CVE-2019-6251
Description
WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge.
Risk Information
Base Score
8.1
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
EPSS Score
Exploitation Probability
2.448
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Web content engine library for GTK+ (USN-3889-1) libwebkit2gtk-4.0-37_2.24.1-0ubuntu0.18.04.1_i386.deb | Linux |
| Web content engine library for GTK+ (USN-3889-1) libwebkit2gtk-4.0-37_2.24.1-0ubuntu0.18.04.1_amd64.deb | Linux |
| Web content engine library for GTK+ (USN-3889-1) libwebkit2gtk-4.0-37_2.24.1-0ubuntu0.18.10.2_i386.deb | Linux |
| Web content engine library for GTK+ (USN-3889-1) libwebkit2gtk-4.0-37_2.24.1-0ubuntu0.18.10.2_amd64.deb | Linux |
| Web content engine library for GTK+ (USN-3889-1) libjavascriptcoregtk-4.0-18_2.24.1-0ubuntu0.18.04.1_i386.deb | Linux |
| Web content engine library for GTK+ (USN-3889-1) libjavascriptcoregtk-4.0-18_2.24.1-0ubuntu0.18.04.1_amd64.deb | Linux |
| Web content engine library for GTK+ (USN-3889-1) libjavascriptcoregtk-4.0-18_2.24.1-0ubuntu0.18.10.2_i386.deb | Linux |
| Web content engine library for GTK+ (USN-3889-1) libjavascriptcoregtk-4.0-18_2.24.1-0ubuntu0.18.10.2_amd64.deb | Linux |
| Web content engine library for GTK+ (USN-3948-1) libwebkit2gtk-4.0-37_2.24.1-0ubuntu0.18.04.1_i386.deb | Linux |
| Web content engine library for GTK+ (USN-3948-1) libwebkit2gtk-4.0-37_2.24.1-0ubuntu0.18.04.1_amd64.deb | Linux |
| Web content engine library for GTK+ (USN-3948-1) libwebkit2gtk-4.0-37_2.24.1-0ubuntu0.18.10.2_i386.deb | Linux |
| Web content engine library for GTK+ (USN-3948-1) libwebkit2gtk-4.0-37_2.24.1-0ubuntu0.18.10.2_amd64.deb | Linux |
| Web content engine library for GTK+ (USN-3948-1) libjavascriptcoregtk-4.0-18_2.24.1-0ubuntu0.18.04.1_i386.deb | Linux |
| Web content engine library for GTK+ (USN-3948-1) libjavascriptcoregtk-4.0-18_2.24.1-0ubuntu0.18.04.1_amd64.deb | Linux |
| Web content engine library for GTK+ (USN-3948-1) libjavascriptcoregtk-4.0-18_2.24.1-0ubuntu0.18.10.2_i386.deb | Linux |
| Web content engine library for GTK+ (USN-3948-1) libjavascriptcoregtk-4.0-18_2.24.1-0ubuntu0.18.10.2_amd64.deb | Linux |
| SUSE-SU-2019:1155-1(SUSE Linux Enterprise Desktop 12-SP3 ) libjavascriptcoregtk-4_0-18-2.24.1-2.41.5.x86_64.rpm | Linux |
| SUSE-SU-2019:1155-1(SUSE Linux Enterprise Desktop 12-SP3 ) libjavascriptcoregtk-4_0-18-debuginfo-2.24.1-2.41.5.x86_64.rpm | Linux |
| SUSE-SU-2019:1155-1(SUSE Linux Enterprise Desktop 12-SP3 ) libwebkit2gtk-4_0-37-2.24.1-2.41.5.x86_64.rpm | Linux |
| SUSE-SU-2019:1155-1(SUSE Linux Enterprise Desktop 12-SP3 ) libwebkit2gtk-4_0-37-debuginfo-2.24.1-2.41.5.x86_64.rpm | Linux |
| SUSE-SU-2019:1155-1(SUSE Linux Enterprise Desktop 12-SP3 ) libwebkit2gtk3-lang-2.24.1-2.41.5.noarch.rpm | Linux |
| SUSE-SU-2019:1155-1(SUSE Linux Enterprise Desktop 12-SP3 ) typelib-1_0-JavaScriptCore-4_0-2.24.1-2.41.5.x86_64.rpm | Linux |
| SUSE-SU-2019:1155-1(SUSE Linux Enterprise Desktop 12-SP3 ) typelib-1_0-WebKit2-4_0-2.24.1-2.41.5.x86_64.rpm | Linux |
| SUSE-SU-2019:1155-1(SUSE Linux Enterprise Desktop 12-SP3 ) webkit2gtk-4_0-injected-bundles-2.24.1-2.41.5.x86_64.rpm | Linux |
| SUSE-SU-2019:1155-1(SUSE Linux Enterprise Desktop 12-SP3 ) webkit2gtk-4_0-injected-bundles-debuginfo-2.24.1-2.41.5.x86_64.rpm | Linux |
| SUSE-SU-2019:1155-1(SUSE Linux Enterprise Desktop 12-SP3 ) webkit2gtk3-debugsource-2.24.1-2.41.5.x86_64.rpm | Linux |
| (RHSA-2020:4035) webkitgtk4 security, bug fix, and enhancement update webkitgtk4-2.28.2-2.el7.i686.rpm | Linux |
| (RHSA-2020:4035) webkitgtk4 security, bug fix, and enhancement update webkitgtk4-2.28.2-2.el7.x86_64.rpm | Linux |
| (RHSA-2020:4035) webkitgtk4 security, bug fix, and enhancement update webkitgtk4-devel-2.28.2-2.el7.i686.rpm | Linux |
