Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

oxide-qt vulnerabilities

Related Vulnerabilities: CVE-2016-5170   CVE-2016-5171   CVE-2016-5172   CVE-2016-5175   CVE-2016-5178   CVE-2016-5177   CVE-2016-7549  

Several security issues were fixed in Oxide.

A use-after-free was discovered in the V8 bindings in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5170)

Source

7 October 2016

oxide-qt vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS

Summary

Several security issues were fixed in Oxide.

Software Description

  • oxide-qt - Web browser engine for Qt (QML plugin)

Details

A use-after-free was discovered in the V8 bindings in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5170)

A use-after-free was discovered in the V8 bindings in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5171)

An issue was discovered in V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to ontain sensitive information from arbitrary memory locations. (CVE-2016-5172)

Multiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5175, CVE-2016-5178)

A use-after-free was discovered in V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5177)

It was discovered that Chromium does not ensure the recipient of a certain IPC message is a valid RenderFrame or RenderWidget. An attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitary code. (CVE-2016-7549)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04 LTS
liboxideqtcore0 - 1.17.9-0ubuntu0.16.04.1
Ubuntu 14.04 LTS
liboxideqtcore0 - 1.17.9-0ubuntu0.14.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started