UBUNTU-CVE-2015-3753
- Source
- https://ubuntu.com/security/CVE-2015-3753
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2015/UBUNTU-CVE-2015-3753.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2015-3753
- Upstream
- Published
- 2015-08-16T23:59:00Z
- Modified
- 2026-04-22T10:09:29.907497Z
- Severity
-
- Ubuntu - medium
- Summary
- [none]
- Details
-
WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly perform taint checking for CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive image data by leveraging a redirect to a data:image resource.
- References
-
- https://ubuntu.com/security/CVE-2015-3753
- https://support.apple.com/kb/HT205033
- https://support.apple.com/kb/HT205030
- http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html
- http://lists.apple.com/archives/security-announce/2015/Aug/msg00000.html
- https://www.cve.org/CVERecord?id=CVE-2015-3753
Affected packages
Ubuntu:16.04:LTS / qtwebkit-opensource-src
Package
- Name
- qtwebkit-opensource-src
- Purl
- pkg:deb/ubuntu/qtwebkit-opensource-src@5.5.1+dfsg-2ubuntu1?arch=source&distro=xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_version": "5.5.1+dfsg-2ubuntu1",
"binary_name": "libqt5webkit5"
},
{
"binary_version": "5.5.1+dfsg-2ubuntu1",
"binary_name": "libqt5webkit5-qmlwebkitplugin"
},
{
"binary_version": "5.5.1+dfsg-2ubuntu1",
"binary_name": "qml-module-qtwebkit"
},
{
"binary_version": "5.5.1+dfsg-2ubuntu1",
"binary_name": "qtwebkit5-doc-html"
}
]
}
Ubuntu:16.04:LTS / qtwebkit-source
Package
- Name
- qtwebkit-source
- Purl
- pkg:deb/ubuntu/qtwebkit-source@2.3.2-0ubuntu11?arch=source&distro=xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:16.04:LTS / webkitgtk
Package
- Name
- webkitgtk
- Purl
- pkg:deb/ubuntu/webkitgtk@2.4.11-0ubuntu0.1?arch=source&distro=xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_version": "2.4.11-0ubuntu0.1",
"binary_name": "gir1.2-javascriptcoregtk-3.0"
},
{
"binary_version": "2.4.11-0ubuntu0.1",
"binary_name": "gir1.2-webkit-3.0"
},
{
"binary_version": "2.4.11-0ubuntu0.1",
"binary_name": "gir1.2-webkit2-3.0"
},
{
"binary_version": "2.4.11-0ubuntu0.1",
"binary_name": "libjavascriptcoregtk-1.0-0"
},
{
"binary_version": "2.4.11-0ubuntu0.1",
"binary_name": "libjavascriptcoregtk-3.0-0"
},
{
"binary_version": "2.4.11-0ubuntu0.1",
"binary_name": "libjavascriptcoregtk-3.0-bin"
},
{
"binary_version": "2.4.11-0ubuntu0.1",
"binary_name": "libwebkit2gtk-3.0-25"
},
{
"binary_version": "2.4.11-0ubuntu0.1",
"binary_name": "libwebkitgtk-1.0-0"
},
{
"binary_version": "2.4.11-0ubuntu0.1",
"binary_name": "libwebkitgtk-1.0-common"
},
{
"binary_version": "2.4.11-0ubuntu0.1",
"binary_name": "libwebkitgtk-3.0-0"
},
{
"binary_version": "2.4.11-0ubuntu0.1",
"binary_name": "libwebkitgtk-3.0-common"
}
]
}