Unity Firefox Extension Security Exploit Fixed for Ubuntu 12.10

Just update the operating system and restart Firefox

By on November 23rd, 2012 12:18 GMT

On November 22, Canonical published details about Python Keyring vulnerabilities for its Ubuntu 12.10 (Quantal Quetzal), operating systems.

According to Canonical, the Unity Firefox Extension could have been made to crash or run programs as users login, if it opened a malicious website.

It was discovered that the Unity Firefox Extension incorrectly handled certain callbacks. A remote attacker could have used this exploit to cause the Unity Firefox Extension to crash, resulting in a denial of service, or to possibly execute arbitrary code.

For a more detailed description of the security problems, you can visit Canonical's security notification.

Users can simply fix the security flaws by upgrading the operating systems to the latest xul-ext-unity package.

A normal system update, executed with the Update Manager, will implement all the necessary changes. A complete system restart is not necessary, but you will need to restart Mozilla Firefox.

Comments