url": "https://launchpad.net/bugs/1175691"
},
{
"name": "https://ubuntu.com/USN-2743-3",
"refsource": "UBUNTU",
"url": "https://ubuntu.com/USN-2743-3"
}
]
},
"solution": [],
"source": {
"advisory": "https://ubuntu.com/USN-2743-3",
"defect": [
"https://launchpad.net/bugs/1175691"
],
"discovery": "INTERNAL"
},
"work_around": []
}