Debian: DSA-5684-1 Critical: Webkit2gtk Remote Code Execution Threat
debian
May 9, 2024
The following vulnerabilities have been discovered in the WebKitGTK web engine: CVE-2023-42843
Topics Covered
Summary
The following vulnerabilities have been discovered in the WebKitGTK
web engine:
CVE-2023-42843
Kacper Kwapisz discovered that visiting a malicious website may
lead to address bar spoofing.
CVE-2023-42950
Nan Wang and Rushikesh Nandedkar discovered that processing
maliciously crafted web content may lead to arbitrary code
execution.
CVE-2023-42956
SungKwon Lee discovered that processing web content may lead to a
denial-of-service.
CVE-2024-23252
anbu1024 discovered that processing web content may lead to a
denial-of-service.
CVE-2024-23254
James Lee discovered that a malicious website may exfiltrate audio
data cross-origin.
CVE-2024-23263
Johan Carlsson discovered that processing maliciously crafted web
content may prevent Content Security Policy from being enforced.
CVE-2024-23280
An anonymous researcher discovered that a maliciously crafted
webpage may be able to fingerprint the user.
CVE-2024-23284
Georg Felber and Marco Squarcina discovered ...
PREVIOUS 
NEXT Severity
critical
Lowest
Low
Medium
High
Critical
Package: webkit2gtk
CVE ID: CVE-2023-42843 CVE-2023-42950 CVE-2023-42956 CVE-2024-23252
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!