CVE-2015-1291

2015-09-0200:00:00

ubuntu.com

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

0.015 Low

EPSS

Percentile

86.5%

JSON

The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp
in Blink, as used in Google Chrome before 45.0.2454.85, does not check
whether a node is expected, which allows remote attackers to bypass the
Same Origin Policy or cause a denial of service (DOM tree corruption) via a
web site with crafted JavaScript code and IFRAME elements.

OSVersionArchitecturePackageVersionFilename
ubuntu14.04noarchchromium-browser< 45.0.2454.85-0ubuntu0.14.04.1.1097UNKNOWN
ubuntu15.04noarchchromium-browser< 45.0.2454.85-0ubuntu0.15.04.1.1181UNKNOWN
ubuntu15.10noarchchromium-browser< 45.0.2454.85-0ubuntu1.1198UNKNOWN
ubuntu14.04noarchoxide-qt< 1.9.1-0ubuntu0.14.04.2UNKNOWN
ubuntu15.04noarchoxide-qt< 1.9.1-0ubuntu0.15.04.1UNKNOWN
ubuntu15.10noarchoxide-qt< 1.9.1-0ubuntu1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	14.04	noarch	chromium-browser	< 45.0.2454.85-0ubuntu0.14.04.1.1097	UNKNOWN
ubuntu	15.04	noarch	chromium-browser	< 45.0.2454.85-0ubuntu0.15.04.1.1181	UNKNOWN
ubuntu	15.10	noarch	chromium-browser	< 45.0.2454.85-0ubuntu1.1198	UNKNOWN
ubuntu	14.04	noarch	oxide-qt	< 1.9.1-0ubuntu0.14.04.2	UNKNOWN
ubuntu	15.04	noarch	oxide-qt	< 1.9.1-0ubuntu0.15.04.1	UNKNOWN
ubuntu	15.10	noarch	oxide-qt	< 1.9.1-0ubuntu1	UNKNOWN