Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Potential DoS through abuse of rate limit in libunity-webapps for Firefox
Vulnerability Description
The unity-firefox-extension package could be tricked into dropping a C callback which was still in use, which Firefox would then free, causing Firefox to crash. This could be achieved by adding an action to the launcher and updating it with new callbacks until the libunity-webapps rate limit was hit. Fixed in 3.0.0+14.04.20140416-0ubuntu1.14.04.1 of unity-firefox-extension and in all versions of libunity-webapps by shipping an empty unity-firefox-extension package, thus disabling the extension entirely and invalidating the attack against the libunity-webapps package.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Vulnerability Type
不恰当的资源关闭或释放
Vulnerability Title
Firefox unity-firefox-extension 安全漏洞
Vulnerability Description
Firefox unity-firefox-extension是Firefox开源的一个应用插件。 Firefox unity-firefox-extension 存在安全漏洞,该漏洞源于发送一个空的unity-firefox-extension包,从而完全禁用扩展,并使针对libuny -webapps包的攻击失效。
CVSS Information
N/A
Vulnerability Type
N/A