Vulnerability CVE-2015-1120: Information

Description

WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4.

Severity: MEDIUM (6.8)

URL: https://nvd.nist.gov/vuln/detail/CVE-2015-1120

Published: April 10, 2015

Modified: March 8, 2019

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
libwebkitgtk2	p10	2.4.11-alt1	2.4.11-alt13	ALT-PU-2016-1315-1	162826	Fixed
libwebkitgtk2	p9	2.4.11-alt1	2.4.11-alt10	ALT-PU-2016-1315-1	162826	Fixed
libwebkitgtk2	c10f1	2.4.11-alt1	2.4.11-alt13	ALT-PU-2016-1315-1	162826	Fixed
libwebkitgtk2	c9f2	2.4.11-alt1	2.4.11-alt10	ALT-PU-2016-1315-1	162826	Fixed
libwebkitgtk3	p10	2.4.10-alt1	2.4.11-alt12	ALT-PU-2016-1245-1	161352	Fixed
libwebkitgtk3	p9	2.4.10-alt1	2.4.11-alt9.1.p9	ALT-PU-2016-1245-1	161352	Fixed
libwebkitgtk3	c10f1	2.4.10-alt1	2.4.11-alt12	ALT-PU-2016-1245-1	161352	Fixed
libwebkitgtk3	c9f2	2.4.10-alt1	2.4.11-alt9.1.p9	ALT-PU-2016-1245-1	161352	Fixed

References to Advisories, Solutions, and Tools

Hyperlink	Resource
https://support.apple.com/HT204658	Vendor Advisory
APPLE-SA-2015-04-08-1	Vendor Advisory
https://support.apple.com/HT204662	Vendor Advisory
APPLE-SA-2015-04-08-3	Vendor Advisory
APPLE-SA-2015-04-08-4	Vendor Advisory
https://support.apple.com/HT204661	Vendor Advisory
1032047
APPLE-SA-2015-06-30-6
https://support.apple.com/kb/HT204949
73972
openSUSE-SU-2016:0915
USN-2937-1

Affected configurations:
1. Configuration 1
  cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*
  End including
  12.1
  
  Configuration 2
  cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
  End including
  8.2
  
  Configuration 3
  cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
  End including
  7.1
  
  Configuration 4
  cpe:2.3:a:apple:safari:7.0.1:*:*:*:*:*:*:*
  cpe:2.3:a:apple:safari:8.0.2:*:*:*:*:*:*:*
  cpe:2.3:a:apple:safari:8.0.1:*:*:*:*:*:*:*
  cpe:2.3:a:apple:safari:7.0.3:*:*:*:*:*:*:*
  cpe:2.3:a:apple:safari:7.0.4:*:*:*:*:*:*:*
  cpe:2.3:a:apple:safari:7.1.0:*:*:*:*:*:*:*
  cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
  End including
  6.2.4
  cpe:2.3:a:apple:safari:8.0.0:*:*:*:*:*:*:*
  cpe:2.3:a:apple:safari:7.0.5:*:*:*:*:*:*:*
  cpe:2.3:a:apple:safari:7.0.6:*:*:*:*:*:*:*
  cpe:2.3:a:apple:safari:7.1.3:*:*:*:*:*:*:*
  cpe:2.3:a:apple:safari:7.1.1:*:*:*:*:*:*:*
  cpe:2.3:a:apple:safari:7.0:*:*:*:*:*:*:*
  cpe:2.3:a:apple:safari:7.1.4:*:*:*:*:*:*:*
  cpe:2.3:a:apple:safari:8.0.3:*:*:*:*:*:*:*
  cpe:2.3:a:apple:safari:8.0.4:*:*:*:*:*:*:*
  cpe:2.3:a:apple:safari:7.1.2:*:*:*:*:*:*:*
  cpe:2.3:a:apple:safari:7.0.2:*:*:*:*:*:*:*

Version: v24.5.0

Vulnerability CVE-2015-1120: Information

Description

Fixed packages

References to Advisories, Solutions, and Tools

Configuration 1

Configuration 2

Configuration 3

Configuration 4