CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
EPSS
Percentile
70.8%
WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before
8.0.8, as used in iOS before 8.4.1 and other products, does not properly
perform taint checking for CANVAS elements, which allows remote attackers
to bypass the Same Origin Policy and obtain sensitive image data by
leveraging a redirect to a data:image resource.
Author | Note |
---|---|
jdstrand | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 |
lists.apple.com/archives/security-announce/2015/Aug/msg00000.html
lists.apple.com/archives/security-announce/2015/Aug/msg00002.html
launchpad.net/bugs/cve/CVE-2015-3753
nvd.nist.gov/vuln/detail/CVE-2015-3753
security-tracker.debian.org/tracker/CVE-2015-3753
support.apple.com/kb/HT205030
support.apple.com/kb/HT205033
www.cve.org/CVERecord?id=CVE-2015-3753