DSA-4558-1

UNKNOWN

webkit2gtk - security update

Published Nov 4, 2019

Modified 6 years ago

Fix available

Details

Several vulnerabilities have been discovered in the webkit2gtk web engine:

CVE-2019-8625

Sergei Glazunov discovered that maliciously crafted web content
may lead to universal cross site scripting.

CVE-2019-8720

Wen Xu discovered that maliciously crafted web content may lead to
arbitrary code execution.

CVE-2019-8769

Pierre Reimertz discovered that visiting a maliciously crafted
website may reveal browsing history.

CVE-2019-8771

Eliya Stein discovered that maliciously crafted web content may
violate iframe sandboxing policy.

Affected Packages

webkit2gtk

Debian 10

Fixed in:

2.26.1-3~deb10u1

References

Upstream

Ecosystems

Timeline

PublishedNov 4, 2019

ModifiedNov 4, 2019

DSA-4558-1 | Mondoo Vulnerability Intelligence