1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
Candidate: CVE-2014-4671
PublicDate: 2014-07-09
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4671
https://helpx.adobe.com/security/products/flash-player/apsb14-17.html
Description:
Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows
and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on
Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK & Compiler
before 14.0.0.137 do not properly restrict the SWF file format, which
allows remote attackers to conduct cross-site request forgery (CSRF)
attacks against JSONP endpoints, and obtain sensitive information, via a
crafted OBJECT element with SWF content satisfying the character-set
requirements of a callback API.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to: chriscoulson
Patches_flashplugin-nonfree:
upstream_flashplugin-nonfree: released (11.2.202.394)
lucid_flashplugin-nonfree: ignored (reached end-of-life)
precise_flashplugin-nonfree: released (11.2.202.394ubuntu0.12.04.1)
saucy_flashplugin-nonfree: released (11.2.202.394ubuntu0.13.10.1)
trusty_flashplugin-nonfree: released (11.2.202.394ubuntu0.14.04.1)
devel_flashplugin-nonfree: released (11.2.202.394ubuntu1)
Patches_adobe-flashplugin:
upstream_adobe-flashplugin: released (11.2.202.394)
lucid_adobe-flashplugin: ignored (reached end-of-life)
precise_adobe-flashplugin: released (11.2.202.378-0precise1)
saucy_adobe-flashplugin: released (11.2.202.378-0saucy1)
trusty_adobe-flashplugin: released (11.2.202.378-0trusty1)
devel_adobe-flashplugin: DNE
|