PublicDateAtUSN: 2019-01-14
Candidate: CVE-2019-6251
PublicDate: 2019-01-14 08:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6251
 https://webkitgtk.org/security/WSA-2019-0002.html
 https://ubuntu.com/security/notices/USN-3948-1
Description:
 WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address
 bar spoofing upon certain JavaScript redirections. An attacker could cause
 malicious web content to be displayed as if for a trusted URI. This is
 similar to the CVE-2018-8383 issue in Microsoft Edge.
Ubuntu-Description:
Notes:
Bugs:
 https://gitlab.gnome.org/GNOME/epiphany/issues/532
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N [8.1 HIGH]


Patches_epiphany-browser:
upstream_epiphany-browser: needs-triage
precise/esm_epiphany-browser: DNE
trusty_epiphany-browser: ignored (reached end-of-life)
trusty/esm_epiphany-browser: DNE (trusty was needs-triage)
xenial_epiphany-browser: ignored (end of standard support, was needs-triage)
bionic_epiphany-browser: needs-triage
cosmic_epiphany-browser: ignored (reached end-of-life)
disco_epiphany-browser: ignored (reached end-of-life)
eoan_epiphany-browser: ignored (reached end-of-life)
focal_epiphany-browser: needs-triage
groovy_epiphany-browser: ignored (reached end-of-life)
hirsute_epiphany-browser: ignored (reached end-of-life)
impish_epiphany-browser: needs-triage
jammy_epiphany-browser: needs-triage
devel_epiphany-browser: needs-triage

Patches_webkit2gtk:
upstream_webkit2gtk: released (2.24.1)
precise/esm_webkit2gtk: DNE
trusty_webkit2gtk: DNE
trusty/esm_webkit2gtk: DNE
xenial_webkit2gtk: ignored (end of standard support, was deferred)
esm-infra/xenial_webkit2gtk: deferred
bionic_webkit2gtk: released (2.24.1-0ubuntu0.18.04.1)
cosmic_webkit2gtk: released (2.24.1-0ubuntu0.18.10.2)
disco_webkit2gtk: not-affected (2.24.1-1)
eoan_webkit2gtk: not-affected (2.24.1-1)
focal_webkit2gtk: not-affected (2.24.1-1)
groovy_webkit2gtk: not-affected (2.24.1-1)
hirsute_webkit2gtk: not-affected (2.24.1-1)
impish_webkit2gtk: not-affected (2.24.1-1)
jammy_webkit2gtk: not-affected (2.24.1-1)
devel_webkit2gtk: not-affected (2.24.1-1)