4.3
CVSSv2

CVE-2020-3867

Published: 27/02/2020 Updated: 15/03/2020
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Summary

A logic issue was addressed with improved state management. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to universal cross site scripting.

Vulnerability Trend

Affected Products

Vendor Product Versions
AppleIcloud6.1.1, 7.7, 7.8.1, 7.10, 7.11, 7.12, 7.13, 7.14, 10.0, 10.4, 10.6, 10.7, 10.8
AppleItunes12.1.3, 12.5.5, 12.9, 12.9.4, 12.9.5, 12.9.6, 12.10.1, 12.10.2, 12.10.3
AppleSafari-, 1.0, 1.0.0, 1.0.0b1, 1.0.0b2, 1.0.1, 1.0.2, 1.0.3, 1.0b1, 1.1, 1.1.0, 1.1.1, 1.2, 1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.2.5, 1.3, 1.3.0, 1.3.1, 1.3.2, 2, 2.0, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 3, 3.0, 3.0.0, 3.0.0b, 3.0.1, 3.0.1b, 3.0.2, 3.0.2b, 3.0.3, 3.0.3b, 3.0.4, 3.0.4b, 3.1.0, 3.1.0b, 3.1.1, 3.1.1b, 3.1.2, 3.1.2b, 3.2.0, 3.2.0b, 3.2.1, 3.2.1b, 3.2.2, 3.2.2b, 4.0, 4.0.0b, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.1, 4.1.1, 4.1.2, 5.0, 5.0.1, 5.0.2, 5.0.4, 5.0.5, 5.0.6, 5.1, 5.1.1, 5.1.2, 5.1.3, 5.1.4, 5.1.5, 5.1.6, 5.1.7, 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.1, 6.1.1, 6.1.2, 6.1.3, 6.1.4, 6.1.5, 6.2.1, 6.2.4, 6.2.5, 6.2.6, 6.2.8, 7.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.1, 7.1.1, 7.1.4, 7.1.5, 7.1.6, 7.1.8, 8.0, 8.0.1, 8.0.4, 8.0.5, 8.0.6, 8.0.8, 9.0.1, 9.0.2, 9.0.3, 9.1, 9.1.1, 9.1.3, 10.0.0, 10.0.1, 10.0.2, 10.0.3, 10.1, 10.1.1, 10.1.2, 11.0, 11.0.1, 11.0.2, 11.0.3, 11.1, 11.1.1, 11.1.2, 12, 12.0, 12.0.1, 12.0.2, 12.0.3, 12.1, 12.1.1, 12.1.2, 13.0.1
AppleIpados13.1, 13.1.1, 13.1.2, 13.1.3, 13.2, 13.2.2, 13.2.3, 13.3
AppleIphone Os1.0.0, 1.0.1, 1.0.2, 1.1.0, 1.1.1, 1.1.2, 1.1.3, 1.1.4, 1.1.5, 2.0, 2.0.0, 2.0.1, 2.0.2, 2.1, 2.1.1, 2.2, 2.2.1, 3.0, 3.0.1, 3.1, 3.1.1, 3.1.2, 3.1.3, 3.2, 3.2.1, 3.2.2, 4.0, 4.0.1, 4.0.2, 4.1, 4.2.1, 4.2.5, 4.2.6, 4.2.7, 4.2.8, 4.2.9, 4.2.10, 4.3.0, 4.3.1, 4.3.2, 4.3.3, 4.3.4, 4.3.5, 5.0, 5.0.1, 5.1, 5.1.1, 6.0, 6.0.1, 6.0.2, 6.1, 6.1.2, 6.1.3, 6.1.4, 6.1.5, 6.1.6, 7.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.1, 7.1.1, 7.1.2, 8.0, 8.0.1, 8.0.2, 8.1, 8.1.1, 8.1.2, 8.1.3, 8.2, 8.3, 8.4, 8.4.1, 9.0, 9.0.1, 9.0.2, 9.1, 9.2, 9.2.1, 9.3, 9.3.1, 9.3.2, 9.3.3, 9.3.4, 9.3.5, 9.3.6, 10.0, 10.0.1, 10.0.2, 10.0.3, 10.1, 10.1.1, 10.2, 10.2.1, 10.3, 10.3.1, 10.3.2, 10.3.3, 10.3.4, 11, 11.0, 11.0.1, 11.0.2, 11.0.3, 11.1, 11.1.1, 11.1.2, 11.2, 11.2.1, 11.2.2, 11.2.5, 11.2.6, 11.3, 11.3.1, 11.4, 11.4.1, 12.0, 12.0.1, 12.1, 12.1.1, 12.1.2, 12.1.3, 12.1.4, 12.2, 12.3, 12.3.1, 12.3.2, 12.4, 12.4.1, 13.0, 13.1, 13.1.1, 13.1.2, 13.1.3, 13.2, 13.2.2, 13.2.3, 13.3
AppleTvos1.0.0, 1.1.0, 2.0.0, 2.0.1, 2.0.2, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.4.0, 3.0.0, 3.0.1, 3.0.2, 4.1.0, 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.3.0, 4.4.0, 4.4.2, 4.4.3, 4.4.4, 5.0.0, 5.0.1, 5.0.2, 5.1.0, 5.1.1, 5.2.0, 6.0, 6.0.1, 6.0.2, 6.1, 6.1.1, 6.1.2, 6.2, 6.2.1, 7.0, 7.0.1, 7.0.2, 7.0.3, 7.1, 9.0, 9.0.1, 9.1, 9.1.1, 9.2, 9.2.1, 9.2.2, 10.0, 10.0.1, 10.1, 10.1.1, 10.2, 10.2.1, 10.2.2, 11, 11.0, 11.1, 11.2, 11.2.1, 11.2.6, 11.3, 11.4.1, 12, 12.0.1, 12.1, 12.1.1, 12.2, 12.3, 12.4, 13
OpensuseLeap15.1

