{"id":"CVE-2019-6251","details":"WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge.","modified":"2026-01-31T03:43:49.208547Z","published":"2019-01-14T08:29:00.223Z","related":["SUSE-SU-2019:1137-1","SUSE-SU-2019:1155-1","openSUSE-SU-2019:1374-1","openSUSE-SU-2024:11506-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HSCDI3635E37GL4BNJDRDT2KEUBDLGSO/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LACVFU4MYYRPJ3IEA4UCN5KUEAGCCJ72/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNPI3R6QWDJBA5KNGA6QSMKYLY5RRHBZ/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UO3DIA54X7FOUWFZW5YXC2MZ6KNHG6SW/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YO5ZBUWOOXMVZPBYLZRDZF6ZQGBYJERQ/"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00025.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00031.html"},{"type":"ADVISORY","url":"http://packetstormsecurity.com/files/152485/WebKitGTK-WPE-WebKit-URI-Spoofing-Code-Execution.html"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2019/04/11/1"},{"type":"ADVISORY","url":"https://bugs.webkit.org/show_bug.cgi?id=194208"},{"type":"ADVISORY","url":"https://gitlab.gnome.org/GNOME/epiphany/issues/532"},{"type":"ADVISORY","url":"https://seclists.org/bugtraq/2019/Apr/21"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201909-05"},{"type":"ADVISORY","url":"https://trac.webkit.org/changeset/243434"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3948-1/"},{"type":"REPORT","url":"https://bugs.webkit.org/show_bug.cgi?id=194208"},{"type":"FIX","url":"https://gitlab.gnome.org/GNOME/epiphany/issues/532"},{"type":"FIX","url":"https://trac.webkit.org/changeset/243434"},{"type":"ARTICLE","url":"http://www.openwall.com/lists/oss-security/2019/04/11/1"},{"type":"ARTICLE","url":"https://seclists.org/bugtraq/2019/Apr/21"},{"type":"EVIDENCE","url":"https://gitlab.gnome.org/GNOME/epiphany/issues/532"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://gitlab.gnome.org/GNOME/epiphany","events":[{"introduced":"0"},{"fixed":"90ff11dccc9ec8649bfff0b0f6798d51d3b2eaf1"}]}],"versions":["BEFORE_HARVES18","GNOME_2_10_ANCHOR","GNOME_2_12_BRANCHPOINT","GNOME_2_14_BRANCHPOINT","GNOME_2_16_BRANCHPOINT","GNOME_2_18_BRANCHPOINT","GTK_ENGINES_2_6_0","INITIAL","PRE_GNOME_2_14_BRANCHPOINT","RELEASE_2_14_0","RELEASE_2_15_1","RELEASE_2_15_2","RELEASE_2_15_3","RELEASE_2_15_4","RELEASE_2_15_92","RELEASE_2_16_0","RELEASE_2_17_2","RELEASE_2_17_3","RELEASE_2_17_4","RELEASE_2_17_5","RELEASE_2_17_90","RELEASE_2_17_91","RELEASE_2_17_92","RELEASE_2_18_0","RELEASE_2_19_2","RELEASE_2_19_5","RELEASE_2_19_6","RELEASE_2_19_90","RELEASE_2_21_4","RELEASE_2_21_5","RELEASE_2_21_90","RELEASE_2_21_92","RELEASE_2_22_0","RELEASE_2_22_1","RELEASE_2_22_1_1","RELEASE_2_22_2","RELEASE_2_22_3","RELEASE_2_23_90","RELEASE_2_24_0","RELEASE_2_24_0_1","RELEASE_2_5_91","Release070","Release072","Release073","Release081","Release082","Release083","Release090","Release091","Release092","Release110","Release111","Release1110","Release1111","Release1112","Release112","Release113","Release115","Release117","Release119","Release120","Release130","Release131","Release132","Release133","Release134","Release135","Release136","Release137","Release138","Release151","Release152","Release153","Release154","Release155","Release156","Release157","Release158","Release160","Release171","Release172","Release173","Release174","Release175","Release176","Release191","Release192","Release193","Release1931","Release194","Release195","Release1951","Release196","Release198","Release1999","WEBCORE_BRANCHPOINT","WEBKIT_BRANCHPOINT","XULRUNNER_BRANCHPOINT","gnome-2-8-branchpoint","help","pre-gnome-2-10-branchpoint"],"database_specific":{"vanir_signatures":[{"signature_version":"v1","target":{"function":"mInitialized","file":"embed/mozilla/EphyBrowser.cpp"},"signature_type":"Function","id":"CVE-2019-6251-256dc243","digest":{"length":68,"function_hash":"115471298233690573233237567317369582136"},"source":"https://gitlab.gnome.org/GNOME/epiphany@90ff11dccc9ec8649bfff0b0f6798d51d3b2eaf1","deprecated":false},{"signature_version":"v1","target":{"function":"EphyBrowser::GetZoom","file":"embed/mozilla/EphyBrowser.cpp"},"signature_type":"Function","id":"CVE-2019-6251-4be9d6c4","digest":{"length":285,"function_hash":"280217498963693835361640773540379045260"},"source":"https://gitlab.gnome.org/GNOME/epiphany@90ff11dccc9ec8649bfff0b0f6798d51d3b2eaf1","deprecated":false},{"signature_version":"v1","target":{"file":"embed/mozilla/EphyBrowser.h"},"signature_type":"Line","id":"CVE-2019-6251-89786c4b","digest":{"line_hashes":["80880418477633107266816666995405977945","22026331254984029968852414808662658502","290489139693102052083707938951297572025","87599472823503325245203110047974051749"],"threshold":0.9},"source":"https://gitlab.gnome.org/GNOME/epiphany@90ff11dccc9ec8649bfff0b0f6798d51d3b2eaf1","deprecated":false},{"signature_version":"v1","target":{"file":"embed/mozilla/EphyBrowser.cpp"},"signature_type":"Line","id":"CVE-2019-6251-a256029b","digest":{"line_hashes":["112994298578260489384232297981810457079","113679691485130390442816717913391965602","317795134385166186332082367165067877476","321447526086893611645791588300872804206","254239933228547055354975029311757318929","257353090739890117173341275999375827526","142446095654114568526665159810781226508","290746114902061128982667762262158606549","329090681288389353922874237156328720966","75003349598807836398390348937204310041","12759740255472730088023363353834283962","253442426519084472750159057954832669890","187580687179852448667202569530663075263","155003032646736586305913927746258463146","68841807241347711650295396263331120029","300818058638566920214220994966172762599"],"threshold":0.9},"source":"https://gitlab.gnome.org/GNOME/epiphany@90ff11dccc9ec8649bfff0b0f6798d51d3b2eaf1","deprecated":false},{"signature_version":"v1","target":{"function":"EphyBrowser::SetZoom","file":"embed/mozilla/EphyBrowser.cpp"},"signature_type":"Function","id":"CVE-2019-6251-df7920d3","digest":{"length":283,"function_hash":"2085925539773229625148503975721002249"},"source":"https://gitlab.gnome.org/GNOME/epiphany@90ff11dccc9ec8649bfff0b0f6798d51d3b2eaf1","deprecated":false}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-6251.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"}]}