CVE-2019-11070
Description
WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in deanonymization. This issue was corrected by changing the way livestreams are downloaded.
Risk Information
Base Score
5.3
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
EPSS Score
Exploitation Probability
1.978
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Web content engine library for GTK+ (USN-3889-1) libwebkit2gtk-4.0-37_2.24.1-0ubuntu0.18.04.1_i386.deb | Linux |
| Web content engine library for GTK+ (USN-3889-1) libwebkit2gtk-4.0-37_2.24.1-0ubuntu0.18.04.1_amd64.deb | Linux |
| Web content engine library for GTK+ (USN-3889-1) libwebkit2gtk-4.0-37_2.24.1-0ubuntu0.18.10.2_i386.deb | Linux |
| Web content engine library for GTK+ (USN-3889-1) libwebkit2gtk-4.0-37_2.24.1-0ubuntu0.18.10.2_amd64.deb | Linux |
| Web content engine library for GTK+ (USN-3889-1) libjavascriptcoregtk-4.0-18_2.24.1-0ubuntu0.18.04.1_i386.deb | Linux |
| Web content engine library for GTK+ (USN-3889-1) libjavascriptcoregtk-4.0-18_2.24.1-0ubuntu0.18.04.1_amd64.deb | Linux |
| Web content engine library for GTK+ (USN-3889-1) libjavascriptcoregtk-4.0-18_2.24.1-0ubuntu0.18.10.2_i386.deb | Linux |
| Web content engine library for GTK+ (USN-3889-1) libjavascriptcoregtk-4.0-18_2.24.1-0ubuntu0.18.10.2_amd64.deb | Linux |
| Web content engine library for GTK+ (USN-3948-1) libwebkit2gtk-4.0-37_2.24.1-0ubuntu0.18.04.1_i386.deb | Linux |
| Web content engine library for GTK+ (USN-3948-1) libwebkit2gtk-4.0-37_2.24.1-0ubuntu0.18.04.1_amd64.deb | Linux |
| Web content engine library for GTK+ (USN-3948-1) libwebkit2gtk-4.0-37_2.24.1-0ubuntu0.18.10.2_i386.deb | Linux |
| Web content engine library for GTK+ (USN-3948-1) libwebkit2gtk-4.0-37_2.24.1-0ubuntu0.18.10.2_amd64.deb | Linux |
| Web content engine library for GTK+ (USN-3948-1) libjavascriptcoregtk-4.0-18_2.24.1-0ubuntu0.18.04.1_i386.deb | Linux |
| Web content engine library for GTK+ (USN-3948-1) libjavascriptcoregtk-4.0-18_2.24.1-0ubuntu0.18.04.1_amd64.deb | Linux |
| Web content engine library for GTK+ (USN-3948-1) libjavascriptcoregtk-4.0-18_2.24.1-0ubuntu0.18.10.2_i386.deb | Linux |
| Web content engine library for GTK+ (USN-3948-1) libjavascriptcoregtk-4.0-18_2.24.1-0ubuntu0.18.10.2_amd64.deb | Linux |
| SUSE-SU-2019:1155-1(SUSE Linux Enterprise Desktop 12-SP3 ) libjavascriptcoregtk-4_0-18-2.24.1-2.41.5.x86_64.rpm | Linux |
| SUSE-SU-2019:1155-1(SUSE Linux Enterprise Desktop 12-SP3 ) libjavascriptcoregtk-4_0-18-debuginfo-2.24.1-2.41.5.x86_64.rpm | Linux |
| SUSE-SU-2019:1155-1(SUSE Linux Enterprise Desktop 12-SP3 ) libwebkit2gtk-4_0-37-2.24.1-2.41.5.x86_64.rpm | Linux |
| SUSE-SU-2019:1155-1(SUSE Linux Enterprise Desktop 12-SP3 ) libwebkit2gtk-4_0-37-debuginfo-2.24.1-2.41.5.x86_64.rpm | Linux |
| SUSE-SU-2019:1155-1(SUSE Linux Enterprise Desktop 12-SP3 ) libwebkit2gtk3-lang-2.24.1-2.41.5.noarch.rpm | Linux |
| SUSE-SU-2019:1155-1(SUSE Linux Enterprise Desktop 12-SP3 ) typelib-1_0-JavaScriptCore-4_0-2.24.1-2.41.5.x86_64.rpm | Linux |
| SUSE-SU-2019:1155-1(SUSE Linux Enterprise Desktop 12-SP3 ) typelib-1_0-WebKit2-4_0-2.24.1-2.41.5.x86_64.rpm | Linux |
| SUSE-SU-2019:1155-1(SUSE Linux Enterprise Desktop 12-SP3 ) webkit2gtk-4_0-injected-bundles-2.24.1-2.41.5.x86_64.rpm | Linux |
| SUSE-SU-2019:1155-1(SUSE Linux Enterprise Desktop 12-SP3 ) webkit2gtk-4_0-injected-bundles-debuginfo-2.24.1-2.41.5.x86_64.rpm | Linux |
| SUSE-SU-2019:1155-1(SUSE Linux Enterprise Desktop 12-SP3 ) webkit2gtk3-debugsource-2.24.1-2.41.5.x86_64.rpm | Linux |
| (RHSA-2020:4035) webkitgtk4 security, bug fix, and enhancement update webkitgtk4-2.28.2-2.el7.i686.rpm | Linux |
| (RHSA-2020:4035) webkitgtk4 security, bug fix, and enhancement update webkitgtk4-2.28.2-2.el7.x86_64.rpm | Linux |
