USN-2877-1: Oxide vulnerabilities
Ubuntu Security Notice USN-2877-1 27th January, 2016 oxide-qt vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 15.04 Ubuntu 14.04 LTS Summary Several security issues were fixed in Oxide. Software description oxide-qt – Web browser engine library for Qt (QML plugin) Details A bad cast was discovered in V8. If a user were tricked in to opening aspecially crafted website, an attacker could potentially exploit this tocause a denial of service via renderer crash or execute arbitrary codewith the privileges of the sandboxed render process. (CVE-2016-1612) An issue was discovered when initializing the UnacceleratedImageBufferSurfaceclass in Blink. If a user were tricked in to opening a specially craftedwebsite, an attacker could potentially exploit this to obtain sensitiveinformation. (CVE-2016-1614) An issue was discovered with the CSP implementation in Blink. If a userwere tricked in to opening [ more… ]