UbuntuUSN-2860-1Oxide vulnerabilities
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.8 High
AI Score
Confidence
High
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.083 Low
EPSS
Percentile
94.3%
Releases
- Ubuntu 15.10
- Ubuntu 15.04
- Ubuntu 14.04 ESM
Packages
- oxide-qt - Web browser engine library for Qt (QML plugin)
Details
A race condition was discovered in the MutationObserver implementation in
Blink. If a user were tricked in to opening a specially crafted website,
an attacker could potentially exploit this to cause a denial of service
via renderer crash, or execute arbitrary code with the privileges of the
sandboxed render process. (CVE-2015-6789)
An issue was discovered with the page serializer in Blink. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit this to inject arbitrary script or HTML.
(CVE-2015-6790)
Multiple security issues were discovered in Chromium. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to read uninitialized memory, cause a denial
of service via application crash or execute arbitrary code with the
privileges of the user invoking the program. (CVE-2015-6791)
Multiple security issues were discovered in V8. If a user were tricked
in to opening a specially crafted website, an attacker could potentially
exploit these to read uninitialized memory, cause a denial of service via
renderer crash or execute arbitrary code with the privileges of the
sandboxed render process. (CVE-2015-8548)
An integer overflow was discovered in the WebCursor::Deserialize function
in Chromium. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial of
service via application crash, or execute arbitrary code with the
privileges of the user invoking the program. (CVE-2015-8664)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 15.10 | noarch | liboxideqtcore0 | < 1.11.4-0ubuntu0.15.10.1 | UNKNOWN |
| Ubuntu | 15.10 | noarch | liboxideqt-qmlplugin | < 1.11.4-0ubuntu0.15.10.1 | UNKNOWN |
| Ubuntu | 15.10 | noarch | liboxideqt-qmlplugin-dbgsym | < 1.11.4-0ubuntu0.15.10.1 | UNKNOWN |
| Ubuntu | 15.10 | noarch | liboxideqtcore0-dbgsym | < 1.11.4-0ubuntu0.15.10.1 | UNKNOWN |
| Ubuntu | 15.10 | noarch | liboxideqtquick0 | < 1.11.4-0ubuntu0.15.10.1 | UNKNOWN |
| Ubuntu | 15.10 | noarch | liboxideqtquick0-dbgsym | < 1.11.4-0ubuntu0.15.10.1 | UNKNOWN |
| Ubuntu | 15.10 | noarch | oxideqt-chromedriver | < 1.11.4-0ubuntu0.15.10.1 | UNKNOWN |
| Ubuntu | 15.10 | noarch | oxideqt-codecs | < 1.11.4-0ubuntu0.15.10.1 | UNKNOWN |
| Ubuntu | 15.10 | noarch | oxideqt-codecs-dbg | < 1.11.4-0ubuntu0.15.10.1 | UNKNOWN |
| Ubuntu | 15.10 | noarch | oxideqt-codecs-dbgsym | < 1.11.4-0ubuntu0.15.10.1 | UNKNOWN |
Related
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.8 High
AI Score
Confidence
High
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.083 Low
EPSS
Percentile
94.3%