SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

Download | Alert*

OVAL

DSA-4558-1 webkit2gtk -- webkit2gtk

ID: oval:org.secpod.oval:def:604584	Date: (C)2020-10-29 (M)2024-04-29
Class: PATCH	Family: unix

Several vulnerabilities have been discovered in the libwebkit2gtk-4.0-dev web engine: CVE-2019-8625 Sergei Glazunov discovered that maliciously crafted web content may lead to universal cross site scripting. CVE-2019-8720 Wen Xu discovered that maliciously crafted web content may lead to arbitrary code execution. CVE-2019-8769 Pierre Reimertz discovered that visiting a maliciously crafted website may reveal browsing history. CVE-2019-8771 Eliya Stein discovered that maliciously crafted web content may violate iframe sandboxing policy.

Platform:

Debian 10.x

Product:

libwebkit2gtk-4.0-doc

gir1.2-javascriptcoregtk-4.0

libwebkit2gtk-4.0-dev

libjavascriptcoregtk-4.0-bin

gir1.2-webkit2-4.0

libjavascriptcoregtk-4.0-dev

libwebkit2gtk-4.0-37

webkit2gtk-driver

libjavascriptcoregtk-4.0-18