CVE-2024-23280
Published: 8 March 2024
An injection issue was addressed with improved validation. This issue is fixed in Safari 17.4, macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, watchOS 10.4, tvOS 17.4. A maliciously crafted webpage may be able to fingerprint the user.
Notes
Author | Note |
---|---|
jdstrand | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 |
mdeslaur | It is no longer possible to build new webkit2gtk versions on focal and earlier. Marking as ignored. |
Priority
Status
Package | Release | Status |
---|---|---|
qtwebkit-opensource-src Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
focal |
Needs triage
|
|
jammy |
Needs triage
|
|
mantic |
Needs triage
|
|
upstream |
Needs triage
|
|
xenial |
Needs triage
|
|
qtwebkit-source Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Needs triage
|
|
webkit2gtk Launchpad, Ubuntu, Debian |
bionic |
Ignored
|
focal |
Ignored
|
|
jammy |
Released
(2.44.0-0ubuntu0.22.04.1)
|
|
mantic |
Released
(2.44.0-0ubuntu0.23.10.1)
|
|
upstream |
Released
(2.44.0)
|
|
xenial |
Ignored
|
|
webkitgtk Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Needs triage
|
|
wpewebkit Launchpad, Ubuntu, Debian |
focal |
Needs triage
|
jammy |
Needs triage
|
|
mantic |
Does not exist
|
|
upstream |
Needs triage
|