vulnerability

Ubuntu: (CVE-2013-1054): unity-firefox-extension vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:N/C:N/I:N/A:P)	Apr 7, 2021	Nov 19, 2024	Mar 27, 2026

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:N/A:P)

Published

Apr 7, 2021

Added

Nov 19, 2024

Modified

Mar 27, 2026

Description

The unity-firefox-extension package could be tricked into destroying the Unity webapps context, causing Firefox to crash. This could be achieved by spinning the event loop inside the webapps initialization callback. Fixed in 3.0.0+14.04.20140416-0ubuntu1.14.04.1 by shipping an empty package, thus disabling the extension entirely.

Solution

ubuntu-upgrade-unity-firefox-extension

References

CVE-2013-1054
https://attackerkb.com/topics/CVE-2013-1054
CWE-404
EUVD-EUVD-2013-1094
https://euvd.enisa.europa.eu/vulnerability/EUVD-2013-1094
https://ubuntu.com/security/notices/USN-2743-3
https://www.cve.org/CVERecord?id=CVE-2013-1054

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report