CVE-2016-1586

Published on: 04/22/2019 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:04 PM UTC

CVE-2016-1586 - advisory for https://usn.ubuntu.com/3113-1/

CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N

Certain versions of Oxide from Oxide Project contain the following vulnerability:

A malicious webview could install long-lived unload handlers that re-use an incognito BrowserContext that is queued for destruction in versions of Oxide before 1.18.3.

  • CVE-2016-1586 has been assigned by URL Logo [email protected] to track the vulnerability - currently rated as HIGH severity.
  • Affected Vendor/Software: URL Logo Ubuntu - Oxide version 1.18.3

CVSS3 Score: 7.5 - HIGH

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK LOW NONE NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED NONE HIGH NONE

CVSS2 Score: 5 - MEDIUM

Access
Vector
Access
Complexity
Authentication
NETWORK LOW NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
NONE PARTIAL NONE

CVE References

Description Tags Link
oxide - [no description] Patch
Third Party Advisory
git.launchpad.net
text/html
URL Logo MISC git.launchpad.net/oxide/commit/?id=29014da83e5fc358d6bff0f574e9ed45e61a35ac

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationOxide ProjectOxideAllAllAllAll
ApplicationOxide ProjectOxideAllAllAllAll
  • cpe:2.3:a:oxide_project:oxide:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:oxide_project:oxide:*:*:*:*:*:*:*:*:

Discovery Credit

Chris Coulson