USN-3058-1: Oxide vulnerabilities Ubuntu Security Notice USN-3058-1 14th September, 2016 oxide-qt vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in Oxide. Software description oxide-qt – Web browser engine for Qt (QML plugin) Details An issue was discovered in Blink involving the provisional URL for aninitially empty document. An attacker could potentially exploit this tospoof the currently displayed URL. (CVE-2016-5141) A use-after-free was discovered in the WebCrypto implementation in Blink.If a user were tricked in to opening a specially crafted website, anattacker could potentially exploit this to cause a denial of service viaapplication crash, or execute arbitrary code. (CVE-2016-5142) It was discovered that the devtools subsystem in Blink mishandles variousparameters. An attacker could exploit this to bypass intended accessrestrictions. (CVE-2016-5143, CVE-2016-5144) It was discovered that [ more… ]