| (RHSA-2020:4035) webkitgtk4 security, bug fix, and enhancement update webkitgtk4-devel-2.28.2-2.el7.i686.rpm | Linux |
| (RHSA-2020:4035) webkitgtk4 security, bug fix, and enhancement update webkitgtk4-devel-2.28.2-2.el7.x86_64.rpm | Linux |
| (RHSA-2020:4035) webkitgtk4 security, bug fix, and enhancement update webkitgtk4-doc-2.28.2-2.el7.noarch.rpm | Linux |
| (RHSA-2020:4035) webkitgtk4 security, bug fix, and enhancement update webkitgtk4-jsc-2.28.2-2.el7.i686.rpm | Linux |
| (RHSA-2020:4035) webkitgtk4 security, bug fix, and enhancement update webkitgtk4-jsc-2.28.2-2.el7.x86_64.rpm | Linux |
| (RHSA-2020:4035) webkitgtk4 security, bug fix, and enhancement update webkitgtk4-jsc-devel-2.28.2-2.el7.i686.rpm | Linux |
| (RHSA-2020:4035) webkitgtk4 security, bug fix, and enhancement update webkitgtk4-jsc-devel-2.28.2-2.el7.x86_64.rpm | Linux |
| (CESA-2020:4035) webkitgtk4 security, bug fix, and enhancement update webkitgtk4-2.28.2-2.el7.i686.rpm | Linux |
| (CESA-2020:4035) webkitgtk4 security, bug fix, and enhancement update webkitgtk4-devel-2.28.2-2.el7.i686.rpm | Linux |
| (CESA-2020:4035) webkitgtk4 security, bug fix, and enhancement update webkitgtk4-jsc-2.28.2-2.el7.i686.rpm | Linux |
| (CESA-2020:4035) webkitgtk4 security, bug fix, and enhancement update webkitgtk4-jsc-devel-2.28.2-2.el7.i686.rpm | Linux |
| (CESA-2020:4035) webkitgtk4 security, bug fix, and enhancement update webkitgtk4-2.28.2-2.el7.x86_64.rpm | Linux |
| (CESA-2020:4035) webkitgtk4 security, bug fix, and enhancement update webkitgtk4-devel-2.28.2-2.el7.x86_64.rpm | Linux |
| (CESA-2020:4035) webkitgtk4 security, bug fix, and enhancement update webkitgtk4-doc-2.28.2-2.el7.noarch.rpm | Linux |
| (CESA-2020:4035) webkitgtk4 security, bug fix, and enhancement update webkitgtk4-jsc-2.28.2-2.el7.x86_64.rpm | Linux |
| (CESA-2020:4035) webkitgtk4 security, bug fix, and enhancement update webkitgtk4-jsc-devel-2.28.2-2.el7.x86_64.rpm | Linux |
| GNOME security, bug fix, and enhancement update (RLSA-2019:3553) pidgin-2.13.0-5.el8.x86_64.rpm | Linux |
| GNOME security, bug fix, and enhancement update (RLSA-2019:3553) libpurple-2.13.0-5.el8.i686.rpm | Linux |
| GNOME security, bug fix, and enhancement update (RLSA-2019:3553) libpurple-2.13.0-5.el8.x86_64.rpm | Linux |
| GNOME security, bug fix, and enhancement update (RLSA-2019:3553) gdk-pixbuf2-2.36.12-5.el8.i686.rpm | Linux |
| GNOME security, bug fix, and enhancement update (RLSA-2019:3553) gdk-pixbuf2-2.36.12-5.el8.x86_64.rpm | Linux |
| GNOME security, bug fix, and enhancement update (RLSA-2019:3553) gnome-desktop3-3.32.2-1.el8.i686.rpm | Linux |
| GNOME security, bug fix, and enhancement update (RLSA-2019:3553) gnome-desktop3-3.32.2-1.el8.x86_64.rpm | Linux |
| GNOME security, bug fix, and enhancement update (RLSA-2019:3553) gdk-pixbuf2-devel-2.36.12-5.el8.i686.rpm | Linux |
| GNOME security, bug fix, and enhancement update (RLSA-2019:3553) gdk-pixbuf2-devel-2.36.12-5.el8.x86_64.rpm | Linux |
| GNOME security, bug fix, and enhancement update (RLSA-2019:3553) gdk-pixbuf2-modules-2.36.12-5.el8.i686.rpm | Linux |
| GNOME security, bug fix, and enhancement update (RLSA-2019:3553) gdk-pixbuf2-modules-2.36.12-5.el8.x86_64.rpm | Linux |
| GNOME security, bug fix, and enhancement update (RLSA-2019:3553) gnome-desktop3-devel-3.32.2-1.el8.i686.rpm | Linux |
| GNOME security, bug fix, and enhancement update (RLSA-2019:3553) gnome-desktop3-devel-3.32.2-1.el8.x86_64.rpm | Linux |
| Low: GNOME security, bug fix, and enhancement update pidgin-2.13.0-5.el8.x86_64.rpm | Linux |
| Low: GNOME security, bug fix, and enhancement update libpurple-2.13.0-5.el8.i686.rpm | Linux |
| Low: GNOME security, bug fix, and enhancement update libpurple-2.13.0-5.el8.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234