CVE-2021-30744

Descripción: Se abordó un problema de origen cruzado con elementos iframe con un seguimiento de los orígenes de seguridad mejorados. Este problema se corrigió en tvOS versión 14.6, iOS versión 14.6 e iPadOS versión 14.6, Safari versión 14.1.1, macOS Big Sur versión 11.4, watchOS versión 7.5. El procesamiento de contenido web maliciosamente diseñado puede conllevar un cross site scripting universal

An update that fixes 13 vulnerabilities is now available. This update for webkit2gtk3 fixes the following issues. Fixed a use-after-free vulnerability in the way certain events are processed for ImageLoader objects. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability. Fixed a use-after-free vulnerability in the way that WebKit GraphicsContext handles certain events. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability. An integer overflow was addressed with improved input validation. A memory corruption issue was addressed with improved state management. A logic issue was addressed with improved state management. A logic issue was addressed with improved restrictions. Multiple memory corruption issues were addressed with improved memory handling. A cross-origin issue with iframe elements was addressed with improved tracking of security origins. Multiple memory corruption issues were addressed with improved memory handling. A type confusion issue was addressed with improved state handling. A use after free issue was addressed with improved memory management. This issue was addressed with improved checks. Multiple memory corruption issues were addressed with improved memory handling. This update was imported from the SUSE:SLE-15-SP2:Update update project.