CVE-2016-1858

Publication date 20 May 2016

Last updated 25 August 2025


Ubuntu priority

Cvss 3 Severity Score

6.5 · Medium

Score breakdown

Description

WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, improperly tracks taint attributes, which allows remote attackers to obtain sensitive information via a crafted web site.

Read the notes from the security team

Status

Package Ubuntu Release Status
qtwebkit-opensource-src 16.10 yakkety Ignored end of life
16.04 LTS xenial Ignored end of standard support
15.10 wily Ignored end of life
14.04 LTS trusty Not in release
12.04 LTS precise Not in release
qtwebkit-source 16.10 yakkety Ignored end of life
16.04 LTS xenial Ignored end of standard support
15.10 wily Ignored end of life
14.04 LTS trusty Not in release
12.04 LTS precise Ignored end of life
webkit 16.10 yakkety Not in release
16.04 LTS xenial Not in release
15.10 wily Not in release
14.04 LTS trusty Not in release
12.04 LTS precise Ignored end of life
webkit2gtk 16.10 yakkety
Not affected
16.04 LTS xenial
Fixed 2.12.5-0ubuntu0.16.04.1
15.10 wily Ignored end of life
14.04 LTS trusty Not in release
12.04 LTS precise Not in release
webkitgtk 16.10 yakkety Ignored end of life
16.04 LTS xenial Ignored end of standard support
15.10 wily Ignored end of life
14.04 LTS trusty Not in release
12.04 LTS precise Not in release

Notes


jdstrand

webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8

Severity score breakdown

CVSS version: CVSS v3.0

Base score 6.5 · Medium

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N


Access our resources on patching vulnerabilities