CVE-2015-5825

medium

Description

WebKit in Apple iOS before 9 does not properly restrict the availability of Performance API times, which allows remote attackers to obtain sensitive information about the browser history, mouse movement, or network traffic via crafted JavaScript code.

References

http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html

http://lists.apple.com/archives/security-announce/2015/Sep/msg00007.html

http://lists.opensuse.org/opensuse-updates/2016-03/msg00054.html

https://support.apple.com/HT205212

https://support.apple.com/HT205265

http://www.securitytracker.com/id/1033609

Details

Source: Mitre, NVD

Published: 2015-09-18

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N

Severity: Medium