First published: Mon Jan 14 2019(Updated: )
embed/ephy-web-view.c in GNOME Web (aka Epiphany) through 3.31.4 allows address bar spoofing because a page load triggered by JavaScript leads to updating an address as if it were triggered by a safer visit type (e.g., VISIT_LINK, VISIT_TYPED, VISIT_BOOKMARK, or VISIT_HOMEPAGE). Upstream issue: <a href="https://gitlab.gnome.org/GNOME/epiphany/issues/532">https://gitlab.gnome.org/GNOME/epiphany/issues/532</a>
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
GNOME Epiphany | <=3.31.4 | |
WebKitGTK WebKitGTK | <2.24.1 | |
Wpewebkit Wpe Webkit | <2.24.1 | |
Fedoraproject Fedora | =28 | |
Fedoraproject Fedora | =29 | |
Fedoraproject Fedora | =30 | |
Canonical Ubuntu Linux | =18.04 | |
Canonical Ubuntu Linux | =18.10 | |
openSUSE Leap | =15.0 | |
openSUSE Leap | =42.3 | |
redhat/webkitgtk | <2.24.1 | 2.24.1 |
debian/webkit2gtk | 2.44.2-1~deb11u1 2.46.4-1~deb11u1 2.46.0-2~deb12u1 2.46.4-1~deb12u1 2.46.4-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-6251 is a vulnerability in WebKitGTK and WPE WebKit that allows address bar spoofing upon certain JavaScript redirections.
CVE-2019-6251 could allow an attacker to display malicious web content as if it is from a trusted source, potentially leading to phishing attacks or the theft of sensitive information.
CVE-2019-6251 has a severity score of 8.1 out of 10, indicating a high level of risk.
Versions prior to 2.24.1 of WebKitGTK and WPE WebKit are vulnerable to CVE-2019-6251.
To fix CVE-2019-6251, update WebKitGTK and WPE WebKit to version 2.24.1 or later.