The following vulnerabilities have been discovered in the WebKitGTK
web engine:
CVE-2023-42916
Clement Lecigne discovered that processing web content may
disclose sensitive information. Apple is aware of a report that
this issue may have been actively exploited.
CVE-2023-42917
Clement Lecigne discovered that processing web content may lead to
arbitrary code execution. Apple is aware of a report that this
issue may have been actively exploited.
Reginaldo Silva discovered two security vulnerabilities in LibreOffice,
which could result in the execution of arbitrary scripts or Gstreamer
plugins when opening a malformed file.
Update to 120.0.6099.62, upstream release fixes follow security issues:
High CVE-2023-6508: Use after free in Media Stream
High CVE-2023-6509: Use after free in Side Panel Search
Medium CVE-2023-6510: Use after free in Media Capture
Low CVE-2023-6511: Inappropriate implementation in Autofill
Low CVE-2023-6512: Inappropriate implementation in Web Browser UI
update to 119.0.6045.199, upstream security release
High CVE-2023-6348: Type Confusion in Spellcheck
High CVE-2023-6347: Use after free in Mojo
High CVE-2023-6346: Use after free in WebAudio
High CVE-2023-6350: Out of bounds memory access in libavif
High CVE-2023-6351: Use after free in libavif
High CVE-2023-6345: Integer overflow in Skia
Update to 120.0.6099.62, upstream release fixes follow security issues:
High CVE-2023-6508: Use after free in Media Stream
High CVE-2023-6509: Use after free in Side Panel Search
Medium CVE-2023-6510: Use after free in Media Capture
Low CVE-2023-6511: Inappropriate implementation in Autofill
Low CVE-2023-6512: Inappropriate implementation in Web Browser UI
update to 119.0.6045.199, upstream security release
High CVE-2023-6348: Type Confusion in Spellcheck
High CVE-2023-6347: Use after free in Mojo
High CVE-2023-6346: Use after free in WebAudio
High CVE-2023-6350: Out of bounds memory access in libavif
High CVE-2023-6351: Use after free in libavif
High CVE-2023-6345: Integer overflow in Skia
Update to 120.0.6099.62, upstream release fixes follow security issues:
High CVE-2023-6508: Use after free in Media Stream
High CVE-2023-6509: Use after free in Side Panel Search
Medium CVE-2023-6510: Use after free in Media Capture
Low CVE-2023-6511: Inappropriate implementation in Autofill
Low CVE-2023-6512: Inappropriate implementation in Web Browser UI
update to 119.0.6045.199, upstream security release
High CVE-2023-6348: Type Confusion in Spellcheck
High CVE-2023-6347: Use after free in Mojo
High CVE-2023-6346: Use after free in WebAudio
High CVE-2023-6350: Out of bounds memory access in libavif
High CVE-2023-6351: Use after free in libavif
High CVE-2023-6345: Integer overflow in Skia
