5 matches found
CVE-2015-1321
CVE-2015-1321 affects Oxide’s file picker: a use-after-free in the file picker before 1.6.5 can allow remote attackers to crash or potentially execute arbitrary code via a crafted webpage. Upgrade to Oxide 1.6.5+ to fix; apply vendor patches as available.
CVE-2015-1332
CVE-2015-1332 describes a heap corruption in oxide::JavaScriptDialogManager within oxide-qt. Affected: Ubuntu 15.04 and 14.04 packaged oxide-qt core library. Impact per advisories: denial of service via renderer crash and potential arbitrary code execution when visiting a crafted website. Remedia...
CVE-2015-1317
CVE-2015-1317 affects Oxide, a WEB browsing engine used with Chromium components. The vulnerability is a use-after-free/memory misreference in Oxide’s handling of deletion of all WebContents when a RenderProcessHost still exists, allowing remote-triggered crashes or potentially arbitrary code exe...
CVE-2016-1578
CVE-2016-1578 is a use-after-free in Oxide (related to responding synchronously to permission requests) that could allow remote code execution or a crash. Affected platform references include Ubuntu USN-2955-1; remediation is to apply the Ubuntu security advisory update. No explicit patch version...
CVE-2016-1586
Affects Oxide prior to v1.18.3 where a malicious webview can install long-lived unload handlers that reuse an incognito BrowserContext queued for destruction. This could lead to exposure of sensitive information as described in CVE-2016-1586. Remediation: upgrade to Oxide 1.18.3 or later (or appl...