Vendor Advisories

Several security issues were fixed in WebKitGTK+ ...
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security updates page Apple security documents reference vulnerabilities by CVE-ID when possible ...
Processing maliciously crafted web content may lead to universal cross site scripting ...
The following vulnerabilities have been discovered in the webkit2gtk web engine: CVE-2020-3862 Srikanth Gatta discovered that a malicious website may be able to cause a denial of service CVE-2020-3864 Ryan Pickren discovered that a DOM object context may not have had a unique security origin CVE-2020-3865 Ryan Pickren discove ...
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security updates page Apple security documents reference vulnerabilities by CVE-ID when possible ...
Arch Linux Security Advisory ASA-202002-10 ========================================== Severity: High Date : 2020-02-17 CVE-ID : CVE-2020-3862 CVE-2020-3864 CVE-2020-3865 CVE-2020-3867 CVE-2020-3868 Package : webkit2gtk Type : multiple issues Remote : Yes Link : securityarchlinuxorg/AVG-1100 Summary ======= The pack ...

Mailing Lists

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4627-1 security () debian org wwwdebianorg/security/ Alberto Garcia February 17, 2020 wwwdebianorg/security/faq ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2020-1-29-1 iCloud for Windows 717 iCloud for Windows 717 addresses the following: ImageIO Available for: Windows 7 and later Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validatio ...
------------------------------------------------------------------------ WebKitGTK and WPE WebKit Security Advisory WSA-2020-0002 ------------------------------------------------------------------------ Date reported : February 14, 2020 Advisory ID : WSA-2020-0002 WebKitGTK Advisory URL : webkitgtkor ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2020-1-29-1 iCloud for Windows 717 iCloud for Windows 717 addresses the following: ImageIO Available for: Windows 7 and later Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validatio ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2020-1-29-2 iCloud for Windows 1092 iCloud for Windows 1092 is now available and addresses the following: ImageIO Available for: Windows 10 and later via the Microsoft Store Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bound ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2020-1-29-2 iCloud for Windows 1092 iCloud for Windows 1092 is now available and addresses the following: ImageIO Available for: Windows 10 and later via the Microsoft Store Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bound ...
------------------------------------------------------------------------ WebKitGTK and WPE WebKit Security Advisory WSA-2020-0002 ------------------------------------------------------------------------ Date reported : February 14, 2020 Advisory ID : WSA-2020-0002 WebKitGTK Advisory URL : webkitgtkor ...