Canonical Fixes Exploit in the Firefox Extension for Unity Integration

The update only applies to Ubuntu 12.10 (Quantal Quetzal)

  Firefox logo
On December 13, Canonical published in a security notice details about a unity-firefox-extension vulnerability for its Ubuntu 12.10 (Quantal Quetzal) operating system.

On December 13, Canonical published in a security notice details about a unity-firefox-extension vulnerability for its Ubuntu 12.10 (Quantal Quetzal) operating system.

According to Canonical, unity-firefox-extension (Firefox extension for Unity Integration) could have been made to expose sensitive information over the network.

It was discovered that unity-firefox-extension bypassed the same origin policy checks in certain circumstances.

If a user were tricked into opening a malicious page, an attacker could have exploited that to steal confidential data or perform other security-sensitive operations.

For a more detailed description of the security problems, you can visit Canonical's security notification.

Users can simply fix the security flaws by upgrading the operating systems to the latest xul-ext-unity package.

A normal system update, executed with the Update Manager, will implement all the necessary changes. A complete system restart is not necessary.

Comments