CVE-2012-0960

Published: 22 November 2012

Unity integration extension (unity-firefox-extension) before 2.4.1 for Firefox does not properly handle callbacks, which allows remote attackers to cause a denial of service (Firefox crash) and possibly execute arbitrary code via a crafted request.

Priority

Status

Package	Release	Status
unity-firefox-extension Launchpad, Ubuntu, Debian	hardy	Does not exist
	lucid	Does not exist
	oneiric	Does not exist
	precise	Does not exist
	quantal	Released (2.4.1-0ubuntu1.1)
	upstream	Needs triage

References

https://ubuntu.com/security/notices/USN-1639-1
https://www.cve.org/CVERecord?id=CVE-2012-0960
NVD
Launchpad
Debian

Bugs

https://bugs.launchpad.net/unity-firefox-extension/+bug/1076350

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›