CVE-2019-6251

Published: 14 January 2019

WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge.

Priority

Medium

CVSS 3 base score: 8.1

Status

Package Release Status
epiphany-browser
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.10 (Impish Indri) Needs triage

Ubuntu 21.04 (Hirsute Hippo) Needs triage

Ubuntu 20.04 LTS (Focal Fossa) Needs triage

Ubuntu 18.04 LTS (Bionic Beaver) Needs triage

Ubuntu 16.04 ESM (Xenial Xerus) Ignored
(end of standard support, was needs-triage)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needs-triage)
webkit2gtk
Launchpad, Ubuntu, Debian
Upstream
Released (2.24.1)
Ubuntu 21.10 (Impish Indri) Not vulnerable
(2.24.1-1)
Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(2.24.1-1)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(2.24.1-1)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (2.24.1-0ubuntu0.18.04.1)
Ubuntu 16.04 ESM (Xenial Xerus) Deferred

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist