Vulnerability CVE-2015-5788: Information

Description

The WebKit Canvas implementation in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain sensitive image information via vectors involving a CANVAS element.

Severity: MEDIUM (4.3)

URL: https://nvd.nist.gov/vuln/detail/CVE-2015-5788
Published: Sept. 18, 2015
Modified: Dec. 22, 2016
Error type identifier: CWE-200

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
libwebkitgtk2p102.4.11-alt12.4.11-alt13ALT-PU-2016-1315-1162826Fixed
libwebkitgtk2p92.4.11-alt12.4.11-alt10ALT-PU-2016-1315-1162826Fixed
libwebkitgtk2c10f12.4.11-alt12.4.11-alt13ALT-PU-2016-1315-1162826Fixed
libwebkitgtk2c9f22.4.11-alt12.4.11-alt10ALT-PU-2016-1315-1162826Fixed
libwebkitgtk3p102.4.10-alt12.4.11-alt12ALT-PU-2016-1245-1161352Fixed
libwebkitgtk3p92.4.10-alt12.4.11-alt9.1.p9ALT-PU-2016-1245-1161352Fixed
libwebkitgtk3c10f12.4.10-alt12.4.11-alt12ALT-PU-2016-1245-1161352Fixed
libwebkitgtk3c9f22.4.10-alt12.4.11-alt9.1.p9ALT-PU-2016-1245-1161352Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
APPLE-SA-2015-09-16-1
  • Vendor Advisory
https://support.apple.com/HT205212
  • Vendor Advisory
APPLE-SA-2015-09-30-2
  • Vendor Advisory
https://support.apple.com/HT205265
  • Vendor Advisory
76766
    openSUSE-SU-2016:0915
      USN-2937-1
        1033609

            1. Configuration 1

              cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
              End including
              8.4.1

              Configuration 2

              cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
              End including
              8.0.8
          VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
          Version: v24.5.0
          Back to top