WebKitGTK and WPE WebKit Address Bar Spoofing Vulnerability
CVE-2019-6251

8.1HIGH

Key Information:

Vendor
Gnome
Status
Epiphany
Vendor
CVE Published:
14 January 2019

Summary

WebKitGTK and WPE WebKit versions prior to 2.24.1 possess a vulnerability that allows attackers to exploit JavaScript redirections, leading to address bar spoofing. This can result in malicious content being rendered under the guise of a trusted URI. This vulnerability is analogous to previously reported issues affecting other browsers, illustrating a significant risk for users interacting with potentially deceptive web pages.

References

https://gitlab.gnome.org/GNOME/epiphany/issues/532
x_refsource_MISC
https://seclists.org/bugtraq/2019/Apr/21
mailing-listx_refsource_BUGTRAQ
http://www.openwall.com/lists/oss-security/2019/04/11/1
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.