CVE-2016-4590: WebKit in Apple iOS before 9.3.3 and Safari before 9.1.2 mishandles about: URLs, which allows remote attackers to bypass the Same Origin Policy via a crafted…

CVE-2016-1854 WebKitGTK+ vulnerabilities Title: WebKitGTK+ vulnerabilities Summary: Several security issues were fixed in WebKitGTK+. A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Instructions: This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any applications that use WebKitGTK+, such as Epiphany, to make all the necessary changes.

CVE-2016-4590 [MEDIUM] CVE-2016-4590: iOS 9.3.3 Apple Security Update: About the security content of iOS 9.3.3 Product: iOS Version: 9.3.3 CVE: CVE-2016-4590 Component: WebKit Impact: Visiting a malicious website may lead to user interface spoofing Description: An origin inheritance issue existed in parsing of about: URLs. This was addressed through improved validation of security origins.

CVE-2016-4590 [MEDIUM] CVE-2016-4590: Safari 9.1.2 Apple Security Update: About the security content of Safari 9.1.2 Product: Safari Version: 9.1.2 CVE: CVE-2016-4590 Component: WebKit Impact: Visiting a malicious website may lead to user interface spoofing Description: An origin inheritance issue existed in parsing of about: URLs. This was addressed through improved validation of security origins.

CVE-2016-4590 [MEDIUM] CVE-2016-4590: webkit2gtk - WebKit in Apple iOS before 9.3.3 and Safari before 9.1.2 mishandles about: URLs,... WebKit in Apple iOS before 9.3.3 and Safari before 9.1.2 mishandles about: URLs, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. Scope: local bookworm: resolved (fixed in 2.12.4-1) bullseye: resolved (fixed in 2.12.4-1) forky: resolved (fixed in 2.12.4-1) sid: resolved (fixed in 2.12.4-1) trixie: resolved (fixed in 2.12.4-1)

CVE-2016-4590 [MEDIUM] CWE-20 GHSA-x7h9-4jcm-r6qh: WebKit in Apple iOS before 9 WebKit in Apple iOS before 9.3.3 and Safari before 9.1.2 mishandles about: URLs, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.

CVE-2016-4590 [MEDIUM] CVE-2016-4590: WebKit in Apple iOS before 9 WebKit in Apple iOS before 9.3.3 and Safari before 9.1.2 mishandles about: URLs, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.