4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.004 Low
EPSS
Percentile
74.5%
WebKit in Apple iOS before 9 does not properly restrict the availability of
Performance API times, which allows remote attackers to obtain sensitive
information about the browser history, mouse movement, or network traffic
via crafted JavaScript code.
Author | Note |
---|---|
jdstrand | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 |