Following vulnerability was discovered on the 2.4 stable series of WebKitGTK+: CVE-2014-1297 WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, does not properly validate WebProcess IPC messages, which allows remote attackers to bypass a sandbox protection mechanism and read arbitrary files by leveraging WebProcess access. External References: http://webkitgtk.org/security/WSA-2015-0001.html
Created webkitgtk4 tracking bugs for this issue: Affects: fedora-all [bug 1186276]
Created webkitgtk3 tracking bugs for this issue: Affects: fedora-all [bug 1181092]
Statement: Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.