{"id":"USN-3058-1","summary":"oxide-qt vulnerabilities","details":"An issue was discovered in Blink involving the provisional URL for an\ninitially empty document. An attacker could potentially exploit this to\nspoof the currently displayed URL. (CVE-2016-5141)\n\nA use-after-free was discovered in the WebCrypto implementation in Blink.\nIf a user were tricked in to opening a specially crafted website, an\nattacker could potentially exploit this to cause a denial of service via\napplication crash, or execute arbitrary code. (CVE-2016-5142)\n\nIt was discovered that the devtools subsystem in Blink mishandles various\nparameters. An attacker could exploit this to bypass intended access\nrestrictions. (CVE-2016-5143, CVE-2016-5144)\n\nIt was discovered that Blink does not ensure that a taint property is\npreserved after a structure-clone operation on an ImageBitmap object\nderived from a cross-origin image. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially exploit this to\nbypass same origin restrictions. (CVE-2016-5145)\n\nMultiple security issues were discovered in Chromium. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit these to read uninitialized memory, cause a denial\nof service via application crash, or execute arbitrary code.\n(CVE-2016-5146, CVE-2016-5167)\n\nIt was discovered that Blink mishandles deferred page loads. If a user\nwere tricked in to opening a specially crafted website, an attacker could\npotentially exploit this to conduct cross-site scripting (XSS) attacks.\n(CVE-2016-5147)\n\nAn issue was discovered in Blink related to widget updates. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit this to conduct cross-site scripting (XSS) attacks.\n(CVE-2016-5148)\n\nA use-after-free was discovered in Blink. If a user were tricked in to\nopening a specially crafted website, an attacker could potentially exploit\nthis to cause a denial of service via application crash, or execute\narbitrary code. (CVE-2016-5150)\n\nA use-after-free was discovered in Blink. If a user were tricked in to\nopening a specially crafted website, an attacker could potentially exploit\nthis to cause a denial of service via application crash, or execute\narbitrary code. (CVE-2016-5153)\n\nIt was discovered that Chromium does not correctly validate access to the\ninitial document. An attacker could potentially exploit this to spoof the\ncurrently displayed URL. (CVE-2016-5155)\n\nA use-after-free was discovered in the event bindings in Blink. If a user\nwere tricked in to opening a specially crafted website, an attacker could\npotentially exploit this to cause a denial of service via application\ncrash, or execute arbitrary code. (CVE-2016-5156)\n\nA type confusion bug was discovered in Blink. If a user were tricked in to\nopening a specially crafted website, an attacker could potentially exploit\nthis to cause a denial of service via application crash, or execute\narbitrary code. (CVE-2016-5161)\n\nAn issue was discovered with the devtools implementation. An attacker\ncould potentially exploit this to conduct cross-site scripting (XSS)\nattacks. (CVE-2016-5164)\n\nAn issue was discovered with the devtools implementation. An attacker\ncould potentially exploit this to conduct cross-site scripting (XSS)\nattacks. (CVE-2016-5165)\n","modified":"2026-04-22T09:26:47.827752Z","published":"2016-09-14T22:16:53Z","related":["UBUNTU-CVE-2016-5141","UBUNTU-CVE-2016-5142","UBUNTU-CVE-2016-5143","UBUNTU-CVE-2016-5144","UBUNTU-CVE-2016-5145","UBUNTU-CVE-2016-5146","UBUNTU-CVE-2016-5147","UBUNTU-CVE-2016-5148","UBUNTU-CVE-2016-5150","UBUNTU-CVE-2016-5153","UBUNTU-CVE-2016-5155","UBUNTU-CVE-2016-5156","UBUNTU-CVE-2016-5161","UBUNTU-CVE-2016-5164","UBUNTU-CVE-2016-5165","UBUNTU-CVE-2016-5167"],"upstream":["CVE-2016-5141","CVE-2016-5142","CVE-2016-5143","CVE-2016-5144","CVE-2016-5145","CVE-2016-5146","CVE-2016-5147","CVE-2016-5148","CVE-2016-5150","CVE-2016-5153","CVE-2016-5155","CVE-2016-5156","CVE-2016-5161","CVE-2016-5164","CVE-2016-5165","CVE-2016-5167","UBUNTU-CVE-2016-5141","UBUNTU-CVE-2016-5142","UBUNTU-CVE-2016-5143","UBUNTU-CVE-2016-5144","UBUNTU-CVE-2016-5145","UBUNTU-CVE-2016-5146","UBUNTU-CVE-2016-5147","UBUNTU-CVE-2016-5148","UBUNTU-CVE-2016-5150","UBUNTU-CVE-2016-5153","UBUNTU-CVE-2016-5155","UBUNTU-CVE-2016-5156","UBUNTU-CVE-2016-5161","UBUNTU-CVE-2016-5164","UBUNTU-CVE-2016-5165","UBUNTU-CVE-2016-5167"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-3058-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-5141"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-5142"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-5143"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-5144"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-5145"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-5146"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-5147"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-5148"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-5150"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-5153"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-5155"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-5156"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-5161"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-5164"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-5165"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-5167"}],"affected":[{"package":{"name":"oxide-qt","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/oxide-qt@1.17.7-0ubuntu0.14.04.1?