CVE-2015-1332 Information

Description

The oxide::JavaScriptDialogManager function in oxide-qt before 1.9.1 as packaged in Ubuntu 15.04 and Ubuntu 14.04 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted website.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Reference

http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-1332.html http://www.securityfocus.com/bid/76710 http://www.ubuntu.com/usn/USN-2735-1 https://launchpad.net/ubuntu/+source/oxide-qt/1.9.1-0ubuntu0.15.04.1

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.8