Launchpad CVE tracker

CVE 2015-1317

Use-after-free vulnerability in Oxide before 1.5.6 and 1.6.x before 1.6.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code by deleting all WebContents while a RenderProcessHost instance still exists.

Related bugs and status

CVE-2015-1317 (Candidate) is related to these bugs:

Bug #1431484: BrowserContext should not be deleted until all RenderProcessHosts using it are gone

		In	Importance	Status
1431484	BrowserContext should not be deleted until all RenderProcessHosts using it are gone	Oxide	High	Fix Released
1431484	BrowserContext should not be deleted until all RenderProcessHosts using it are gone	Oxide 1.5	High	Fix Released
1431484	BrowserContext should not be deleted until all RenderProcessHosts using it are gone	Oxide 1.6	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://bugs.launchpad...
UBUNTU: USN-2556-1

Launchpad.net

CVE 2015-1317

Related bugs and status

Related bugs

References