This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Webkitgtk First view 2010-11-05
Product Webkitgtk Last view 2021-04-02
Version 1.2.6 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:webkitgtk:webkitgtk

Activity : Overall

Related : CVE

  Date Alert Description
9.8 2021-04-02 CVE-2021-1870

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..

6.5 2021-04-02 CVE-2021-1801

This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Maliciously crafted web content may violate iframe sandboxing policy.

6.5 2021-04-02 CVE-2021-1799

A port redirection issue was addressed with additional port validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. A malicious website may be able to access restricted ports on arbitrary servers.

8.8 2021-04-02 CVE-2021-1789

A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution.

6.5 2021-04-02 CVE-2021-1765

This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Maliciously crafted web content may violate iframe sandboxing policy.

3.3 2021-04-02 CVE-2020-29623

"Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. A user may be unable to fully delete browsing history.

10 2020-07-14 CVE-2020-13753

The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONE_NEWUSER and the TIOCSTI ioctl. CLONE_NEWUSER could potentially be used to confuse xdg-desktop-portal, which allows access outside the sandbox. TIOCSTI can be used to directly execute commands outside the sandbox by writing to the controlling terminal's input buffer, similar to CVE-2017-5226.

8.8 2020-04-17 CVE-2020-11793

A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content that allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash).

7.5 2020-03-02 CVE-2020-10018

WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. This issue has been fixed in 2.28.0 with improved memory handling.

5.3 2020-02-17 CVE-2013-7324

Webkit-GTK 2.x (any version with HTML5 audio/video support based on GStreamer) allows remote attackers to trigger unexpectedly high sound volume via malicious javascript. NOTE: this WebKit-GTK behavior complies with existing W3C standards and existing practices for GNOME desktop integration.

5.3 2019-04-10 CVE-2019-11070

WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in deanonymization. This issue was corrected by changing the way livestreams are downloaded.

9.8 2019-02-24 CVE-2019-8375

The UIProcess subsystem in WebKit, as used in WebKitGTK through 2.23.90 and WebKitGTK+ through 2.22.6 and other products, does not prevent the script dialog size from exceeding the web view size, which allows remote attackers to cause a denial of service (Buffer Overflow) or possibly have unspecified other impact, related to UIProcess/API/gtk/WebKitScriptDialogGtk.cpp, UIProcess/API/gtk/WebKitScriptDialogImpl.cpp, and UIProcess/API/gtk/WebKitWebViewGtk.cpp, as demonstrated by GNOME Web (aka Epiphany).

8.1 2019-01-14 CVE-2019-6251

WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge.

7.5 2017-03-09 CVE-2015-2330

Late TLS certificate verification in WebKitGTK+ prior to 2.6.6 allows remote attackers to view a secure HTTP request, including, for example, secure cookies.

8.8 2010-11-05 CVE-2010-4198

WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, does not properly handle large text areas, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted HTML document.

CWE : Common Weakness Enumeration

%idName
37% (3) CWE-20 Improper Input Validation
12% (1) CWE-416 Use After Free
12% (1) CWE-295 Certificate Issues
12% (1) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
12% (1) CWE-74 Failure to Sanitize Data into a Different Plane ('Injection')
12% (1) CWE-19 Data Handling

Open Source Vulnerability Database (OSVDB)

id Description
69164 Google Chrome Crafted HTML Document Text Area Handling Memory Corruption

OpenVAS Exploits

id Description
2012-06-05 Name : RedHat Update for webkitgtk RHSA-2011:0177-01
File : nvt/gb_RHSA-2011_0177-01_webkitgtk.nasl
2011-08-27 Name : Ubuntu Update for webkit USN-1195-1
File : nvt/gb_ubuntu_USN_1195_1.nasl
2011-03-07 Name : Mandriva Update for webkit MDVSA-2011:039 (webkit)
File : nvt/gb_mandriva_MDVSA_2011_039.nasl
2011-02-18 Name : Fedora Update for webkitgtk FEDORA-2011-1224
File : nvt/gb_fedora_2011_1224_webkitgtk_fc13.nasl
2011-01-24 Name : FreeBSD Ports: webkit-gtk2
File : nvt/freebsd_webkit-gtk22.nasl
2011-01-11 Name : Fedora Update for webkitgtk FEDORA-2011-0121
File : nvt/gb_fedora_2011_0121_webkitgtk_fc13.nasl
2010-11-18 Name : Google Chrome multiple vulnerabilities - November 10(Linux)
File : nvt/gb_google_chrome_mult_vuln_nov10_lin.nasl
2010-11-18 Name : Google Chrome multiple vulnerabilities - November 10(Windows)
File : nvt/gb_google_chrome_mult_vuln_nov10_win.nasl

Nessus® Vulnerability Scanner

id Description
2017-06-08 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201706-15.nasl - Type: ACT_GATHER_INFO
2015-05-20 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2015-0688-1.nasl - Type: ACT_GATHER_INFO
2015-03-30 Name: The remote Fedora host is missing a security update.
File: fedora_2015-4171.nasl - Type: ACT_GATHER_INFO
2014-12-15 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201412-09.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2011-0177.nasl - Type: ACT_GATHER_INFO
2012-08-01 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20110125_webkitgtk_on_SL6_x.nasl - Type: ACT_GATHER_INFO
2011-08-24 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-1195-1.nasl - Type: ACT_GATHER_INFO
2011-03-03 Name: The remote Mandriva Linux host is missing one or more security updates.
File: mandriva_MDVSA-2011-039.nasl - Type: ACT_GATHER_INFO
2011-01-26 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2011-0177.nasl - Type: ACT_GATHER_INFO
2011-01-10 Name: The remote Fedora host is missing a security update.
File: fedora_2011-0121.nasl - Type: ACT_GATHER_INFO
2011-01-03 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_06a12e26142e11e0bea20015f2db7bde.nasl - Type: ACT_GATHER_INFO
2010-11-04 Name: The remote host contains a web browser that is affected by multiple vulnerabi...
File: google_chrome_7_0_517_44.nasl - Type: ACT_GATHER_INFO