VuXML: webkit2-gtk3 -- multible vulnerabilities

VuXML ID	efd03116-c2a9-11ea-82bc-b42e99a1b9c3
Discovery	2020-07-10
Entry	2020-07-10

The WebKitGTK project reports vulnerabilities:

CVE-2020-9802: Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2020-9803: Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2020-9805: Processing maliciously crafted web content may lead to universal cross site scripting.

CVE-2020-9806: Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2020-9807: Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2020-9843: Processing maliciously crafted web content may lead to a cross site scripting attack.

CVE-2020-9850: A remote attacker may be able to cause arbitrary code execution.

CVE-2020-13753: CLONE_NEWUSER could potentially be used to confuse xdg- desktop-portal, which allows access outside the sandbox. TIOCSTI can be used to directly execute commands outside the sandbox by writing to the controlling terminal’s input buffer.

[source]

CVE Name	CVE-2020-13753
CVE Name	CVE-2020-9802
CVE Name	CVE-2020-9803
CVE Name	CVE-2020-9805
CVE Name	CVE-2020-9806
CVE Name	CVE-2020-9807
CVE Name	CVE-2020-9843
CVE Name	CVE-2020-9850
URL	https://webkitgtk.org/security/WSA-2020-0006.html

webkit2-gtk3 -- multible vulnerabilities

Details

References