Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2013-2902

Use-after-free vulnerability in the XSLT ProcessingInstruction implementation in Blink, as used in Google Chrome before 29.0.1547.57, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to an applyXSLTransform call involving (1) an HTML document or (2) an xsl:processing-instruction element that is still in the process of loading.

Related bugs and status

CVE-2013-2902 (Candidate) is related to these bugs:

Bug #1215361: Please update to 29.0.1547.57

Summary				In	Importance	Status
	1215361	Please update to 29.0.1547.57		chromium-browser (Ubuntu)	Medium	Fix Released

Bug #1223855: after opening webapps window and a normal window, normal window doesn't respond to Ctrl-T

Summary				In	Importance	Status
	1223855	after opening webapps window and a normal window, normal window doesn't respond to Ctrl-T		chromium-browser (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://crbug.com/260105
CONFIRM: http://googlechromerel...
DEBIAN: DSA-2741
CONFIRM: https://src.chromium.o...
OVAL: oval:org.mitre.oval:de...