SB2017022021 - Spoofing attack in webkit2gtk (Alpine package)
Published: February 20, 2017
Security Bulletin ID
SB2017022021
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Spoofing attack (CVE-ID: CVE-2016-4590)
The vulnerability allows a remote attacker to cause a spoofing attacks.The vulnerability exists due to a flaw in the parsing of 'about:' URL. A remote unauthenticated attacker can create a specially crafted web site to exploit this vulnerability and spoof user interface elements.
Successful exploitation of this vulnerability may result in disclosure of user information.
Remediation
Install update from vendor's website.