Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20240925172049.GB1308139@igalia.com>
Date: Wed, 25 Sep 2024 17:20:49 +0300
From: Adrian Perez de Castro <aperez@...lia.com>
To: webkit-gtk@...ts.webkit.org, webkit-wpe@...ts.webkit.org
Cc: security@...kit.org, oss-security@...ts.openwall.com
Subject: WebKitGTK and WPE WebKit Security Advisory WSA-2024-0005

------------------------------------------------------------------------
WebKitGTK and WPE WebKit Security Advisory                 WSA-2024-0005
------------------------------------------------------------------------

Date reported           : September 25, 2024
Advisory ID             : WSA-2024-0005
WebKitGTK Advisory URL  : https://webkitgtk.org/security/WSA-2024-0005.html
WPE WebKit Advisory URL : https://wpewebkit.org/security/WSA-2024-0005.html
CVE identifiers         : CVE-2024-23271, CVE-2024-27808,
                          CVE-2024-27820, CVE-2024-27830,
                          CVE-2024-27833, CVE-2024-27838,
                          CVE-2024-27850, CVE-2024-27851,
                          CVE-2024-40857, CVE-2024-40866,
                          CVE-2024-44187.

Several vulnerabilities were discovered in WebKitGTK and WPE WebKit.

CVE-2024-23271
    Versions affected: WebKitGTK and WPE WebKit before 2.42.5.
    Credit to James Lee (@Windowsrcer).
    Impact: A malicious website may cause unexpected cross-origin
    behavior. Description: A logic issue was addressed with improved
    checks.
    WebKit Bugzilla: 265812

CVE-2024-27808
    Versions affected: WebKitGTK and WPE WebKit before 2.44.2.
    Credit to Lukas Bernhard of CISPA Helmholtz Center for Information Security.
    Impact: Processing web content may lead to arbitrary code execution.
    Description: The issue was addressed with improved memory handling.
    WebKit Bugzilla: 268221

CVE-2024-27820
    Versions affected: WebKitGTK and WPE WebKit before 2.44.2.
    Credit to Jeff Johnson of underpassapp.com.
    Impact: Processing web content may lead to arbitrary code execution.
    Description: The issue was addressed with improved memory handling.
    WebKit Bugzilla: 270139

CVE-2024-27830
    Versions affected: WebKitGTK and WPE WebKit before 2.44.3.
    Credit to Joe Rutkowski (@Joe12387) of Crawless and @abrahamjuliot.
    Impact: A maliciously crafted webpage may be able to fingerprint the
    user. Description: This issue was addressed through improved state
    management.
    WebKit Bugzilla: 271159

CVE-2024-27833
    Versions affected: WebKitGTK and WPE WebKit before 2.44.2.
    Credit to Manfred Paul (@_manfp) working with Trend Micro Zero Day Initiative.
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: An integer overflow was
    addressed with improved input validation.
    WebKit Bugzilla: 271491

CVE-2024-27838
    Versions affected: WebKitGTK and WPE WebKit before 2.44.3.
    Credit to Emilio Cobos of Mozilla.
    Impact: A maliciously crafted webpage may be able to fingerprint the
    user. Description: The issue was addressed by adding additional
    logic.
    WebKit Bugzilla: 262337

CVE-2024-27850
    Versions affected: WebKitGTK and WPE WebKit before 2.44.2.
    Credit to an anonymous researcher.
    Impact: A maliciously crafted webpage may be able to fingerprint the
    user. Description: This issue was addressed with improvements to the
    noise injection algorithm.
    WebKit Bugzilla: 270767

CVE-2024-27851
    Versions affected: WebKitGTK and WPE WebKit before 2.44.3.
    Credit to Nan Wang (@eternalsakura13) of 360 Vulnerability Research Institute.
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: The issue was addressed with
    improved bounds checks.
    WebKit Bugzilla: 272106

CVE-2024-40857
    Versions affected: WebKitGTK and WPE WebKit before 2.46.0.
    Credit to Ron Masas.
    Impact: Processing maliciously crafted web content may lead to
    universal cross site scripting. Description: This issue was
    addressed through improved state management.
    WebKit Bugzilla: 268724

CVE-2024-40866
    Versions affected: WebKitGTK and WPE WebKit before 2.46.0.
    Credit to Hafiizh and YoKo Kho (@yokoacc) of HakTrak.
    Impact: Visiting a malicious website may lead to address bar
    spoofing. Description: The issue was addressed with improved UI.
    WebKit Bugzilla: 279451

CVE-2024-44187
    Versions affected: WebKitGTK and WPE WebKit before 2.46.0.
    Credit to Narendra Bhati, Manager of Cyber Security at Suma Soft Pvt. Ltd,
    Pune (India).
    Impact: A malicious website may exfiltrate data cross-origin.
    Description: A cross-origin issue existed with "iframe" elements.
    This was addressed with improved tracking of security origins.
    WebKit Bugzilla: 279452

We recommend updating to the latest stable versions of WebKitGTK and WPE
WebKit. It is the best way to ensure that you are running safe versions
of WebKit. Please check our websites for information about the latest
stable releases.

Further information about WebKitGTK and WPE WebKit security advisories
can be found at: https://webkitgtk.org/security.html or
https://wpewebkit.org/security.

The WebKitGTK and WPE WebKit team,

Download attachment "signature.asc" of type "application/pgp-signature" (196 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.