{"id":"USN-2825-1","summary":"oxide-qt vulnerabilities","details":"Multiple use-after-free bugs were discovered in the application cache\nimplementation in Chromium. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially exploit these to\ncause a denial of service via application crash, or execute arbitrary code\nwith the privileges of the user invoking the program. (CVE-2015-6765,\nCVE-2015-6766, CVE-2015-6767)\n\nSeveral security issues were discovered in the DOM implementation in\nChromium. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit these to bypass same\norigin restrictions. (CVE-2015-6768, CVE-2015-6770)\n\nA security issue was discovered in the provisional-load commit\nimplementation in Chromium. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially exploit this to\nbypass same origin restrictions. (CVE-2015-6769)\n\nAn out-of-bounds read was discovered in the array map and filter\noperations in V8 in some circumstances. If a user were tricked in to\nopening a specially crafted website, an attacker could potentially\nexploit this to cause a denial of service via renderer crash.\n(CVE-2015-6771)\n\nIt was discovered that the DOM implementation in Chromium does not prevent\njavascript: URL navigation while a document is being detached. If a user\nwere tricked in to opening a specially crafted website, an attacker could\npotentially exploit this to bypass same origin restrictions.\n(CVE-2015-6772)\n\nAn out-of bounds read was discovered in Skia in some cirumstances. If a\nuser were tricked in to opening a specially crafted website, an attacker\ncould potentially exploit this to cause a denial of service via renderer\ncrash. (CVE-2015-6773)\n\nA use-after-free was discovered in the DOM implementation in Chromium. If\na user were tricked in to opening a specially crafted website, an attacker\ncould potentially exploit this to cause a denial of service via renderer\ncrash or execute arbitrary code with the privileges of the sandboxed\nrender process. (CVE-2015-6777)\n\nIt was discovered that the Document::open function in Chromium did not\nensure that page-dismissal event handling is compatible with modal dialog\nblocking. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit this to spoof application\nUI content. (CVE-2015-6782)\n\nIt was discovered that the page serializer in Chromium mishandled MOTW\ncomments for URLs in some circumstances. An attacker could potentially\nexploit this to inject HTML content. (CVE-2015-6784)\n\nIt was discovered that the Content Security Policy (CSP) implementation\nin Chromium accepted an x.y hostname as a match for a *.x.y pattern. An\nattacker could potentially exploit this to bypass intended access\nrestrictions. (CVE-2015-6785)\n\nIt was discovered that the Content Security Policy (CSP) implementation\nin Chromium accepted blob:, data: and filesystem: URLs as a match for a\n* pattern. An attacker could potentially exploit this to bypass intended\naccess restrictions. (CVE-2015-6786)\n\nMultiple security issues were discovered in Chromium. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit these to read uninitialized memory, cause a denial\nof service via application crash or execute arbitrary code with the\nprivileges of the user invoking the program. (CVE-2015-6787)\n\nMultiple security issues were discovered in V8. If a user were tricked\nin to opening a specially crafted website, an attacker could potentially\nexploit these to read uninitialized memory, cause a denial of service via\nrenderer crash or execute arbitrary code with the privileges of the\nsandboxed render process. (CVE-2015-8478)\n","modified":"2026-02-10T04:40:56Z","published":"2015-12-10T17:43:44Z","related":["UBUNTU-CVE-2015-6765","UBUNTU-CVE-2015-6766","UBUNTU-CVE-2015-6767","UBUNTU-CVE-2015-6768","UBUNTU-CVE-2015-6769","UBUNTU-CVE-2015-6770","UBUNTU-CVE-2015-6771","UBUNTU-CVE-2015-6772","UBUNTU-CVE-2015-6773","UBUNTU-CVE-2015-6777","UBUNTU-CVE-2015-6782","UBUNTU-CVE-2015-6784","UBUNTU-CVE-2015-6785","UBUNTU-CVE-2015-6786","UBUNTU-CVE-2015-6787","UBUNTU-CVE-2015-8478"],"upstream":["CVE-2015-6765","CVE-2015-6766","CVE-2015-6767","CVE-2015-6768","CVE-2015-6769","CVE-2015-6770","CVE-2015-6771","CVE-2015-6772","CVE-2015-6773","CVE-2015-6777","CVE-2015-6782","CVE-2015-6784","CVE-2015-6785","CVE-2015-6786","CVE-2015-6787","CVE-2015-8478","UBUNTU-CVE-2015-6765","UBUNTU-CVE-2015-6766","UBUNTU-CVE-2015-6767","UBUNTU-CVE-2015-6768","UBUNTU-CVE-2015-6769","UBUNTU-CVE-2015-6770","UBUNTU-CVE-2015-6771","UBUNTU-CVE-2015-6772","UBUNTU-CVE-2015-6773","UBUNTU-CVE-2015-6777","UBUNTU-CVE-2015-6782","UBUNTU-CVE-2015-6784","UBUNTU-CVE-2015-6785","UBUNTU-CVE-2015-6786","UBUNTU-CVE-2015-6787","UBUNTU-CVE-2015-8478"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-2825-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-6765"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-6766"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-6767"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-6768"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-6769"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-6770"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-6771"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-6772"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-6773"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-6777"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-6782"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-6784"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-6785"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-6786"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-6787"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-8478"}],"affected":[{"package":{"name":"oxide-qt","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/oxide-qt@1.11.3-0ubuntu0.14.04.1?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.11.3-0ubuntu0.14.04.1"}]}],"versions":["1.0.0~bzr437-0ubuntu1","1.0.0~bzr452-0ubuntu1","1.0.0~bzr475-0ubuntu1","1.0.0~bzr490-0ubuntu1","1.0.0~bzr501-0ubuntu1","1.0.0~bzr501-0ubuntu2","1.0.4-0ubuntu0.14.04.1","1.0.5-0ubuntu0.14.04.1","1.1.2-0ubuntu0.14.04.1","1.2.5-0ubuntu0.14.04.1","1.3.4-0ubuntu0.14.04.1","1.4.2-0ubuntu0.14.04.1","1.4.3-0ubuntu0.14.04.1","1.5.5-0ubuntu0.14.04.3","1.5.6-0ubuntu0.14.04.2","1.6.5-0ubuntu0.14.04.1","1.6.6-0ubuntu0.14.04.1","1.7.8-0ubuntu0.14.04.1","1.7.9-0ubuntu0.14.04.1","1.8.4-0ubuntu0.14.04.2","1.9.1-0ubuntu0.14.04.2","1.9.5-0ubuntu0.14.04.1","1.10.3-0ubuntu0.14.04.1"],"ecosystem_specific":{"binaries":[{"binary_version":"1.11.3-0ubuntu0.14.04.1","binary_name":"liboxideqt-qmlplugin"},{"binary_version":"1.11.3-0ubuntu0.14.04.1","binary_name":"liboxideqtcore0"},{"binary_version":"1.11.3-0ubuntu0.14.04.1","binary_name":"liboxideqtquick0"},{"binary_version":"1.11.3-0ubuntu0.14.04.1","binary_name":"oxideqmlscene"},{"binary_version":"1.11.3-0ubuntu0.14.04.1","binary_name":"oxideqt-chromedriver"},{"binary_version":"1.11.3-0ubuntu0.14.04.1","binary_name":"oxideqt-codecs"},{"binary_version":"1.11.3-0ubuntu0.14.04.1","binary_name":"oxideqt-codecs-extra"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"cves":[{"id":"CVE-2015-6765","severity":[{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2015-6766","severity":[{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2015-6767","severity":[{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2015-6768","severity":[{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2015-6769","severity":[{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2015-6770","severity":[{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2015-6771","severity":[{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2015-6772","severity":[{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2015-6773","severity":[{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2015-6777","severity":[{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2015-6782","severity":[{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2015-6784","severity":[{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2015-6785","severity":[{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2015-6786","severity":[{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2015-6787","severity":[{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2015-8478","severity":[{"type":"Ubuntu","score":"medium"}]}],"ecosystem":"Ubuntu:14.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-2825-1.json"}}],"schema_version":"1.7.3"}