Important: Red Hat Security Advisory: webkit2gtk3 security, bug fix, and enhancement update

An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

webkitgtk: Same Origin Policy bypass via crafted web content

A vulnerability was found in WebKitGTK. This security issue occurs when processing maliciously crafted web content that may bypass the same-origin Policy...

Important: webkit2gtk3 security and bug fix update

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkitgtk: arbitrary code execution CVE-2023-32393 webkitgtk: bypass Same Origin Policy CVE-2023-38572 webkitgtk: Processing web content may lead to arbitrary code execution CVE-2023-38592...

ALSA-2023:6535 Important: webkit2gtk3 security and bug fix update

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkitgtk: arbitrary code execution CVE-2023-32393 webkitgtk: bypass Same Origin Policy CVE-2023-38572 webkitgtk: Processing web content may lead to arbitrary code execution CVE-2023-38592...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : Firefox vulnerabilities (USN-3896-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3896-1 advisory. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacke...

Important: webkitgtk4

Issue Overview: A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. Processing web content may lead to arbitrary code execution. CVE-2023-28198 A logic issue was addressed with improved validation. This issue i...

Amazon Linux 2 : webkitgtk4 (ALAS-2023-2270)

The version of webkitgtk4 installed on the remote host is prior to 2.40.5-3. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2270 advisory. A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.4 and iPadOS 16.4,...

document.domain deprecation on Chrome 115

Issue with HTTP response if the page is reliant on document.domain. Same-origin policy by setting document.domain is deprecated, and will be disabled by default...

Researchers Uncover New GPU Side-Channel Vulnerability Leaking Sensitive Data

A novel side-channel attack called GPU.zip renders virtually all modern graphics processing units GPU vulnerable to information leakage. "This channel exploits an optimization that is data dependent, software transparent, and present in nearly all modern GPUs: graphical data compression," a group...

Amazon Linux 2 : firefox (ALASFIREFOX-2023-002)

The version of firefox installed on the remote host is prior to 102.14.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2023-002 advisory. Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data fr...

OESA-2023-1671 firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. Mozilla Firefox is a standalone web browser, designed for standards compliance and performance. Its functionality can be enhanced via a plethora of extensions. Security Fixes: An attacke...

CVE-2023-27932

A vulnerability was found in WebKitGTK. This security issue occurs when processing maliciously crafted web content that may bypass the same-origin Policy. Mitigation Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criter...

SUSE-SU-2023:3419-1 Security update for webkit2gtk3

This update for webkit2gtk3 fixes the following issues: Update to version 2.40.5 bsc1213905: - CVE-2023-38133: Fixed information disclosure. - CVE-2023-38572: Fixed Same-Origin-Policy bypass. - CVE-2023-38592: Fixed arbitrary code execution. - CVE-2023-38594: Fixed arbitrary code execution. -...

USN-6267-3: Firefox regressions

USN-6267-1 fixed vulnerabilities and USN-6267-2 fixed minor regressions in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were...

Fedora 37 : webkitgtk (2023-19754c5a93)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-19754c5a93 advisory. Fix several crashes and rendering issues Security fixes: CVE-2023-38133, CVE-2023-38572, CVE-2023-38592, CVE-2023-38594, CVE-2023-38595,...

Oracle Linux 9 : thunderbird (ELSA-2023-4499)

The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-4499 advisory. 102.14.0-1.0.1 - Update to 102.14.0 build1 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note...

Oracle Linux 8 : thunderbird (ELSA-2023-4497)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-4497 advisory. 102.14.0-1.0.1 - Update to 102.14.0 build1 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note...

CVE-2023-38572

A flaw was found in WebKitGTK. This flaw exists due to an error when handling the Same Origin Policy. A remote attacker can bypass Same Origin Policy restrictions...

Debian: Security Advisory (DLA-3523-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 3523-1] firefox-esr security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3523-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort August 09, 2023 https://wiki.debian.org/LTS -...