CVE-2016-1586

EUVD-2016-2681
A malicious webview could install long-lived unload handlers that re-use an incognito BrowserContext that is queued for destruction in versions of Oxide before 1.18.3.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
1.8 LOW
LOCAL
HIGH
HIGH
CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N
canonicalCNA
1.8 LOW
LOCAL
HIGH
HIGH
CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 39%
Affected Products (NVD)
VendorProductVersion
oxide_projectoxide
𝑥
< 1.18.3
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
oxide-qt
precise
dne
trusty
Fixed 1.18.3-0ubuntu0.14.04.1
released
xenial
Fixed 1.18.3-0ubuntu0.16.04.1
released
yakkety
Fixed 1.18.3-0ubuntu0.16.10.1
released
Common Weakness Enumeration
References
https://git.launchpad.net/oxide/commit/?id=29014da83e5fc358d6bff0f574e9ed45e61a35ac
https://git.launchpad.net/oxide/commit/?id=29014da83e5fc358d6bff0f574e9ed45e61a35ac