DSA-5684-1 webkit2gtk -- webkit2gtkID: oval:org.secpod.oval:def:613083 | Date: (C)2024-05-21 (M)2024-06-13 |
Class: PATCH | Family: unix |
The following vulnerabilities have been discovered in the WebKitGTK web engine: CVE-2023-42843 Kacper Kwapisz discovered that visiting a malicious website may lead to address bar spoofing. CVE-2023-42950 Nan Wang and Rushikesh Nandedkar discovered that processing maliciously crafted web content may lead to arbitrary code execution. CVE-2023-42956 SungKwon Lee discovered that processing web content may lead to a denial-of-service. CVE-2024-23252 anbu1024 discovered that processing web content may lead to a denial-of-service. CVE-2024-23254 James Lee discovered that a malicious website may exfiltrate audio data cross-origin. CVE-2024-23263 Johan Carlsson discovered that processing maliciously crafted web content may prevent Content Security Policy from being enforced. CVE-2024-23280 An anonymous researcher discovered that a maliciously crafted webpage may be able to fingerprint the user. CVE-2024-23284 Georg Felber and Marco Squarcina discovered that processing maliciously crafted web content may prevent Content Security Policy from being enforced.
Platform: |
Debian 12.x |
Debian 11.x |
Product: |
gir1.2-javascriptcoregtk-4.1 |
gir1.2-javascriptcoregtk-4.0 |
libwebkitgtk-6.0-4 |
gir1.2-webkit2-4.1 |
libjavascriptcoregtk-4.0-dev |
libjavascriptcoregtk-4.1-0 |
libwebkit2gtk-4.0-37 |
libwebkit2gtk-4.1-0 |
libwebkit2gtk-4.1-dev |
libjavascriptcoregtk-4.0-18 |
libwebkit2gtk-4.0-doc |
libjavascriptcoregtk-4.1-dev |
libjavascriptcoregtk-6.0-dev |
gir1.2-javascriptcoregtk-6.0 |
libjavascriptcoregtk-6.0-1 |
webkit2gtk-driver |
libjavascriptcoregtk-4.0-bin |
gir1.2-webkit2-4.0 |
libwebkit2gtk-4.0-dev |
gir1.2-webkit-6.0 |
libwebkitgtk-6.0-dev |