oxide-qt: code execution
| Package(s): | oxide-qt | CVE #(s): | CVE-2015-1317 | ||||
| Created: | April 7, 2015 | Updated: | April 8, 2015 | ||||
| Description: | From the Ubuntu advisory:
It was discovered that Oxide did not correctly manage the lifetime of BrowserContext, resulting in a potential use-after-free in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program. | ||||||
| Alerts: |
| ||||||