CVE-2024-44187
Publication date 17 September 2024
Last updated 22 October 2024
Ubuntu priority
Cvss 3 Severity Score
A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue is fixed in Safari 18, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. A malicious website may exfiltrate data cross-origin.
Status
Package | Ubuntu Release | Status |
---|---|---|
qtwebkit-opensource-src | 24.10 oracular | Ignored |
24.04 LTS noble | Ignored | |
22.04 LTS jammy | Ignored | |
20.04 LTS focal | Ignored | |
18.04 LTS bionic | Ignored | |
16.04 LTS xenial | Ignored | |
qtwebkit-source | 24.10 oracular | Not in release |
24.04 LTS noble | Not in release | |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Not in release | |
18.04 LTS bionic | Ignored | |
16.04 LTS xenial | Ignored | |
webkit2gtk | 24.10 oracular |
Fixed 2.46.1-0ubuntu1
|
24.04 LTS noble |
Fixed 2.46.1-0ubuntu0.24.04.1
|
|
22.04 LTS jammy |
Fixed 2.46.1-0ubuntu0.22.04.3
|
|
20.04 LTS focal | Ignored | |
18.04 LTS bionic | Ignored | |
16.04 LTS xenial | Ignored | |
webkitgtk | 24.10 oracular | Not in release |
24.04 LTS noble | Not in release | |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Not in release | |
18.04 LTS bionic | Ignored | |
16.04 LTS xenial | Ignored | |
wpewebkit | 24.10 oracular | Not in release |
24.04 LTS noble | Not in release | |
22.04 LTS jammy | Ignored | |
20.04 LTS focal | Ignored |
Notes
jdstrand
webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8
mdeslaur
It is no longer possible to build new webkit2gtk versions on focal and earlier. Marking as ignored. wpewebkit isn't used by anything of importance in the archive, except for cog, an example container for wpewebkit. There is no point in attempting to backport newer wpewebkit versions to the archive. As such, marking as ignored. It is not feasible to fix webkitgtk, qtwebkit-source, and qtwebkit-opensource-src. Marking them as ignored.
Severity score breakdown
Parameter | Value |
---|---|
Base score | 6.5 · Medium |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | Required |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | None |
Availability impact | None |
Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
References
Related Ubuntu Security Notices (USN)
- USN-7079-1
- WebKitGTK vulnerabilities
- 22 October 2024