{"id":"MGASA-2020-0092","summary":"Updated webkit2 packages fix security vulnerability","details":"webkit2 packages have been updated to 2.26.4 and fixed the followin\nsecurity vulnerabilities:\n\nA malicious website may be able to cause a denial of service\n(CVE-2020-3862).\n\nA DOM object context may not have had a unique security origin\n(CVE-2020-3864).\n\nA top-level DOM object context may have incorrectly been considered\nsecure (CVE-2020-3865).\n\nProcessing maliciously crafted web content may lead to universal cross\nsite scripting (CVE-2020-3867).\n\nProcessing maliciously crafted web content may lead to arbitrary code\n execution (CVE-2020-3868).\n","modified":"2026-04-16T01:48:20.808325578Z","published":"2020-02-18T14:05:53Z","upstream":["CVE-2020-3862","CVE-2020-3864","CVE-2020-3865","CVE-2020-3867","CVE-2020-3868"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2020-0092.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=26197"},{"type":"WEB","url":"https://webkitgtk.org/2020/02/14/webkitgtk2.26.4-released.html"},{"type":"WEB","url":"https://webkitgtk.org/security/WSA-2020-0002.html"},{"type":"WEB","url":"https://www.openwall.com/lists/oss-security/2020/02/14/6"}],"affected":[{"package":{"name":"webkit2","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/webkit2?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.26.4-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2020-0092.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}