| (RHSA-2020:4035) webkitgtk4 security, bug fix, and enhancement update webkitgtk4-devel-2.28.2-2.el7.x86_64.rpm | Linux |
| (RHSA-2020:4035) webkitgtk4 security, bug fix, and enhancement update webkitgtk4-doc-2.28.2-2.el7.noarch.rpm | Linux |
| (RHSA-2020:4035) webkitgtk4 security, bug fix, and enhancement update webkitgtk4-jsc-2.28.2-2.el7.i686.rpm | Linux |
| (RHSA-2020:4035) webkitgtk4 security, bug fix, and enhancement update webkitgtk4-jsc-2.28.2-2.el7.x86_64.rpm | Linux |
| (RHSA-2020:4035) webkitgtk4 security, bug fix, and enhancement update webkitgtk4-jsc-devel-2.28.2-2.el7.i686.rpm | Linux |
| (RHSA-2020:4035) webkitgtk4 security, bug fix, and enhancement update webkitgtk4-jsc-devel-2.28.2-2.el7.x86_64.rpm | Linux |
| (CESA-2020:4035) webkitgtk4 security, bug fix, and enhancement update webkitgtk4-2.28.2-2.el7.i686.rpm | Linux |
| (CESA-2020:4035) webkitgtk4 security, bug fix, and enhancement update webkitgtk4-devel-2.28.2-2.el7.i686.rpm | Linux |
| (CESA-2020:4035) webkitgtk4 security, bug fix, and enhancement update webkitgtk4-jsc-2.28.2-2.el7.i686.rpm | Linux |
| (CESA-2020:4035) webkitgtk4 security, bug fix, and enhancement update webkitgtk4-jsc-devel-2.28.2-2.el7.i686.rpm | Linux |
| (CESA-2020:4035) webkitgtk4 security, bug fix, and enhancement update webkitgtk4-2.28.2-2.el7.x86_64.rpm | Linux |
| (CESA-2020:4035) webkitgtk4 security, bug fix, and enhancement update webkitgtk4-devel-2.28.2-2.el7.x86_64.rpm | Linux |
| (CESA-2020:4035) webkitgtk4 security, bug fix, and enhancement update webkitgtk4-doc-2.28.2-2.el7.noarch.rpm | Linux |
| (CESA-2020:4035) webkitgtk4 security, bug fix, and enhancement update webkitgtk4-jsc-2.28.2-2.el7.x86_64.rpm | Linux |
| (CESA-2020:4035) webkitgtk4 security, bug fix, and enhancement update webkitgtk4-jsc-devel-2.28.2-2.el7.x86_64.rpm | Linux |
| GNOME security, bug fix, and enhancement update (RLSA-2019:3553) pidgin-2.13.0-5.el8.x86_64.rpm | Linux |
| GNOME security, bug fix, and enhancement update (RLSA-2019:3553) libpurple-2.13.0-5.el8.i686.rpm | Linux |
| GNOME security, bug fix, and enhancement update (RLSA-2019:3553) libpurple-2.13.0-5.el8.x86_64.rpm | Linux |
| GNOME security, bug fix, and enhancement update (RLSA-2019:3553) gdk-pixbuf2-2.36.12-5.el8.i686.rpm | Linux |
| GNOME security, bug fix, and enhancement update (RLSA-2019:3553) gdk-pixbuf2-2.36.12-5.el8.x86_64.rpm | Linux |
| GNOME security, bug fix, and enhancement update (RLSA-2019:3553) gnome-desktop3-3.32.2-1.el8.i686.rpm | Linux |
| GNOME security, bug fix, and enhancement update (RLSA-2019:3553) gnome-desktop3-3.32.2-1.el8.x86_64.rpm | Linux |
| GNOME security, bug fix, and enhancement update (RLSA-2019:3553) gdk-pixbuf2-devel-2.36.12-5.el8.i686.rpm | Linux |
| GNOME security, bug fix, and enhancement update (RLSA-2019:3553) gdk-pixbuf2-devel-2.36.12-5.el8.x86_64.rpm | Linux |
| GNOME security, bug fix, and enhancement update (RLSA-2019:3553) gdk-pixbuf2-modules-2.36.12-5.el8.i686.rpm | Linux |
| GNOME security, bug fix, and enhancement update (RLSA-2019:3553) gdk-pixbuf2-modules-2.36.12-5.el8.x86_64.rpm | Linux |
| GNOME security, bug fix, and enhancement update (RLSA-2019:3553) gnome-desktop3-devel-3.32.2-1.el8.i686.rpm | Linux |
| GNOME security, bug fix, and enhancement update (RLSA-2019:3553) gnome-desktop3-devel-3.32.2-1.el8.x86_64.rpm | Linux |
| Low: GNOME security, bug fix, and enhancement update pidgin-2.13.0-5.el8.x86_64.rpm | Linux |
| Low: GNOME security, bug fix, and enhancement update libpurple-2.13.0-5.el8.i686.rpm | Linux |
| Low: GNOME security, bug fix, and enhancement update libpurple-2.13.0-5.el8.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234