Security update for webkit2gtk3

This update for webkit2gtk3 fixes the following issues: Updated to version 2.48.5: - CVE-2025-31273: Fixed a vulnerability where processing maliciously crafted web content could lead to memory corruption. bsc1247564 - CVE-2025-31278: Fixed a vulnerability where processing maliciously crafted web...

Mozilla: Phishing site popup could show local origin in address bar

The Mozilla Foundation Security Advisory describes this flaw as: A phishing site could have repurposed an about: dialog to show phishing content with an incorrect origin in the address bar...

SUSE CVE-2017-5466

If a page is loaded from an original site through a hyperlink and contains a redirect to a "data:text/html" URL, triggering a reload will run the reloaded "data:text/html" page with its origin set incorrectly. This allows for a cross-site scripting XSS attack. This vulnerability affects Thunderbi...

SUSE CVE-2022-22748

Malicious websites could have confused Firefox into showing the wrong origin when asking to launch a program and handling an external URL protocol. This vulnerability affects Firefox ESR 91.5, Firefox 96, and Thunderbird 91.5...

CVE-2018-6051

XSS Auditor in Google Chrome prior to 64.0.3282.119, did not ensure the reporting URL was in the same origin as the page it was on, which allowed a remote attacker to obtain referrer details via a crafted HTML page...

UBUNTU-CVE-2018-6051

XSS Auditor in Google Chrome prior to 64.0.3282.119, did not ensure the reporting URL was in the same origin as the page it was on, which allowed a remote attacker to obtain referrer details via a crafted HTML page...