Public bug reported:
If a webview that is displaying fullscreen Flash content is deleted, we
don't correctly null out the |container_| pointer on RWHV, which could
result in a use-after-free
** Affects: oxide
Importance: High
Assignee: Chris Coulson (chrisccoulson)
Status: Fix Released
** Changed in: oxide
Importance: Undecided => High
** Changed in: oxide
Status: New => In Progress
** Changed in: oxide
Assignee: (unassigned) => Chris Coulson (chrisccoulson)
** Changed in: oxide
Milestone: None => branch-1.12
--
You received this bug notification because you are a member of Ubuntu
WebApps bug tracking, which is subscribed to Oxide.
https://bugs.launchpad.net/bugs/1510963
Title:
Potential UAF when deleting a webview that's displaying fullscreen
Flash content
Status in Oxide:
Fix Released
Bug description:
If a webview that is displaying fullscreen Flash content is deleted,
we don't correctly null out the |container_| pointer on RWHV, which
could result in a use-after-free
To manage notifications about this bug go to:
https://bugs.launchpad.net/oxide/+bug/1510963/+subscriptions
--
Mailing list: https://launchpad.net/~ubuntu-webapps-bugs
Post to : [email protected]
Unsubscribe : https://launchpad.net/~ubuntu-webapps-bugs
More help : https://help.launchpad.net/ListHelp
