CVE-2016-4585
Published: 21 July 2016
Cross-site scripting (XSS) vulnerability in the WebKit Page Loading implementation in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to inject arbitrary web script or HTML via an HTTP response specifying redirection that is mishandled by Safari.
Priority
Medium
CVSS 3 base score: 6.1
Status
| Package | Release | Status |
|---|---|---|
|
qtwebkit-opensource-src Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
| trusty |
Does not exist
(trusty was ignored [no update available])
|
|
| upstream |
Needs triage
|
|
| wily |
Ignored
(reached end-of-life)
|
|
| xenial |
Ignored
(no update available)
|
|
| yakkety |
Ignored
(no update available)
|
|
|
qtwebkit-source Launchpad, Ubuntu, Debian |
precise |
Ignored
(see notes)
|
| trusty |
Does not exist
(trusty was ignored [no update available])
|
|
| upstream |
Needs triage
|
|
| wily |
Ignored
(reached end-of-life)
|
|
| xenial |
Ignored
(no update available)
|
|
| yakkety |
Ignored
(no update available)
|
|
|
webkit Launchpad, Ubuntu, Debian |
precise |
Ignored
(see notes)
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| wily |
Does not exist
|
|
| xenial |
Does not exist
|
|
| yakkety |
Does not exist
|
|
|
webkit2gtk Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
| trusty |
Does not exist
|
|
| upstream |
Released
(2.12.1)
|
|
| wily |
Ignored
(reached end-of-life)
|
|
| xenial |
Released
(2.12.5-0ubuntu0.16.04.1)
|
|
| yakkety |
Not vulnerable
(2.12.5-1)
|
|
|
webkitgtk Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
| trusty |
Does not exist
(trusty was ignored [no update available])
|
|
| upstream |
Needs triage
|
|
| wily |
Ignored
(reached end-of-life)
|
|
| xenial |
Ignored
(no update available)
|
|
| yakkety |
Ignored
(no update available)
|
Notes
| Author | Note |
|---|---|
| jdstrand | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4585
- http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html
- http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html
- http://lists.apple.com/archives/security-announce/2016/Jul/msg00004.html
- https://support.apple.com/HT206900
- https://support.apple.com/HT206902
- https://support.apple.com/HT206905
- https://webkitgtk.org/security/WSA-2016-0005.html
- https://ubuntu.com/security/notices/USN-3079-1
- NVD
- Launchpad
- Debian