Skip to content

webkit2gtk: Multiple vulnerabilities (CVE-2020-9802, CVE-2020-9803, CVE-2020-9805, CVE-2020-9806, CVE-2020-9807, CVE-2020-9843, CVE-2020-9850, CVE-2020-13753)

CVE-2020-9802

  • Processing maliciously crafted web content may lead to arbitrary code execution.
  • A logic issue was addressed with improved restrictions.
  • Versions affected: WebKitGTK before 2.28.3 and WPE WebKit before 2.28.3.

CVE-2020-9803

  • Processing maliciously crafted web content may lead to arbitrary code execution.
  • A memory corruption issue was addressed with improved validation.
  • Versions affected: WebKitGTK before 2.28.3 and WPE WebKit before 2.28.3.

CVE-2020-9805

  • Processing maliciously crafted web content may lead to universal cross site scripting.
  • A logic issue was addressed with improved restrictions.
  • Versions affected: WebKitGTK before 2.28.3 and WPE WebKit before 2.28.3.

CVE-2020-9806

  • Processing maliciously crafted web content may lead to arbitrary code execution.
  • A memory corruption issue was addressed with improved state management.
  • Versions affected: WebKitGTK before 2.28.3 and WPE WebKit before 2.28.3.

CVE-2020-9807

  • Processing maliciously crafted web content may lead to arbitrary code execution.
  • A memory corruption issue was addressed with improved state management.
  • Versions affected: WebKitGTK before 2.28.3 and WPE WebKit before 2.28.3.

CVE-2020-9843

  • Processing maliciously crafted web content may lead to a cross site scripting attack.
  • An input validation issue was addressed with improved input validation.
  • Versions affected: WebKitGTK before 2.28.3 and WPE WebKit before 2.28.3.

CVE-2020-9850

  • A remote attacker may be able to cause arbitrary code execution.
  • A logic issue was addressed with improved restrictions.
  • Versions affected: WebKitGTK before 2.28.3 and WPE WebKit before 2.28.3.

CVE-2020-13753

The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONE_NEWUSER and the TIOCSTI ioctl. CLONE_NEWUSER could potentially be used to confuse xdg- desktop-portal, which allows access outside the sandbox. TIOCSTI can be used to directly execute commands outside the sandbox by writing to the controlling terminal’s input buffer, similar to CVE-2017-5226. Versions affected: WebKitGTK before 2.28.3 and WPE WebKit before 2.28.3.

Reference:

https://webkitgtk.org/security/WSA-2020-0006.html

Affected branches:

Edited by Rasmus Thomsen
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information