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.17.7-0ubuntu0.14.04.1"}]}],"versions":["1.0.0~bzr437-0ubuntu1","1.0.0~bzr452-0ubuntu1","1.0.0~bzr475-0ubuntu1","1.0.0~bzr490-0ubuntu1","1.0.0~bzr501-0ubuntu1","1.0.0~bzr501-0ubuntu2","1.0.4-0ubuntu0.14.04.1","1.0.5-0ubuntu0.14.04.1","1.1.2-0ubuntu0.14.04.1","1.2.5-0ubuntu0.14.04.1","1.3.4-0ubuntu0.14.04.1","1.4.2-0ubuntu0.14.04.1","1.4.3-0ubuntu0.14.04.1","1.5.5-0ubuntu0.14.04.3","1.5.6-0ubuntu0.14.04.2","1.6.5-0ubuntu0.14.04.1","1.6.6-0ubuntu0.14.04.1","1.7.8-0ubuntu0.14.04.1","1.7.9-0ubuntu0.14.04.1","1.8.4-0ubuntu0.14.04.2","1.9.1-0ubuntu0.14.04.2","1.9.5-0ubuntu0.14.04.1","1.10.3-0ubuntu0.14.04.1","1.11.3-0ubuntu0.14.04.1","1.11.4-0ubuntu0.14.04.1","1.12.5-0ubuntu0.14.04.1","1.12.6-0ubuntu0.14.04.1","1.12.7-0ubuntu0.14.04.1","1.13.6-0ubuntu0.14.04.1","1.14.7-0ubuntu0.14.04.1","1.14.9-0ubuntu0.14.04.1","1.15.7-0ubuntu0.14.04.1","1.15.8-0ubuntu0.14.04.1","1.16.5-0ubuntu0.14.04.1"],"ecosystem_specific":{"binaries":[{"binary_version":"1.17.7-0ubuntu0.14.04.1","binary_name":"liboxideqt-qmlplugin"},{"binary_version":"1.17.7-0ubuntu0.14.04.1","binary_name":"liboxideqtcore0"},{"binary_version":"1.17.7-0ubuntu0.14.04.1","binary_name":"liboxideqtquick0"},{"binary_version":"1.17.7-0ubuntu0.14.04.1","binary_name":"oxideqmlscene"},{"binary_version":"1.17.7-0ubuntu0.14.04.1","binary_name":"oxideqt-chromedriver"},{"binary_version":"1.17.7-0ubuntu0.14.04.1","binary_name":"oxideqt-codecs"},{"binary_version":"1.17.7-0ubuntu0.14.04.1","binary_name":"oxideqt-codecs-extra"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3058-1.json","cves_map":{"ecosystem":"Ubuntu:14.04:LTS","cves":[{"id":"CVE-2016-5141","severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2016-5142","severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2016-5143","severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2016-5144","severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2016-5145","severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2016-5146","severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2016-5147","severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2016-5148","severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2016-5150","severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2016-5153","severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2016-5155","severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2016-5156","severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2016-5161","severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2016-5164","severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2016-5165","severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2016-5167","severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}]}}},{"package":{"name":"oxide-qt","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/oxide-qt@1.17.7-0ubuntu0.16.04.1?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.17.7-0ubuntu0.16.04.1"}]}],"versions":["1.9.5-0ubuntu1","1.10.3-0ubuntu0.15.10.1","1.10.3-0ubuntu0.15.10.2","1.11.3-0ubuntu3","1.11.4-0ubuntu1","1.11.5-0ubuntu1","1.12.5-0ubuntu1","1.12.6-0ubuntu1","1.12.7-0ubuntu1","1.13.6-0ubuntu1","1.14.7-0ubuntu1","1.14.9-0ubuntu0.16.04.1","1.15.7-0ubuntu0.16.04.1","1.15.8-0ubuntu0.16.04.1","1.16.5-0ubuntu0.16.04.1"],"ecosystem_specific":{"binaries":[{"binary_version":"1.17.7-0ubuntu0.16.04.1","binary_name":"liboxideqt-qmlplugin"},{"binary_version":"1.17.7-0ubuntu0.16.04.1","binary_name":"liboxideqtcore0"},{"binary_version":"1.17.7-0ubuntu0.16.04.1","binary_name":"liboxideqtquick0"},{"binary_version":"1.17.7-0ubuntu0.16.04.1","binary_name":"oxideqt-codecs"},{"binary_version":"1.17.7-0ubuntu0.16.04.1","binary_name":"oxideqt-codecs-extra"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3058-1.json","cves_map":{"ecosystem":"Ubuntu:16.04:LTS","cves":[{"id":"CVE-2016-5141","severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2016-5142","severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2016-5143","severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2016-5144","severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2016-5145","severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2016-5146","severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2016-5147","severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2016-5148","severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2016-5150","severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2016-5153","severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2016-5155","severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2016-5156","severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2016-5161","severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2016-5164","severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2016-5165","severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2016-5167","severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}]}}}],"schema_version":"1.7.5"}