95 matches found
DSA-5155-1 wpewebkit - security update
Bulletin has no description...
OPENSUSE-SU-2022:0705-1 Security update for webkit2gtk3
This update for webkit2gtk3 fixes the following issues: Update to version 2.34.6 bsc1196133: - CVE-2022-22620: Processing maliciously crafted web content may have lead to arbitrary code execution. Update to version 2.34.5 bsc1195735: - CVE-2022-22589: A validation issue was addressed with improve...
WebKit JSC - 'JSArray::shiftCountWithArrayStorage' Out-of-Bounds Read/Write
/ bool JSArray::shiftCountWithArrayStorageVM& vm, unsigned startIndex, unsigned count, ArrayStorage storage unsigned oldLength = storage-length; RELEASEASSERTcount hasHoles && this-structurevm-holesMustForwardToPrototypevm, this || hasSparseMap || shouldUseSlowPutindexingType return false; if...
CVE-2018-4207
In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks...
CVE-2017-1000121
The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, does not properly validate message size metadata, allowing a compromised secondary process to trigger an integer overflow and subsequent buffer overflow in the UI process. This vulnerability does not affect Apple products...
CVE-2017-7095
An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to...
WebKit: Use-after-free in JSC::B3::Procedure::resetReachability(CVE-2017-2470)
Note: It seems it doesn't crash the JSC compiled without Address Sanitizer. PoC: function for var i = 0; i 1000000; ++i const v = Array & 1 ? v : 1; typeof o = 'object'; ; Asan Log: ==32191==ERROR: AddressSanitizer: heap-use-after-free on address 0x607000099738 at pc 0x000106c7af16 bp...
CVE-2017-2454
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and...
Apple iOS Safari WebKit Security Bypass Vulnerability
Apple iOS is the latest operating system that runs on Apple's iPhone and iPod touch devices. A security vulnerability exists in WebKit in Apple Safari used in Apple iOS, which can be exploited by attackers to perform man-in-the-middle attacks and obtain sensitive information through sniffing the...
WebKit / Appl Safari / Google Chrome security vulnerabilities
Race conditions, use-after-free...
CVE-2011-1344
Use-after-free vulnerability in WebKit, as used in Apple Safari before 5.0.5; iOS before 4.3.2 for iPhone, iPod, and iPad; iOS before 4.2.7 for iPhone 4 CDMA; and possibly other products allows remote attackers to execute arbitrary code by adding children to a WBR tag and then removing the tag,...
CVE-2010-1782
WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via vectors related to the rendering...
Fedora 11 : qt-4.6.2-8.fc11 (2010-4524)
This update fixes several WebKit security issues: CVE-2010-0046: CSS format argument memory corruption CVE-2010-0049: Use of freed line boxes in mixed LTR/RTL text CVE-2010-0050: Crash at HTMLParser after handling misnested style tags CVE-2010-0051 CVE-2010-0651: Remote information disclosure...
CVE-2010-1388
CVE-2010-1388 affects WebKit in Apple Safari prior to 5.0 on macOS X 10.5–10.6 and prior to 4.1 on OS X 10.4. The vulnerability arises from how the clipboard handles URLs during drag and paste, enabling user-assisted remote attackers to read arbitrary files via a crafted HTML document. Public ref...
CVE-2010-0651
WebKit before r52784, as used in Google Chrome before 4.0.249.78 and Apple Safari before 4.0.5, permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers to obtain sensitive...