Qt WebKit Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA37396
VERIFY ADVISORY: http://secunia.com/advisories/37396/
DESCRIPTION: Some vulnerabilities have been reported in Qt, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, or compromise a user’s system.
1) Various errors within the browser and JavaScript engine can potentially exploited to e.g. execute arbitrary code by e.g. tricking a user into opening specially crafted websites in an application using the library.
For more information: SA35379 SA35056 SA35758
2) Some errors within the processing of XSL stylesheets can be exploited to e.g. read files from other security zones, including the user’s system.
For more information: SA35379
SOLUTION: Update to version 4.5.3.
ORIGINAL ADVISORY: http://trac.webkit.org/changeset/41854 http://trac.webkit.org/changeset/43590 http://trac.webkit.org/changeset/43595 http://trac.webkit.org/changeset/42532 http://trac.webkit.org/changeset/36918 http://trac.webkit.org/changeset/34533 http://trac.webkit.org/changeset/41568 http://trac.webkit.org/changeset/44799 http://trac.webkit.org/changeset/42081 http://trac.webkit.org/changeset/34534
OTHER REFERENCES: SA35056: http://secunia.com/advisories/35056/
SA35379: http://secunia.com/advisories/35379/
SA35758: http://secunia.com/advisories/35758/
———————————————————————-