MidnightBSD

Advisories for oxide_project

CVE-2015-1317 HIGH

Use-after-free vulnerability in Oxide before 1.5.6 and 1.6.x before 1.6.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code by deleting all WebContents while a RenderProcessHost instance still exists.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
oxide_project oxide 1.6.0
canonical ubuntu_linux 14.04
canonical ubuntu_linux 14.10
oxide_project oxide *
CVE-2015-1321 MEDIUM

Use-after-free vulnerability in the file picker implementation in Oxide before 1.6.5 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted webpage.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
canonical ubuntu_linux 14.04
canonical ubuntu_linux 14.10
oxide_project oxide *
canonical ubuntu_linux 15.1
CVE-2015-1332 MEDIUM

The oxide::JavaScriptDialogManager function in oxide-qt before 1.9.1 as packaged in Ubuntu 15.04 and Ubuntu 14.04 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted website.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
canonical ubuntu_linux 15.10
canonical ubuntu_linux 14.04
oxide_project oxide *
CVE-2016-1578 HIGH

Use-after-free vulnerability in Oxide allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via unspecified vectors, related to responding synchronously to permission requests.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
oxide_project oxide -
canonical ubuntu_linux 15.10
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
CVE-2016-1586 MEDIUM

A malicious webview could install long-lived unload handlers that re-use an incognito BrowserContext that is queued for destruction in versions of Oxide before 1.18.3.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
oxide_project oxide *