CVE-2019-8670: Input Validation

Q: What is the vulnerability ID for this issue?

The vulnerability ID for this issue is CVE-2019-8670.

Q: What is the severity of CVE-2019-8670?

The severity of CVE-2019-8670 is medium with a CVSS score of 4.3.

Q: Which software versions are affected by CVE-2019-8670?

CVE-2019-8670 affects macOS Mojave 10.14.6 and Safari 12.1.2.

Q: How can this vulnerability be fixed?

To fix CVE-2019-8670, update to macOS Mojave 10.14.6 or Safari 12.1.2.

Q: What is the issue addressed by CVE-2019-8670?

CVE-2019-8670 addressed an inconsistent user interface issue with improved state management in Safari.

Published Jul 22, 2019

Updated

Safari. An inconsistent user interface issue was addressed with improved state management.

Other sources

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.6, Safari 12.1.2. Visiting a malicious website may lead to address bar spoofing.

Credit

Tsubasa FUJII@@reinforchu

Affected Software

5 affected componentsFixes available

Apple macOS Mojave<10.14.6

10.14.6

Apple High Sierra

Apple Sierra

Apple Safari<12.1.2

Apple iOS and macOS<10.14.6

Event History

Dec 18, 2019

CVE Published

via MITRE·05:33 PM

Data Sourced

via MITRE·05:33 PM

DescriptionWeakness

Parent advisories

This vulnerability appears in the following advisories.

HT210348

Frequently Asked Questions

What is the vulnerability ID for this issue?

The vulnerability ID for this issue is CVE-2019-8670.

What is the severity of CVE-2019-8670?

The severity of CVE-2019-8670 is medium with a CVSS score of 4.3.

Which software versions are affected by CVE-2019-8670?

CVE-2019-8670 affects macOS Mojave 10.14.6 and Safari 12.1.2.

How can this vulnerability be fixed?