CVE-2015-6786

2015-12-0500:00:00

ubuntu.com

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

73.3%

JSON

The CSPSourceList::matches function in
WebKit/Source/core/frame/csp/CSPSourceList.cpp in the Content Security
Policy (CSP) implementation in Google Chrome before 47.0.2526.73 accepts a
blob:, data:, or filesystem: URL as a match for a * pattern, which allows
remote attackers to bypass intended scheme restrictions in opportunistic
circumstances by leveraging a policy that relies on this pattern.

OSVersionArchitecturePackageVersionFilename
ubuntu14.04noarchchromium-browser< 47.0.2526.73-0ubuntu0.14.04.1.1106UNKNOWN
ubuntu15.04noarchchromium-browser< 47.0.2526.73-0ubuntu0.15.04.1.1190UNKNOWN
ubuntu15.10noarchchromium-browser< 47.0.2526.73-0ubuntu0.15.10.1.1215UNKNOWN
ubuntu14.04noarchoxide-qt< 1.11.3-0ubuntu0.14.04.1UNKNOWN
ubuntu15.04noarchoxide-qt< 1.11.3-0ubuntu0.15.04.1UNKNOWN
ubuntu15.10noarchoxide-qt< 1.11.3-0ubuntu0.15.10.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	14.04	noarch	chromium-browser	< 47.0.2526.73-0ubuntu0.14.04.1.1106	UNKNOWN
ubuntu	15.04	noarch	chromium-browser	< 47.0.2526.73-0ubuntu0.15.04.1.1190	UNKNOWN
ubuntu	15.10	noarch	chromium-browser	< 47.0.2526.73-0ubuntu0.15.10.1.1215	UNKNOWN
ubuntu	14.04	noarch	oxide-qt	< 1.11.3-0ubuntu0.14.04.1	UNKNOWN
ubuntu	15.04	noarch	oxide-qt	< 1.11.3-0ubuntu0.15.04.1	UNKNOWN
ubuntu	15.10	noarch	oxide-qt	< 1.11.3-0ubuntu0.15.10.1	UNKNOWN