WebKitGTK+ Security Advisory WSA-2015-0001

Several vulnerabilities were discovered on the 2.4 stable series of WebKitGTK+.

  • CVE-2013-2871
    • Versions affected: WebKitGTK+ 2.4.X before 2.4.1.
    • Credit to miaubiz.
    • Use-after-free vulnerability in Google Chrome before 28.0.1500.71 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of input.
  • CVE-2014-1292
    • Versions affected: WebKitGTK+ 2.4.X before 2.4.1.
    • Credit to Google Chrome Security Team.
    • WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1289, CVE-2014-1290, CVE-2014-1291, CVE-2014-1293, and CVE-2014-1294.
  • CVE-2014-1298
    • Versions affected: WebKitGTK+ 2.4.X before 2.4.1.
    • Credit to Google Chrome Security Team.
    • WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.
  • CVE-2014-1299
    • Versions affected: WebKitGTK+ 2.4.X before 2.4.1.
    • Credit to Google Chrome Security Team, Apple, Renata Hodovan of University of Szeged / Samsung Electronics.
    • WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.
  • CVE-2014-1300
    • Versions affected: WebKitGTK+ 2.4.X before 2.4.1.
    • Credit to Ian Beer of Google Project Zero working with HP’s Zero Day Initiative.
    • Unspecified vulnerability in Apple Safari 7.0.2 on OS X allows remote attackers to execute arbitrary code with root privileges via unknown vectors, as demonstrated by Google during a Pwn4Fun competition at CanSecWest 2014.
  • CVE-2014-1303
    • Versions affected: WebKitGTK+ 2.4.X before 2.4.1.
    • Credit to KeenTeam working with HP’s Zero Day Initiative.
    • Heap-based buffer overflow in Apple Safari 7.0.2 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism via unspecified vectors, as demonstrated by Liang Chen during a Pwn2Own competition at CanSecWest 2014.
  • CVE-2014-1304
    • Versions affected: WebKitGTK+ 2.4.X before 2.4.1.
    • Credit to Apple.
    • WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.
  • CVE-2014-1305
    • Versions affected: WebKitGTK+ 2.4.X before 2.4.1.
    • Credit to Apple.
    • WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.
  • CVE-2014-1307
    • Versions affected: WebKitGTK+ 2.4.X before 2.4.1.
    • Credit to Google Chrome Security Team.
    • WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.
  • CVE-2014-1308
    • Versions affected: WebKitGTK+ 2.4.X before 2.4.1.
    • Credit to Google Chrome Security Team.
    • WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.
  • CVE-2014-1309
    • Versions affected: WebKitGTK+ 2.4.X before 2.4.1.
    • Credit to cloudfuzzer.
    • WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.
  • CVE-2014-1311
    • Versions affected: WebKitGTK+ 2.4.X before 2.4.1.
    • Credit to Google Chrome Security Team.
    • WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.
  • CVE-2014-1313
    • Versions affected: WebKitGTK+ 2.4.X before 2.4.1.
    • Credit to Google Chrome Security Team.
    • WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.
  • CVE-2014-1713
    • Versions affected: WebKitGTK+ 2.4.X before 2.4.1.
    • Credit to VUPEN working with HP’s Zero Day Initiative.
    • Use-after-free vulnerability in the AttributeSetter function in bindings/templates/attributes.cpp in the bindings in Blink, as used in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving the document.location value.
  • CVE-2014-1297
    • Versions affected: WebKitGTK+ 2.4.X before 2.4.1.
    • Credit to Ian Beer of Google Project Zero.
    • WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, does not properly validate WebProcess IPC messages, which allows remote attackers to bypass a sandbox protection mechanism and read arbitrary files by leveraging WebProcess access.
  • CVE-2013-2875
    • Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
    • Credit to miaubiz.
    • core/rendering/svg/SVGInlineTextBox.cpp in the SVG implementation in Blink, as used in Google Chrome before 28.0.1500.71, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
  • CVE-2013-2927
    • Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
    • Credit to cloudfuzzer.
    • Use-after-free vulnerability in the HTMLFormElement::prepareForSubmission function in core/html/HTMLFormElement.cpp in Blink, as used in Google Chrome before 30.0.1599.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to submission for FORM elements.
  • CVE-2014-1323
    • Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
    • Credit to banty.
    • WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1.
  • CVE-2014-1326
    • Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
    • Credit to Apple.
    • WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1.
  • CVE-2014-1329
    • Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
    • Credit to Google Chrome Security Team.
    • WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1.
  • CVE-2014-1330
    • Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
    • Credit to Google Chrome Security Team.
    • WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1.
  • CVE-2014-1331
    • Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
    • Credit to cloudfuzzer.
    • WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1.
  • CVE-2014-1333
    • Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
    • Credit to Google Chrome Security Team.
    • WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1.
  • CVE-2014-1334
    • Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
    • Credit to Apple.
    • WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1.
  • CVE-2014-1335
    • Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
    • Credit to Google Chrome Security Team.
    • WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1.
  • CVE-2014-1336
    • Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
    • Credit to Apple.
    • WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1.
  • CVE-2014-1337
    • Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
    • Credit to Apple.
    • WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1.
  • CVE-2014-1338
    • Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
    • Credit to Google Chrome Security Team.
    • WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1.
  • CVE-2014-1339
    • Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
    • Credit to Atte Kettunen of OUSPG.
    • WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1.
  • CVE-2014-1341
    • Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
    • Credit to Google Chrome Security Team.
    • WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1.
  • CVE-2014-1342
    • Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
    • Credit to Apple.
    • WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1.
  • CVE-2014-1343
    • Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
    • Credit to Google Chrome Security Team.
    • WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1.
  • CVE-2014-1731
    • Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
    • Credit to an anonymous member of the Blink development community.
    • core/html/HTMLSelectElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly check renderer state upon a focus event, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage “type confusion” for SELECT elements.
  • CVE-2014-1346
    • Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
    • Credit to Erling Ellingsen of Facebook.
    • WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, does not properly interpret Unicode encoding, which allows remote attackers to spoof a postMessage origin, and bypass intended restrictions on sending a message to a connected frame or window, via crafted characters in a URL.
  • CVE-2014-1344
    • Versions affected: WebKitGTK+ 2.4.X before 2.4.8.
    • Credit to Ian Beer of Google Project Zero.
    • WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1.
  • CVE-2014-1384
    • Versions affected: WebKitGTK+ 2.4.X before 2.4.8.
    • Credit to Apple.
    • WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in HT6367.
  • CVE-2014-1385
    • Versions affected: WebKitGTK+ 2.4.X before 2.4.8.
    • Credit to Apple.
    • WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in HT6367.
  • CVE-2014-1387
    • Versions affected: WebKitGTK+ 2.4.X before 2.4.8.
    • Credit to Google Chrome Security Team.
    • WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in HT6367.
  • CVE-2014-1388
    • Versions affected: WebKitGTK+ 2.4.X before 2.4.8.
    • Credit to Apple.
    • WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in HT6367.
  • CVE-2014-1389
    • Versions affected: WebKitGTK+ 2.4.X before 2.4.8.
    • Credit to Apple.
    • WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in HT6367.
  • CVE-2014-1390
    • Versions affected: WebKitGTK+ 2.4.X before 2.4.8.
    • Credit to Apple.
    • WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in HT6367.

For the 2.4 series, these problems have been fixed in release 2.4.8.

Further information about WebKitGTK+ Security Advisories can be found at: http://webkitgtk.org/security.html