CVE-2015-3754
Published: 16 August 2015
The private-browsing implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8 does not prevent caching of HTTP authentication credentials, which makes it easier for remote attackers to track users via a crafted web site.
Notes
Author | Note |
---|---|
jdstrand |
webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 |
Priority
Status
Package | Release | Status |
---|---|---|
qtwebkit-opensource-src
Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
trusty |
Does not exist
(trusty was ignored [no update available])
|
|
upstream |
Needs triage
|
|
vivid |
Ignored
(end of life)
|
|
wily |
Ignored
(end of life)
|
|
xenial |
Ignored
(no update available)
|
|
yakkety |
Ignored
(end of life)
|
|
qtwebkit-source
Launchpad, Ubuntu, Debian |
precise |
Ignored
(end of life)
|
trusty |
Does not exist
(trusty was ignored [no update available])
|
|
upstream |
Needs triage
|
|
vivid |
Ignored
(end of life)
|
|
wily |
Ignored
(end of life)
|
|
xenial |
Ignored
(no update available)
|
|
yakkety |
Ignored
(end of life)
|
|
webkit
Launchpad, Ubuntu, Debian |
precise |
Ignored
(end of life)
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
vivid |
Does not exist
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
webkitgtk
Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
trusty |
Does not exist
(trusty was ignored [no update available])
|
|
upstream |
Needs triage
|
|
vivid |
Ignored
(end of life)
|
|
wily |
Ignored
(end of life)
|
|
xenial |
Ignored
(no update available)
|
|
yakkety |
Ignored
(end of life)
|