The history implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to bypass the Same Origin Policy and read arbitrary files via a crafted web site.
http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html
http://lists.apple.com/archives/security-announce/2015/May/msg00000.html
http://lists.opensuse.org/opensuse-updates/2016-03/msg00054.html
http://lists.opensuse.org/opensuse-updates/2016-03/msg00132.html
http://support.apple.com/kb/HT204941
http://www.securityfocus.com/bid/74527
http://www.securitytracker.com/id/1032270
OR
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* versions up to 8.3 (inclusive)
OR
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:* versions up to 6.2.5 (inclusive)
cpe:2.3:a:apple:safari:7.0:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:7.0.2:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:7.0.3:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:7.0.4:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:7.0.5:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:7.0.6:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:7.1.0:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:7.1.1:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:7.1.2:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:7.1.3:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:7.1.4:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:7.1.5:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:8.0.0:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:8.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:8.0.2:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:8.0.3:*:*:*:*:*:*:*
ID | Name | Product | Family | Severity |
---|---|---|---|---|
90283 | Fedora 22 : webkitgtk-2.4.10-1.fc22 (2016-9ec1850fff) | Nessus | Fedora Local Security Checks | medium |
90259 | openSUSE Security Update : webkitgtk (openSUSE-2016-412) | Nessus | SuSE Local Security Checks | medium |
90232 | Fedora 24 : webkitgtk3-2.4.10-1.fc24 (2016-fde7ffcb77) | Nessus | Fedora Local Security Checks | medium |
90220 | Fedora 24 : webkitgtk-2.4.10-1.fc24 (2016-a4fcb02d6b) | Nessus | Fedora Local Security Checks | medium |
90104 | Fedora 23 : webkitgtk-2.4.10-1.fc23 (2016-5d6d75dbea) | Nessus | Fedora Local Security Checks | medium |
90094 | Ubuntu 14.04 LTS / 15.10 : webkitgtk vulnerabilities (USN-2937-1) | Nessus | Ubuntu Local Security Checks | medium |
90035 | Fedora 23 : webkitgtk3-2.4.10-1.fc23 (2016-1a7f7ffb58) | Nessus | Fedora Local Security Checks | medium |
89950 | openSUSE Security Update : webkit2gtk3 (openSUSE-2016-340) | Nessus | SuSE Local Security Checks | medium |
8977 | Apple iOS < 8.4 Multiple Vulnerabilities | Nessus Network Monitor | Mobile Devices | high |
8870 | Safari < 6.2.6 / 7.1.6 / 8.0.6 Multiple Vulnerabilities | Nessus Network Monitor | Web Clients | high |
84490 | Apple iOS < 8.4 Multiple Vulnerabilities (Logjam) | Nessus | Mobile Devices | high |
83291 | Mac OS X : Apple Safari < 6.2.6 / 7.1.6 / 8.0.6 Multiple Vulnerabilities | Nessus | MacOS X Local Security Checks | medium |