1

Canonical Fixes Exploit in the Firefox Extension for Unity Integration

view story
linux-howto

http://news.softpedia.com – On December 13, Canonical published in a security notice details about a unity-firefox-extension vulnerability for its Ubuntu 12.10 (Quantal Quetzal) operating system. According to Canonical, unity-firefox-extension (Firefox extension for Unity Integration) could have been made to expose sensitive information over the network. It was discovered that unity-firefox-extension bypassed the same origin policy checks in certain circumstances. If a user were tr... (read more) (General)

netcastaustralia's picture
Submitted by netcastaustralia on 12/14/2012

Stories similar to Canonical Fixes Exploit in the Firefox Extension for Unity Integration

On November 22, Canonical published details about Python Keyring vulnerabilities for its Ubuntu 12.10 (Quantal Quetzal), operating systems.

According to Canonical, the Unity Firefox Extension could have been made to crash or run programs as users login, if it opened a malicious website.

It was discovered that the Unity Firefox Extension incorrectly handled certain callbacks.

Unityfox is a firefox extension to add a download progress bar and active downloads count to the Firefox icon on the launcher in Unity. See the effect:

To install this plugin, use your firefox browser to open: addons.mozilla.org/en-US/firefox/addon/unityfox/. Click ‘Add to Firefox’ and it takes effect without restart firefox. Related posts: DownThemAll-A Download Manager extension for

On December 12, Canonical published in a security notice details about an APT vulnerability for its Ubuntu 12.10 (Quantal Quetzal), Ubuntu 12.04 (Precise Pangolin), and Ubuntu 11.10 (Oneiric Ocelot) operating systems.

According to Canonical, APT could have made to expose sensitive information.

It was discovered that APT set inappropriate permissions on the term.log file.

Canonical published in a security notice details about Firefox vulnerabilities for its Ubuntu 12.04 LTS, Ubuntu 11.10, Ubuntu 11.04, and Ubuntu 10.04 LTS operating systems.

According to Canonical, several security issues were fixed in Mozilla Firefox.

Lightweight Portable Security (LPS), a thin Linux operating system that creates a secure end node from trusted media on almost any Intel-based computer (PC or Mac), is now at version 1.3.6.

On November 8, Canonical published in a security notice details about a Qt vulnerability for its Ubuntu 12.10 (Quantal Quetzal), Ubuntu 11.10 (Oneiric Ocelot) and Ubuntu 10.04 LTS (Lucid Lynx) operating systems. According to Canonical, Qt applications could be made to expose sensitive information over the network.

On October 26, in a security notice Canonical published details about Firefox vulnerabilities for its Ubuntu 12.10, Ubuntu 12.04 LTS, Ubuntu 11.10, Ubuntu 11.04, and Ubuntu 10.04 LTS operating systems.According to Canonical, several flaws were found in Firefox that allowed a remote attacker to conduct cross-site scripting (S) attacks.

I found in another question on AskUbuntu someone had demonstrated on how to enable/disable sites that would integrate with Unity, in the webapps preview. There was a screenshot showing a "Unity" section in the Firefox preferences. I don't have that option. This is the screenshot:

How can I get this option?

I uploaded 3 PKGBUILDS to the AUR for Firefox integration into Gnome ShellAdwaita Theme - Themes Firefox to look more like a native Gnome 3 appHide Title Extension - Hides titlebar when maximizedFXButton Extension - Iconizes and allows moving of Firefox buttonLet me know how they work for youEdit: Also, you might want to set: browser.tabs.onTop to false in about:config for that 'Epiphany/Web&