CVE-2019-8725: Medium severity safari vulnerability

Q: What is the vulnerability CVE-2019-8725?

CVE-2019-8725 is a vulnerability in Apple Safari that allows service workers to leak private browsing history.

Q: What is the severity of CVE-2019-8725?

The severity of CVE-2019-8725 is medium with a CVSS score of 5.3.

Q: How was CVE-2019-8725 fixed?

CVE-2019-8725 was fixed in Safari 13.0.1 by improving the handling of service worker lifetime.

Q: What software is affected by CVE-2019-8725?

Apple Safari versions up to and including 13.0.1 are affected by CVE-2019-8725.

Q: Where can I find more information about CVE-2019-8725?

You can find more information about CVE-2019-8725 on the Apple support website at https://support.apple.com/en-us/HT210605.

Published Sep 24, 2019

Updated

Service Workers. The issue was addressed with improved handling of service worker lifetime.

Other sources

The issue was addressed with improved handling of service worker lifetime. This issue is fixed in Safari 13.0.1. Service workers may leak private browsing history.

Credit

Michael Thwaite(Connect Medi)

Affected Software

2 affected componentsFixes available

Safari<13.0.1

13.0.1

Safari<13.0.1

Event History

Dec 18, 2019

CVE Published

via MITRE·05:33 PM

Data Sourced

via MITRE·05:33 PM

DescriptionWeakness

Parent advisories

This vulnerability appears in the following advisories.

HT210605

Peer vulnerabilities

Found alongside the following vulnerabilities.

Frequently Asked Questions

What is the vulnerability CVE-2019-8725?

CVE-2019-8725 is a vulnerability in Apple Safari that allows service workers to leak private browsing history.

What is the severity of CVE-2019-8725?