CVE-2017-2378

NameCVE-2017-2378
DescriptionAn issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves bookmark creation in the "WebKit" component. It allows remote attackers to execute arbitrary code or spoof a bookmark by leveraging mishandling of links during drag-and-drop actions.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium (attack range: remote)

Notes

NOT-FOR-US: Webkit / if anything of this affects Chromium/webkitgtk, the Chrome sec team will know and fix

Search for package or bug name: Reporting problems