Following vulnerability was discovered on the 2.4 stable series of WebKitGTK+: CVE-2014-1346 WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, does not properly interpret Unicode encoding, which allows remote attackers to spoof a postMessage origin, and bypass intended restrictions on sending a message to a connected frame or window, via crafted characters in a URL. External References: http://webkitgtk.org/security/WSA-2015-0001.html
Statement: Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.