Branch sisyphus update bulletin.

Package firefox-esr updated to version 38.3.0-alt1 for branch sisyphus in task 150329.

No data currently available.

Package chromium updated to version 45.0.2454.99-alt1 for branch sisyphus in task 149467.

Published: 2015-10-12

BDU:2015-11682

Уязвимость браузера Google Chrome, позволяющая нарушителю обойти существующие ограничения доступа

Severity: HIGH (7.5)

References:

CVE-2015-1303

Published: 2015-10-12

BDU:2015-11683

Уязвимость браузера Google Chrome, позволяющая нарушителю обойти существующие ограничения доступа

Severity: HIGH (7.5)

References:

CVE-2015-1304

Published: 2015-10-12
Modified: 2024-11-21

CVE-2015-1303

bindings/core/v8/V8DOMWrapper.h in Blink, as used in Google Chrome before 45.0.2454.101, does not perform a rethrow action to propagate information about a cross-context exception, which allows remote attackers to bypass the Same Origin Policy via a crafted HTML document containing an IFRAME element.

Severity: HIGH (7.5)

References:

Published: 2015-10-12
Modified: 2024-11-21

CVE-2015-1304

object-observe.js in Google V8, as used in Google Chrome before 45.0.2454.101, does not properly restrict method calls on access-checked objects, which allows remote attackers to bypass the Same Origin Policy via a (1) observe or (2) getNotifier call.

Severity: HIGH (7.5)

References:

Version: 2.1.0

Branch sisyphus update on 2015-09-25

ALT-BU-2015-2654-1

ALT-PU-2015-1797-1

Closed vulnerabilities

MFSA 2015-10

MFSA 2015-11

ALT-PU-2015-1798-1

Closed vulnerabilities

BDU:2015-11682

BDU:2015-11683

CVE-2015-1303

CVE-2015-1304