CVE-2019-6251

Published: Jan 14, 2019Modified: Nov 21, 2024

8.1

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Exploitability: 2.8 / Impact: 5.2

Source: NVD

Description

WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge.

Affected (10)

Products: Gnome: Epiphany · Webkitgtk: Webkitgtk · Wpewebkit: Wpe Webkit · +3 more

Show all products

Gnome: Epiphany · Webkitgtk: Webkitgtk · Wpewebkit: Wpe Webkit · Fedoraproject: Fedora · Canonical: Ubuntu Linux · Opensuse: Leap

1 product

1 product

1 product

1 product

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Gnome Epiphany	Up to 3.31.4

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Webkitgtk Webkitgtk	Before 2.24.1
Wpewebkit Wpe Webkit	Before 2.24.1

Configuration C

3 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 28
Fedoraproject Fedora	Version 29
Fedoraproject Fedora	Version 30

Configuration D

2 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 18.04
Canonical Ubuntu Linux	Version 18.10

Configuration E

2 vulnerable

Vulnerable Software	Affected Versions
Opensuse Leap	Version 15.0
Opensuse Leap	Version 42.3

References (30)

http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00025.html

Source: cve@mitre.org

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00031.html

Source: cve@mitre.org

Third Party Advisory

http://packetstormsecurity.com/files/152485/WebKitGTK-WPE-WebKit-URI-Spoofing-Code-Execution.html

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.openwall.com/lists/oss-security/2019/04/11/1

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://bugs.webkit.org/show_bug.cgi?id=194208

Source: cve@mitre.org

Issue TrackingVendor Advisory

https://gitlab.gnome.org/GNOME/epiphany/issues/532

Source: cve@mitre.org

ExploitPatchThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HSCDI3635E37GL4BNJDRDT2KEUBDLGSO/

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LACVFU4MYYRPJ3IEA4UCN5KUEAGCCJ72/

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNPI3R6QWDJBA5KNGA6QSMKYLY5RRHBZ/

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UO3DIA54X7FOUWFZW5YXC2MZ6KNHG6SW/

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YO5ZBUWOOXMVZPBYLZRDZF6ZQGBYJERQ/

Source: cve@mitre.org

https://seclists.org/bugtraq/2019/Apr/21

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://security.gentoo.org/glsa/201909-05

Source: cve@mitre.org

https://trac.webkit.org/changeset/243434

Source: cve@mitre.org

PatchVendor Advisory

https://usn.ubuntu.com/3948-1/

Source: cve@mitre.org

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00025.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00031.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://packetstormsecurity.com/files/152485/WebKitGTK-WPE-WebKit-URI-Spoofing-Code-Execution.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.openwall.com/lists/oss-security/2019/04/11/1

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://bugs.webkit.org/show_bug.cgi?id=194208

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

https://gitlab.gnome.org/GNOME/epiphany/issues/532

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatchThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HSCDI3635E37GL4BNJDRDT2KEUBDLGSO/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LACVFU4MYYRPJ3IEA4UCN5KUEAGCCJ72/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNPI3R6QWDJBA5KNGA6QSMKYLY5RRHBZ/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UO3DIA54X7FOUWFZW5YXC2MZ6KNHG6SW/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YO5ZBUWOOXMVZPBYLZRDZF6ZQGBYJERQ/

Source: af854a3a-2127-422b-91ae-364da2661108

https://seclists.org/bugtraq/2019/Apr/21

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://security.gentoo.org/glsa/201909-05

Source: af854a3a-2127-422b-91ae-364da2661108

https://trac.webkit.org/changeset/243434

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://usn.ubuntu.com/3948-1/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.