FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

webkit -- UI spoof

Affected packages
webkit-gtk2 < 2.4.9_1
webkit-gtk3 < 2.4.9_1


VuXML ID 1091d2d1-cb2e-11e5-b14b-bcaec565249c
Discovery 2015-12-28
Entry 2016-02-04

webkit reports:

The ScrollView::paint function in platform/scroll/ScrollView.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to spoof the UI by extending scrollbar painting into the parent frame.


CVE Name CVE-2014-1748