webkitgtk: Memory corruption issue leading to arbitrary code execution

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, Safari 15, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing maliciously crafted web content may lead to arbitrary code execution...

webkitgtk: Memory corruption issue leading to arbitrary code execution

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, Safari 15, iOS 15 and iPadOS 15. Processing maliciously crafted web content may lead to code execution...

webkitgtk: Multiple memory corruption issue leading to arbitrary code execution

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, watchOS 8, Safari 15, tvOS 15, iOS 15 and iPadOS 15, iTunes 12.12 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution...

webkitgtk: Processing a maliciously crafted mail message may lead to running arbitrary javascript

A vulnerability was found in WebKitGTK. The vulnerability exists due to improper input validation in WebKit when processing email messages. This flaw allows a remote attacker to trick the victim into opening a specially crafted email message and execute arbitrary JavaScript code...

webkitgtk: logic issue was addressed with improved state management

A logic issue was found in WebKitGTK and WPE WebKit. This flaw allows a remote attacker to process unexpected cross-origin attacks...

webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution

A buffer overflow vulnerability was found in webkitgtk. This flaw allows an attacker with network access to pass specially crafted web content files, causing an application to halt, crash or lead to arbitrary code execution...

webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution

A flaw was found in webkitgtk. The vulnerability occurs due to improper state handling, which can lead to a race condition. An attacker with network access could pass specially crafted web content files causing an application to halt, crash, or may lead to arbitrary code execution...

webkitgtk: Type confusion issue leading to arbitrary code execution

A confusion type flaw was found in WebKitGTK. Specially crafted web content could use this flaw to trigger an arbitrary code execution when processed...

webkitgtk: Incorrect memory allocation in WebCore::ImageBufferCairoImageSurfaceBackend::create

A segmentation violation vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash...

webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution

A use-after-free vulnerability was found in WebKitGTK. The vulnerability occurs when processing HTML content in WebKit. This flaw allows a remote attacker to trick the victim into opening a specially crafted web page, trigger a use-after-free error and execute arbitrary code on the system...

webkitgtk: Logic issue leading to universal cross-site scripting

A logic issue was found in WebKitGTK. Specially crafted web content could use this flaw to trigger a universal cross-site scripting when processed...

webkitgtk: CSS compositing issue leading to revealing of the browsing history

A flaw was found in the way WebKitGTK performed CSS compositing. A malicious web site could possibly use this flaw to reveal user's browsing history...

webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution

A flaw was found in webkitgtk. The vulnerability occurs due to improper memory handling, which can lead to a type confusion issue. An attacker with network access could pass specially crafted web content files causing an application to halt, crash, or may lead to arbitrary code execution...

webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution

A flaw was found in webkitgtk. The vulnerability occurs due to improper bounds checking, which can lead to an out-of-bounds read vulnerability. An attacker with network access could pass specially crafted web content files causing an application to halt, crash, or may lead to arbitrary code...

webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution

A flaw was found in webkitgtk. The vulnerability occurs due to improper input validation, which can lead to an integer overflow. An attacker with network access could pass specially crafted web content files causing an application to halt, crash, or may lead to arbitrary code execution...

webkitgtk: use-after-free in WebCore::ContainerNode::firstChild

A use-after-free vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash...

webkitgtk: Information leak via Content Security Policy reports

An information leak flaw was found in WebKitGTK. A malicious web site using Content Security Policy reports could use this flaw to leak information via redirects...

webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution

A use after free vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted web content files causing an application to halt, crash, or may lead to arbitrary code execution...

webkitgtk: maliciously crafted web content may lead to arbitrary code execution due to use after free

A use-after-free vulnerability was found in WebKitGTK. The vulnerability occurs when processing HTML content in WebKit. This flaw allows a remote attacker to trick the victim into opening a specially crafted web page, triggering a use-after-free error and leading to the execution of arbitrary cod...

webkitgtk: Cross-origin data exfiltration via resource timing API

A flaw was found in the resource timing API specification and its implementation in WebKitGTK. A malicious web site could use this flaw to trigger a cross-domain data exfiltration...