webkitgtk: Use-after-free in WebCore::GraphicsContext leading to information leak and possibly code execution

A use-after-free vulnerability exists in the way Webkit’s GraphicsContext handles certain events in WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into visiting a malicious web page to trigger this...

webkitgtk: Memory corruptions leading to arbitrary code execution

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to arbitrary code execution...

webkitgtk: Memory corruptions leading to arbitrary code execution

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to arbitrary code execution...

webkitgtk: Use-after-free in fireEventListeners leading to arbitrary code execution

An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in remote code execution. The victim needs to visit a malicious web site to trigger the vulnerability...

webkitgtk: Use-after-free leading to arbitrary code execution

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to arbitrary code execution...

webkitgtk: Access to restricted ports on arbitrary servers via port redirection

A port redirection issue was found in WebKitGTK and WPE WebKit in versions prior to 2.30.6. A malicious website may be able to access restricted ports on arbitrary servers. The highest threat from this vulnerability is to data integrity...

webkitgtk: Insufficient checks leading to arbitrary code execution

This issue was addressed with improved checks. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to code execution...

webkitgtk: User may be unable to fully delete browsing history

A flaw was found in WebKitGTK and WPE WebKit in versions prior to 2.30.6. A user may be unable to fully delete the browsing history under some circumstances. The highest threat from this vulnerability is to data confidentiality...

GNOME security, bug fix, and enhancement update

An update is available for gnome-shell-extensions, webkit2gtk3, LibRaw, gnome-settings-daemon, gsettings-desktop-schemas, gnome-autoar, mutter, accountsservice, gnome-control-center, gnome-online-accounts, gnome-shell, gtk3, gdm, vino, gnome-software, gnome-session, gnome-calculator. This update...

[SECURITY] Fedora 34 Update: webkit2gtk3-2.34.1-1.fc34

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. This package contains WebKit2 based WebKitGTK for GTK 3...

[SECURITY] Fedora 33 Update: webkit2gtk3-2.34.1-1.fc33

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. This package contains WebKit2 based WebKitGTK for GTK 3...

openSUSE 15 Security Update : webkit2gtk3 (openSUSE-SU-2021:1454-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:1454-1 advisory. - BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host...

CentOS 8 : webkit2gtk3 (CESA-2021:4097)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2021:4097 advisory. - webkitgtk: Use-after-free leading to arbitrary code execution CVE-2021-30858 Note that Nessus has not tested for this issue but has instead relied only on the...

webkitgtk: Use-after-free leading to arbitrary code execution

A flaw was found in webkitgtk. This flaw could allow an attacker to use maliciously crafted web content leading to arbitrary code execution...

RLSA-2021:4097 Moderate: webkit2gtk3 security and bug fix update

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkitgtk: Use-after-free leading to arbitrary code execution CVE-2021-30858 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

webkit2gtk3 security and bug fix update

An update is available for webkit2gtk3. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list WebKitGTK is the port of the portable web rendering engine WebKit to the...

Ubuntu: Security Advisory (USN-5127-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-5127-1 webkit2gtk vulnerabilities

A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service...

Ubuntu 20.04 LTS : WebKitGTK vulnerabilities (USN-5127-1)

The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5127-1 advisory. A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a...

Fedora: Security Advisory for webkit2gtk3 (FEDORA-2021-db6ebb2d68)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...