CVE-2014-1716
Published: 9 April 2014
Cross-site scripting (XSS) vulnerability in the Runtime_SetPrototype function in runtime.cc in Google V8, as used in Google Chrome before 34.0.1847.116, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS)."
Notes
Author | Note |
---|---|
chrisccoulson | Issue was fixed prior to Oxide r501, the first version to be included in an Ubuntu release |
mikesalvatore | The Ubuntu Security Team does not support libv8 |
Priority
Status
Package | Release | Status |
---|---|---|
chromium-browser Launchpad, Ubuntu, Debian |
vivid |
Not vulnerable
(34.0.1847.116-0ubuntu2)
|
artful |
Not vulnerable
(34.0.1847.116-0ubuntu2)
|
|
bionic |
Not vulnerable
(34.0.1847.116-0ubuntu2)
|
|
cosmic |
Not vulnerable
(34.0.1847.116-0ubuntu2)
|
|
lucid |
Ignored
(end of life)
|
|
precise |
Released
(34.0.1847.116-0ubuntu~1.12.04.0~pkg884)
|
|
quantal |
Released
(34.0.1847.116-0ubuntu~1.12.10.0~pkg900)
|
|
saucy |
Released
(34.0.1847.116-0ubuntu~1.13.10.0~pkg991)
|
|
trusty |
Does not exist
(trusty was not-affected [34.0.1847.116-0ubuntu2])
|
|
upstream |
Released
(34.0.1847.116)
|
|
utopic |
Not vulnerable
(34.0.1847.116-0ubuntu2)
|
|
wily |
Not vulnerable
(34.0.1847.116-0ubuntu2)
|
|
xenial |
Not vulnerable
(34.0.1847.116-0ubuntu2)
|
|
yakkety |
Not vulnerable
(34.0.1847.116-0ubuntu2)
|
|
zesty |
Not vulnerable
(34.0.1847.116-0ubuntu2)
|
|
libv8-3.14 Launchpad, Ubuntu, Debian |
vivid |
Ignored
(end of life)
|
artful |
Ignored
(end of life)
|
|
bionic |
Ignored
(libv8 not supported)
|
|
cosmic |
Ignored
(end of life)
|
|
lucid |
Does not exist
|
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
saucy |
Ignored
(end of life)
|
|
trusty |
Does not exist
(trusty was ignored [libv8 not supported])
|
|
upstream |
Needed
|
|
utopic |
Ignored
(end of life)
|
|
wily |
Ignored
(end of life)
|
|
xenial |
Ignored
(libv8 not supported)
|
|
yakkety |
Ignored
(end of life)
|
|
zesty |
Ignored
(end of life)
|
|
oxide-qt Launchpad, Ubuntu, Debian |
vivid |
Not vulnerable
|
artful |
Not vulnerable
|
|
bionic |
Does not exist
|
|
cosmic |
Does not exist
|
|
lucid |
Does not exist
|
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
saucy |
Does not exist
|
|
trusty |
Does not exist
(trusty was not-affected)
|
|
upstream |
Not vulnerable
|
|
utopic |
Not vulnerable
|
|
wily |
Not vulnerable
|
|
xenial |
Not vulnerable
|
|
yakkety |
Not vulnerable
|
|
zesty |
Not vulnerable
|
|
libv8 Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
bionic |
Does not exist
|
|
cosmic |
Does not exist
|
|
lucid |
Ignored
(end of life)
|
|
precise |
Ignored
(end of life)
|
|
quantal |
Ignored
(end of life)
|
|
saucy |
Ignored
(end of life)
|
|
trusty |
Does not exist
|
|
upstream |
Needed
|
|
utopic |
Does not exist
|
|
vivid |
Does not exist
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
zesty |
Does not exist
|
|
qtjsbackend-opensource-src Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
bionic |
Does not exist
|
|
cosmic |
Does not exist
|
|
lucid |
Does not exist
|
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
saucy |
Ignored
(end of life)
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
utopic |
Does not exist
|
|
vivid |
Does not exist
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
zesty |
Does not exist
|