Candidate: CVE-2012-5851
PublicDate: 2012-11-15 11:58:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5851
 https://bugs.webkit.org/show_bug.cgi?id=92692
 http://blog.opensecurityresearch.com/2012/09/simple-cross-site-scripting-vector-that.html
Description:
 html/parser/XSSAuditor.cpp in WebCore in WebKit, as used in Google Chrome
 through 22 and Safari 5.1.7, does not consider all possible output contexts
 of reflected data, which makes it easier for remote attackers to bypass a
 cross-site scripting (XSS) protection mechanism via a crafted string, aka
 rdar problem 12019108.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_webkit:
upstream_webkit: needs-triage
hardy_webkit: ignored (reached end-of-life)
lucid_webkit: ignored (reached end-of-life)
oneiric_webkit: ignored (reached end-of-life)
precise_webkit: ignored (no update available)
quantal_webkit: ignored (reached end-of-life)
raring_webkit: ignored (reached end-of-life)
saucy_webkit: ignored (reached end-of-life)
trusty_webkit: DNE
trusty/esm_webkit: DNE
utopic_webkit: DNE
vivid_webkit: DNE
vivid/stable-phone-overlay_webkit: DNE
vivid/ubuntu-core_webkit: DNE
wily_webkit: DNE
xenial_webkit: DNE
yakkety_webkit: DNE
devel_webkit: DNE

Patches_webkitgtk:
upstream_webkitgtk: needs-triage
lucid_webkitgtk: DNE
precise_webkitgtk: DNE
quantal_webkitgtk: DNE
saucy_webkitgtk: DNE
trusty_webkitgtk: not-affected (2.4.8-1ubuntu1~ubuntu14.04.1)
trusty/esm_webkitgtk: DNE (trusty was not-affected [2.4.8-1ubuntu1~ubuntu14.04.1])
utopic_webkitgtk: ignored (reached end-of-life)
vivid_webkitgtk: ignored (reached end-of-life)
vivid/stable-phone-overlay_webkitgtk: DNE
vivid/ubuntu-core_webkitgtk: DNE
wily_webkitgtk: not-affected (2.4.9-2ubuntu2)
xenial_webkitgtk: not-affected (2.4.9-2ubuntu2)
yakkety_webkitgtk: not-affected (2.4.9-2ubuntu2)
devel_webkitgtk: not-affected (2.4.9-2ubuntu2)


Patches_qtwebkit-source:
upstream_qtwebkit-source: needs-triage
hardy_qtwebkit-source: DNE
lucid_qtwebkit-source: DNE
oneiric_qtwebkit-source: ignored (reached end-of-life)
precise_qtwebkit-source: ignored (no update available)
quantal_qtwebkit-source: ignored (reached end-of-life)
raring_qtwebkit-source: ignored (reached end-of-life)
saucy_qtwebkit-source: ignored (reached end-of-life)
trusty_qtwebkit-source: ignored (no update available)
trusty/esm_qtwebkit-source: DNE (trusty was ignored [no update available])
utopic_qtwebkit-source: ignored (reached end-of-life)
vivid_qtwebkit-source: ignored (reached end-of-life)
vivid/stable-phone-overlay_qtwebkit-source: DNE
vivid/ubuntu-core_qtwebkit-source: DNE
wily_qtwebkit-source: ignored (reached end-of-life)
xenial_qtwebkit-source: ignored (no update available)
yakkety_qtwebkit-source: ignored (no update available)
devel_qtwebkit-source: ignored (no update available)