WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles attachment URLs, which makes it easier for remote web servers to track users via unspecified vectors.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Safari | Apple | * | 9.0.3 (including) |
| Iphone_os | Apple | * | 9.2.1 (including) |
| Qtwebkit-opensource-src | Ubuntu | devel | * |
| Qtwebkit-opensource-src | Ubuntu | esm-infra/xenial | * |
| Qtwebkit-opensource-src | Ubuntu | trusty | * |
| Qtwebkit-opensource-src | Ubuntu | wily | * |
| Qtwebkit-opensource-src | Ubuntu | xenial | * |
| Qtwebkit-opensource-src | Ubuntu | yakkety | * |
| Qtwebkit-source | Ubuntu | devel | * |
| Qtwebkit-source | Ubuntu | esm-apps/xenial | * |
| Qtwebkit-source | Ubuntu | precise | * |
| Qtwebkit-source | Ubuntu | trusty | * |
| Qtwebkit-source | Ubuntu | wily | * |
| Qtwebkit-source | Ubuntu | xenial | * |
| Qtwebkit-source | Ubuntu | yakkety | * |
| Webkit | Ubuntu | precise | * |
| Webkit2gtk | Ubuntu | upstream | * |
| Webkit2gtk | Ubuntu | wily | * |
| Webkitgtk | Ubuntu | devel | * |
| Webkitgtk | Ubuntu | esm-apps/xenial | * |
| Webkitgtk | Ubuntu | trusty | * |
| Webkitgtk | Ubuntu | wily | * |
| Webkitgtk | Ubuntu | xenial | * |
| Webkitgtk | Ubuntu | yakkety | * |
References
- http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html
- http://lists.apple.com/archives/security-announce/2015/Dec/msg00003.html
- http://www.securityfocus.com/archive/1/537948/100/0/threaded
- http://www.securitytracker.com/id/1035353
- https://support.apple.com/HT205635
- https://support.apple.com/HT205639
- http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html
- http://lists.apple.com/archives/security-announce/2015/Dec/msg00003.html
- http://www.securityfocus.com/archive/1/537948/100/0/threaded
- http://www.securitytracker.com/id/1035353
- https://support.apple.com/HT205635
- https://support.apple.com/HT205639