The following vulnerabilities have been discovered in the WebKitGTK web engine:
CVE-2023-42843
Kacper Kwapisz discovered that visiting a malicious website may lead to address bar spoofing.
CVE-2023-42950
Nan Wang and Rushikesh Nandedkar discovered that processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2023-42956
SungKwon Lee discovered that processing web content may lead to a denial-of-service.
CVE-2024-23252
anbu1024 discovered that processing web content may lead to a denial-of-service.
CVE-2024-23254
James Lee discovered that a malicious website may exfiltrate audio data cross-origin.
CVE-2024-23263
Johan Carlsson discovered that processing maliciously crafted web content may prevent Content Security Policy from being enforced.
CVE-2024-23280
An anonymous researcher discovered that a maliciously crafted webpage may be able to fingerprint the user.
CVE-2024-23284
Georg Felber and Marco Squarcina discovered that processing maliciously crafted web content may prevent Content Security Policy from being enforced.
https://security-tracker.debian.org/tracker/DSA-5684-1
Continue reading...
CVE-2023-42843
Kacper Kwapisz discovered that visiting a malicious website may lead to address bar spoofing.
CVE-2023-42950
Nan Wang and Rushikesh Nandedkar discovered that processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2023-42956
SungKwon Lee discovered that processing web content may lead to a denial-of-service.
CVE-2024-23252
anbu1024 discovered that processing web content may lead to a denial-of-service.
CVE-2024-23254
James Lee discovered that a malicious website may exfiltrate audio data cross-origin.
CVE-2024-23263
Johan Carlsson discovered that processing maliciously crafted web content may prevent Content Security Policy from being enforced.
CVE-2024-23280
An anonymous researcher discovered that a maliciously crafted webpage may be able to fingerprint the user.
CVE-2024-23284
Georg Felber and Marco Squarcina discovered that processing maliciously crafted web content may prevent Content Security Policy from being enforced.
https://security-tracker.debian.org/tracker/DSA-5684-1
Continue reading...