Ubuntu.comUB:CVE-2015-1284CVE-2015-1284
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.011 Low
EPSS
Percentile
84.4%
The LocalFrame::isURLAllowed function in core/frame/LocalFrame.cpp in
Blink, as used in Google Chrome before 44.0.2403.89, does not properly
check for a page’s maximum number of frames, which allows remote attackers
to cause a denial of service (invalid count value and use-after-free) or
possibly have unspecified other impact via crafted JavaScript code that
makes many createElement calls for IFRAME elements.
Bugs
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 14.04 | noarch | chromium-browser | <Â 44.0.2403.89-0ubuntu0.14.04.1.1095 | UNKNOWN |
| ubuntu | 15.04 | noarch | chromium-browser | <Â 44.0.2403.89-0ubuntu0.15.04.1.1177 | UNKNOWN |
| ubuntu | 15.10 | noarch | chromium-browser | <Â 44.0.2403.89-0ubuntu1.1195 | UNKNOWN |
| ubuntu | 14.04 | noarch | oxide-qt | <Â 1.8.4-0ubuntu0.14.04.1 | UNKNOWN |
| ubuntu | 15.04 | noarch | oxide-qt | <Â 1.8.4-0ubuntu0.15.04.1 | UNKNOWN |
| ubuntu | 15.10 | noarch | oxide-qt | <Â 1.8.4-0ubuntu1 | UNKNOWN |
Related
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.011 Low
EPSS
Percentile
84.4%