Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-0960

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2012-0960
Last Modified 25 Feb 2013 11:43:57
Published 24 Nov 2012 03:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-0960

Summary

Unity integration extension (unity-firefox-extension) before 2.4.1 for Firefox does not properly handle callbacks, which allows remote attackers to cause a denial of service (Firefox crash) and possibly execute arbitrary code via a crafted request.

Vulnerable Systems

Application

  • Ps Project Management Team Unity-firefox-extension 0.02

  • Ps Project Management Team Unity-firefox-extension 0.2.1

  • Ps Project Management Team Unity-firefox-extension 0.3

  • Ps Project Management Team Unity-firefox-extension 0.3.1

  • Ps Project Management Team Unity-firefox-extension 2.1

  • Ps Project Management Team Unity-firefox-extension 2.2

  • Ps Project Management Team Unity-firefox-extension 2.3

  • Ps Project Management Team Unity-firefox-extension 2.3.1

  • Ps Project Management Team Unity-firefox-extension 2.3.2

  • Ps Project Management Team Unity-firefox-extension 2.3.3

  • Ps Project Management Team Unity-firefox-extension 2.3.4

  • Ps Project Management Team Unity-firefox-extension 2.3.5

  • Ps Project Management Team Unity-firefox-extension 2.4.0


References

CONFIRM - https://bugs.launchpad.net/unity-firefox-extension/%2Bbug/1076350

UBUNTU - USN-1639-1

BID - 56650

XF - unityfirefoxextension-callback-dos(80319)


Last Updated: 27 May 2016 10:57:38