Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2014-1747

Cross-site scripting (XSS) vulnerability in the DocumentLoader::maybeCreateArchive function in core/loader/DocumentLoader.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to inject arbitrary web script or HTML via crafted MHTML content, aka "Universal XSS (UXSS)."

Related bugs and status

CVE-2014-1747 (Candidate) is related to these bugs:

Bug #1302155: Chromium UI is very large

Summary				In	Importance	Status
	1302155	Chromium UI is very large		chromium-browser (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://googlechromerel...
CONFIRM: https://code.google.co...
SECTRACK: 1030270
SECUNIA: 58920
SECUNIA: 59155
GENTOO: GLSA-201408-16
CONFIRM: https://src.chromium.o...
SUSE: openSUSE-SU-2014:0783
DEBIAN: DSA-2939