The UIProcess subsystem in WebKit, as used in WebKitGTK up to and including 2.23.90 and WebKitGTK+ up to and including 2.22.6 and other products, does not prevent the script dialog size from exceeding the web view size, which allows remote malicious users to cause a denial of service (Buffer Overflow) or possibly have unspecified other impact, related to UIProcess/API/gtk/WebKitScriptDialogGtk.cpp, UIProcess/API/gtk/WebKitScriptDialogImpl.cpp, and UIProcess/API/gtk/WebKitWebViewGtk.cpp, as demonstrated by GNOME Web (aka Epiphany).
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
webkitgtk webkitgtk |
||
webkitgtk webkitgtk\\+ |
||
opensuse leap 15.0 |
||
opensuse leap 42.3 |
||
canonical ubuntu linux 18.04 |
||
canonical ubuntu linux 18.10 |