CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
Percentile
71.9%
The page-loading implementation in WebKit, as used in Apple Safari before
6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, does not properly handle the
rel attribute in an A element, which allows remote attackers to bypass the
Same Origin Policy for a link’s target, and spoof the user interface, via a
crafted web site.
Author | Note |
---|---|
jdstrand | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 |