CVE-2019-6251

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2019-6251
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-6251.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2019-6251
Downstream
Related
Published
2019-01-14T08:29:00Z
Modified
2025-09-16T07:04:30.351271Z
Severity
  • 8.1 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N CVSS Calculator
Summary
[none]
Details

WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge.

References

Affected packages

Debian:11 / webkit2gtk

Package

Name
webkit2gtk
Purl
pkg:deb/debian/webkit2gtk?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.24.1-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / webkit2gtk

Package

Name
webkit2gtk
Purl
pkg:deb/debian/webkit2gtk?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.24.1-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / webkit2gtk

Package

Name
webkit2gtk
Purl
pkg:deb/debian/webkit2gtk?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.24.1-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:14 / webkit2gtk

Package

Name
webkit2gtk
Purl
pkg:deb/debian/webkit2gtk?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.24.1-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Git / gitlab.gnome.org/GNOME/epiphany

Affected ranges

Type
GIT
Repo
https://gitlab.gnome.org/GNOME/epiphany
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
90ff11dccc9ec8649bfff0b0f6798d51d3b2eaf1

Affected versions

Other

BEFORE_HARVES18
GNOME_2_10_ANCHOR
GNOME_2_12_BRANCHPOINT
GNOME_2_14_BRANCHPOINT
GNOME_2_16_BRANCHPOINT
GNOME_2_18_BRANCHPOINT
GTK_ENGINES_2_6_0
INITIAL
PRE_GNOME_2_14_BRANCHPOINT
RELEASE_2_14_0
RELEASE_2_15_1
RELEASE_2_15_2
RELEASE_2_15_3
RELEASE_2_15_4
RELEASE_2_15_92
RELEASE_2_16_0
RELEASE_2_17_2
RELEASE_2_17_3
RELEASE_2_17_4
RELEASE_2_17_5
RELEASE_2_17_90
RELEASE_2_17_91
RELEASE_2_17_92
RELEASE_2_18_0
RELEASE_2_19_2
RELEASE_2_19_5
RELEASE_2_19_6
RELEASE_2_19_90
RELEASE_2_21_4
RELEASE_2_21_5
RELEASE_2_21_90
RELEASE_2_21_92
RELEASE_2_22_0
RELEASE_2_22_1
RELEASE_2_22_1_1
RELEASE_2_22_2
RELEASE_2_22_3
RELEASE_2_23_90
RELEASE_2_24_0
RELEASE_2_24_0_1
RELEASE_2_5_91
Release070
Release072
Release073
Release081
Release082
Release083
Release090
Release091
Release092
Release110
Release111
Release1110
Release1111
Release1112
Release112
Release113
Release115
Release117
Release119
Release120
Release130
Release131
Release132
Release133
Release134
Release135
Release136
Release137
Release138
Release151
Release152
Release153
Release154
Release155
Release156
Release157
Release158
Release160
Release171
Release172
Release173
Release174
Release175
Release176
Release191
Release192
Release193
Release1931
Release194
Release195
Release1951
Release196
Release198
Release1999
WEBCORE_BRANCHPOINT
WEBKIT_BRANCHPOINT
XULRUNNER_BRANCHPOINT
gnome-2-8-branchpoint
help
pre-gnome-2-10-branchpoint

Database specific 

{
    "vanir_signatures": [
        {
            "signature_type": "Function",
            "deprecated": false,
            "signature_version": "v1",
            "digest": {
                "function_hash": "115471298233690573233237567317369582136",
                "length": 68.0
            },
            "id": "CVE-2019-6251-256dc243",
            "source": "https://gitlab.gnome.org/GNOME/epiphany@90ff11dccc9ec8649bfff0b0f6798d51d3b2eaf1",
            "target": {
                "file": "embed/mozilla/EphyBrowser.cpp",
                "function": "mInitialized"
            }
        },
        {
            "signature_type": "Function",
            "deprecated": false,
            "signature_version": "v1",
            "digest": {
                "function_hash": "280217498963693835361640773540379045260",
                "length": 285.0
            },
            "id": "CVE-2019-6251-4be9d6c4",
            "source": "https://gitlab.gnome.org/GNOME/epiphany@90ff11dccc9ec8649bfff0b0f6798d51d3b2eaf1",
            "target": {
                "file": "embed/mozilla/EphyBrowser.cpp",
                "function": "EphyBrowser::GetZoom"
            }
        },
        {
            "signature_type": "Line",
            "deprecated": false,
            "signature_version": "v1",
            "digest": {
                "line_hashes": [
                    "80880418477633107266816666995405977945",
                    "22026331254984029968852414808662658502",
                    "290489139693102052083707938951297572025",
                    "87599472823503325245203110047974051749"
                ],
                "threshold": 0.9
            },
            "id": "CVE-2019-6251-89786c4b",
            "source": "https://gitlab.gnome.org/GNOME/epiphany@90ff11dccc9ec8649bfff0b0f6798d51d3b2eaf1",
            "target": {
                "file": "embed/mozilla/EphyBrowser.h"
            }
        },
        {
            "signature_type": "Line",
            "deprecated": false,
            "signature_version": "v1",
            "digest": {
                "line_hashes": [
                    "112994298578260489384232297981810457079",
                    "113679691485130390442816717913391965602",
                    "317795134385166186332082367165067877476",
                    "321447526086893611645791588300872804206",
                    "254239933228547055354975029311757318929",
                    "257353090739890117173341275999375827526",
                    "142446095654114568526665159810781226508",
                    "290746114902061128982667762262158606549",
                    "329090681288389353922874237156328720966",
                    "75003349598807836398390348937204310041",
                    "12759740255472730088023363353834283962",
                    "253442426519084472750159057954832669890",
                    "187580687179852448667202569530663075263",
                    "155003032646736586305913927746258463146",
                    "68841807241347711650295396263331120029",
                    "300818058638566920214220994966172762599"
                ],
                "threshold": 0.9
            },
            "id": "CVE-2019-6251-a256029b",
            "source": "https://gitlab.gnome.org/GNOME/epiphany@90ff11dccc9ec8649bfff0b0f6798d51d3b2eaf1",
            "target": {
                "file": "embed/mozilla/EphyBrowser.cpp"
            }
        },
        {
            "signature_type": "Function",
            "deprecated": false,
            "signature_version": "v1",
            "digest": {
                "function_hash": "2085925539773229625148503975721002249",
                "length": 283.0
            },
            "id": "CVE-2019-6251-df7920d3",
            "source": "https://gitlab.gnome.org/GNOME/epiphany@90ff11dccc9ec8649bfff0b0f6798d51d3b2eaf1",
            "target": {
                "file": "embed/mozilla/EphyBrowser.cpp",
                "function": "EphyBrowser::SetZoom"
            }
        }
    ]
}