UBUNTU-CVE-2016-4585
- Source
- https://ubuntu.com/security/CVE-2016-4585
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2016/UBUNTU-CVE-2016-4585.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2016-4585
- Related
- Published
- 2016-07-21T00:00:00Z
- Modified
- 2025-01-13T10:21:14Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Cross-site scripting (XSS) vulnerability in the WebKit Page Loading implementation in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to inject arbitrary web script or HTML via an HTTP response specifying redirection that is mishandled by Safari.
- References
-
- https://ubuntu.com/security/CVE-2016-4585
- http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html
- http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html
- http://lists.apple.com/archives/security-announce/2016/Jul/msg00004.html
- https://support.apple.com/HT206900
- https://support.apple.com/HT206902
- https://support.apple.com/HT206905
- https://webkitgtk.org/security/WSA-2016-0005.html
- https://ubuntu.com/security/notices/USN-3079-1
- https://www.cve.org/CVERecord?id=CVE-2016-4585
Affected packages
Ubuntu:16.04:LTS / webkit2gtk
Package
- Name
- webkit2gtk
- Purl
- pkg:deb/ubuntu/webkit2gtk@2.12.5-0ubuntu0.16.04.1?arch=source&distro=xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.12.5-0ubuntu0.16.04.1
Affected versions
2.*
2.8.5+dfsg1-3
2.10.3+dfsg1-1
2.10.4+dfsg1-1
2.10.5-1
2.10.6-1
2.10.6-1ubuntu1
2.10.8-1ubuntu1
2.10.9-1ubuntu1
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "medium",
"binaries": [
{
"binary_version": "2.12.5-0ubuntu0.16.04.1",
"binary_name": "gir1.2-javascriptcoregtk-4.0"
},
{
"binary_version": "2.12.5-0ubuntu0.16.04.1",
"binary_name": "gir1.2-webkit2-4.0"
},
{
"binary_version": "2.12.5-0ubuntu0.16.04.1",
"binary_name": "libjavascriptcoregtk-4.0-18"
},
{
"binary_version": "2.12.5-0ubuntu0.16.04.1",
"binary_name": "libjavascriptcoregtk-4.0-18-dbgsym"
},
{
"binary_version": "2.12.5-0ubuntu0.16.04.1",
"binary_name": "libjavascriptcoregtk-4.0-bin"
},
{
"binary_version": "2.12.5-0ubuntu0.16.04.1",
"binary_name": "libjavascriptcoregtk-4.0-bin-dbgsym"
},
{
"binary_version": "2.12.5-0ubuntu0.16.04.1",
"binary_name": "libjavascriptcoregtk-4.0-dev"
},
{
"binary_version": "2.12.5-0ubuntu0.16.04.1",
"binary_name": "libwebkit2gtk-4.0-37"
},
{
"binary_version": "2.12.5-0ubuntu0.16.04.1",
"binary_name": "libwebkit2gtk-4.0-37-dbgsym"
},
{
"binary_version": "2.12.5-0ubuntu0.16.04.1",
"binary_name": "libwebkit2gtk-4.0-37-gtk2"
},
{
"binary_version": "2.12.5-0ubuntu0.16.04.1",
"binary_name": "libwebkit2gtk-4.0-37-gtk2-dbgsym"
},
{
"binary_version": "2.12.5-0ubuntu0.16.04.1",
"binary_name": "libwebkit2gtk-4.0-dev"
},
{
"binary_version": "2.12.5-0ubuntu0.16.04.1",
"binary_name": "libwebkit2gtk-4.0-doc"
}
]
}
Ubuntu:Pro:16.04:LTS / qtwebkit-opensource-src
Package
- Name
- qtwebkit-opensource-src
- Purl
- pkg:deb/ubuntu/qtwebkit-opensource-src@5.5.1+dfsg-2ubuntu1?arch=source&distro=esm-infra/xenial
Ubuntu:Pro:16.04:LTS / qtwebkit-source
Package
- Name
- qtwebkit-source
- Purl
- pkg:deb/ubuntu/qtwebkit-source@2.3.2-0ubuntu11?arch=source&distro=esm-apps/xenial