FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

webkit -- UI spoof

Affected packages
webkit-gtk2 < 2.4.9_1
webkit-gtk3 < 2.4.9_1

Details

VuXML ID 1091d2d1-cb2e-11e5-b14b-bcaec565249c
Discovery 2015-12-28
Entry 2016-02-04

webkit reports:

The ScrollView::paint function in platform/scroll/ScrollView.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to spoof the UI by extending scrollbar painting into the parent frame.

References

CVE Name CVE-2014-1748
URL http://webkitgtk.org/security/WSA-2015-0002.html