CVE-2017-2378

Metadata

medium
6.8
webkit, webkitgtk, webkit2gtk, qtwebkit-source, qtwebkit-opensource-src
CVE-2017-2378
cve.mitre.org, support.apple.com, support.apple.com
2017-04-01
2017-10-23 14:17
2017-07-20 21:30
2017-06-16 19:21
2017-05-10 23:47
2017-04-14 10:21
2017-04-10 19:05
2017-04-06 22:03

Description

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves bookmark creation in the "WebKit" component. It allows remote attackers to execute arbitrary code or spoof a bookmark by leveraging mishandling of links during drag-and-drop actions.

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

None

Unaffected

Release Package Reason
precise webkit ignored
webkitgtk DNE
webkit2gtk DNE
qtwebkit-source ignored
qtwebkit-opensource-src DNE
precise/esm webkit DNE
webkitgtk DNE
webkit2gtk DNE
qtwebkit-source DNE
qtwebkit-opensource-src DNE
trusty webkit DNE
webkit2gtk DNE
vivid/ubuntu-core webkit DNE
webkitgtk DNE
webkit2gtk DNE
qtwebkit-source DNE
qtwebkit-opensource-src DNE
vivid/stable-phone-overlay webkit DNE
webkitgtk DNE
webkit2gtk DNE
qtwebkit-source DNE
qtwebkit-opensource-src DNE
xenial webkit DNE
webkit2gtk not-affected
yakkety webkit DNE
webkitgtk ignored
webkit2gtk not-affected
qtwebkit-source ignored
qtwebkit-opensource-src ignored
zesty webkit DNE
webkit2gtk not-affected
artful webkit DNE
webkit2gtk not-affected
devel webkit DNE
webkit2gtk not-affected
upstream webkit2gtk not-affected

Needs Triage

Release Package Reason
upstream webkit needs-triage
webkitgtk needs-triage
qtwebkit-source needs-triage
qtwebkit-opensource-src needs-triage
trusty webkitgtk needs-triage
qtwebkit-source needs-triage
qtwebkit-opensource-src needs-triage
xenial webkitgtk needs-triage
qtwebkit-source needs-triage
qtwebkit-opensource-src needs-triage
zesty webkitgtk needs-triage
qtwebkit-source needs-triage
qtwebkit-opensource-src needs-triage
artful webkitgtk needs-triage
qtwebkit-source needs-triage
qtwebkit-opensource-src needs-triage
devel webkitgtk needs-triage
qtwebkit-source needs-triage
qtwebkit-opensource-src needs-triage