2289 matches found
CVE-2015-7179
The VertexBufferInterface::reserveVertexSpace function in libGLES in ANGLE, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows, incorrectly allocates memory for shader attribute arrays, which allows remote attackers to execute arbitrary code or cause a denial of...
Memory corruption
The ProgramBinary::linkAttributes function in libGLES in ANGLE, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows, mishandles shader access, which allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application cras...
CVE-2015-7178
The ProgramBinary::linkAttributes function in libGLES in ANGLE, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows, mishandles shader access, which allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application cras...
CVE-2015-7178
The ProgramBinary::linkAttributes function in libGLES in ANGLE, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows, mishandles shader access, which allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application cras...
CVE-2015-7178
CVE-2015-7178 affects Mozilla Firefox on Windows via ANGLE’s libGLES, where the ProgramBinary::linkAttributes function mishandles shader access. This can allow a remote attacker to execute arbitrary code or cause a denial of service through crafted OpenGL/WebGL content, leading to memory corrupti...
CVE-2015-7179
The CVE-2015-7179 entry is confirmed public with concrete details: The flaw occurs in ANGLE’s libGLES used by Mozilla Firefox on Windows, in VertexBufferInterface::reserveVertexSpace. It allocates memory for shader attribute arrays incorrectly, enabling remote attackers to run arbitrary code or c...
CVE-2015-7179
The VertexBufferInterface::reserveVertexSpace function in libGLES in ANGLE, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows, incorrectly allocates memory for shader attribute arrays, which allows remote attackers to execute arbitrary code or cause a denial of...
Memory safety errors in libGLES in the ANGLE graphics library — Mozilla
Security researcher Ronald Crane reported two issues in the libGLES portions of the ANGLE graphics library, used for WebGL and OpenGL content on Windows systems. The first of these is a missing bounds check leading to memory safety errors when manipulating shaders which could result in the writin...
Ubuntu 14.04 LTS : Oxide vulnerabilities (USN-2570-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2570-1 advisory. An issue was discovered in the HTML parser in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially...
FreeBSD : chromium -- multiple vulnerabilities (b57f690e-ecc9-11e4-876c-00262d5ed8ee)
Google Chrome Releases reports : 45 new security fixes, including : - 456518 High CVE-2015-1235: Cross-origin-bypass in HTML parser. Credit to anonymous. - 313939 Medium CVE-2015-1236: Cross-origin-bypass in Blink. Credit to Amitay Dobo. - 461191 High CVE-2015-1237: Use-after-free in IPC. Credit ...
USN-2570-1: Oxide vulnerabilities
An issue was discovered in the HTML parser in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. CVE-2015-1235 An issue was discovered in the Web Audio API implementation in Blink. If a user were...
USN-2570-1 oxide-qt vulnerabilities
An issue was discovered in the HTML parser in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. CVE-2015-1235 An issue was discovered in the Web Audio API implementation in Blink. If a user were...
[SECURITY] [DSA 3238-1] chromium-browser security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3238-1 [email protected] http://www.debian.org/security/ Michael Gilbert April 26, 2015 http://www.debian.org/security/faq -...
DSA-3238-1 chromium-browser - security update
Bulletin has no description...
Updated chromium-browser-stable packages fix security vulnerabilities
Chromium-browser 42.0.2311.90 fixes several security issues, among others a cross-origin-bypass in HTML parser CVE-2015-1235, a cross-origin-bypass in Blink CVE-2015-1236, a use-after-free in IPC CVE-2015-1237, an out-of-bounds write in Skia CVE-2015-1238, an out-of-bounds read in WebGL...
CVE-2015-1240
gpu/blink/webgraphicscontext3dimpl.cc in the WebGL implementation in Google Chrome before 42.0.2311.90 allows remote attackers to cause a denial of service out-of-bounds read via a crafted WebGL program that triggers a state inconsistency...
Out-of-bounds
gpu/blink/webgraphicscontext3dimpl.cc in the WebGL implementation in Google Chrome before 42.0.2311.90 allows remote attackers to cause a denial of service out-of-bounds read via a crafted WebGL program that triggers a state inconsistency...
CVE-2015-1240
The CVE-2015-1240 entry applies to Google Chrome’s WebGL implementation (gpu/blink/webgraphicscontext3d_impl.cc) and describes an out-of-bounds read in WebGL that can be triggered by a crafted WebGL program, potentially causing denial of service due to a state inconsistency. Affected version is C...
CVE-2015-1240
gpu/blink/webgraphicscontext3dimpl.cc in the WebGL implementation in Google Chrome before 42.0.2311.90 allows remote attackers to cause a denial of service out-of-bounds read via a crafted WebGL program that triggers a state inconsistency...
CVE-2015-1240
Removed by vendor...