CVE-2019-6251

WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge.

Published: Jan 14, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-6251
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.1
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

CVSS v2:

Severity: Medium
Score: 5.8
AV:N/AC:M/Au:N/C:P/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
gnome / epiphany	-	3.31.4.x
wpewebkit / wpe_webkit	-	2.24.1
webkitgtk / webkitgtk	-	2.24.1
fedoraproject / fedora	28	28.x
fedoraproject / fedora	29	29.x
fedoraproject / fedora	30	30.x
canonical / ubuntu_linux	18.04	18.04.x
canonical / ubuntu_linux	18.10	18.10.x
opensuse / leap	42.3	42.3.x
opensuse / leap	15.0	15.0.x

http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00025.html
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00031.html
http://packetstormsecurity.com/files/152485/WebKitGTK-WPE-WebKit-URI-Spoofing-Code-Execution.html
http://www.openwall.com/lists/oss-security/2019/04/11/1
https://bugs.webkit.org/show_bug.cgi?id=194208
https://gitlab.gnome.org/GNOME/epiphany/issues/532
https://lists.fedoraproject.org/archives/list/[email protected]/message/HSCDI3635E37GL4BNJDRDT2KEUBDLGSO/
https://lists.fedoraproject.org/archives/list/[email protected]/message/LACVFU4MYYRPJ3IEA4UCN5KUEAGCCJ72/
https://lists.fedoraproject.org/archives/list/[email protected]/message/TNPI3R6QWDJBA5KNGA6QSMKYLY5RRHBZ/
https://lists.fedoraproject.org/archives/list/[email protected]/message/UO3DIA54X7FOUWFZW5YXC2MZ6KNHG6SW/
https://lists.fedoraproject.org/archives/list/[email protected]/message/YO5ZBUWOOXMVZPBYLZRDZF6ZQGBYJERQ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HSCDI3635E37GL4BNJDRDT2KEUBDLGSO/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LACVFU4MYYRPJ3IEA4UCN5KUEAGCCJ72/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNPI3R6QWDJBA5KNGA6QSMKYLY5RRHBZ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UO3DIA54X7FOUWFZW5YXC2MZ6KNHG6SW/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YO5ZBUWOOXMVZPBYLZRDZF6ZQGBYJERQ/
https://seclists.org/bugtraq/2019/Apr/21
https://security.gentoo.org/glsa/201909-05
https://trac.webkit.org/changeset/243434
https://usn.ubuntu.com/3948-1/

Vulnerability Database

289,599

CVE-2019-6251