CVE-2021-30884
published 2021-08-24CVE-2021-30884: The issue was resolved with additional restrictions on CSS compositing. This issue is fixed in tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Visiting a maliciously…
PriorityP421medium4.7CVSS 3.1
AVNACLPRNUIRSCCLINAN
EPSS
1.11%
62.0th percentile
The issue was resolved with additional restrictions on CSS compositing. This issue is fixed in tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Visiting a maliciously crafted website may reveal a user's browsing history.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ios_15_and_ipados | — | — |
| apple | ios_and_ipados | >= unspecified < 15 | 15 |
| apple | ipados | < 15.0 | 15.0 |
| apple | iphone_os | < 15.0 | 15.0 |
| apple | macos | < 12.0.1 | 12.0.1 |
| apple | macos_monterey | — | — |
| apple | tvos | < 15.0 | 15.0 |
| apple | tvos | — | — |
| apple | tvos | >= unspecified < 15 | 15 |
| apple | watchos | < 8.0 | 8.0 |
| apple | watchos | >= unspecified < 8 | 8 |
| apple | watchos_8 | — | — |
| debian | webkit2gtk | < webkit2gtk 2.34.1-1 (bookworm) | webkit2gtk 2.34.1-1 (bookworm) |
| debian | wpewebkit | < webkit2gtk 2.34.1-1 (bookworm) | webkit2gtk 2.34.1-1 (bookworm) |
CVSS provenance
nvdv3.14.7MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
osv4.7MEDIUM
vendor_debian4.7MEDIUM
vendor_redhat4.7MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
webkitgtk: CSS compositing issue leading to revealing of the browsing history
vendor_redhat·2021-12-20·CVSS 4.7
CVE-2021-30884 [MEDIUM] CWE-200 webkitgtk: CSS compositing issue leading to revealing of the browsing history
webkitgtk: CSS compositing issue leading to revealing of the browsing history
The issue was resolved with additional restrictions on CSS compositing. This issue is fixed in tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Visiting a maliciously crafted website may reveal a user's browsing history.
A flaw was found in the way WebKitGTK performed CSS compositing. A malicious web site could possibly use this flaw to reveal user's browsing history.
Package: webkitgtk (Red Hat Enterprise Linux 6) - Out of support scope
Package: webkitgtk3 (Red Hat Enterprise Linux 7) - Out of support scope
Package: webkit2gtk3 (Red Hat Enterprise Linux 9) - Not affected
Apple
CVE-2021-30884: macOS Monterey 12.0.1
vendor_apple·2021-10-25·CVSS 4.7
CVE-2021-30884 [MEDIUM] CVE-2021-30884: macOS Monterey 12.0.1
Apple Security Update: About the security content of macOS Monterey 12.0.1
Product: macOS Monterey
Version: 12.0.1
CVE: CVE-2021-30884
Component: WebKit
Impact: Visiting a maliciously crafted website may reveal a user's browsing history
Description: The issue was resolved with additional restrictions on CSS compositing.
Apple
CVE-2021-30884: tvOS 15
vendor_apple·2021-09-20·CVSS 4.7
CVE-2021-30884 [MEDIUM] CVE-2021-30884: tvOS 15
Apple Security Update: About the security content of tvOS 15
Product: tvOS
Version: 15
CVE: CVE-2021-30884
Component: WebKit
Impact: Visiting a maliciously crafted website may reveal a user's browsing history
Description: The issue was resolved with additional restrictions on CSS compositing.
Apple
CVE-2021-30884: iOS 15 and iPadOS 15
vendor_apple·2021-09-20·CVSS 4.7
CVE-2021-30884 [MEDIUM] CVE-2021-30884: iOS 15 and iPadOS 15
Apple Security Update: About the security content of iOS 15 and iPadOS 15
Product: iOS 15 and iPadOS
Version: 15
CVE: CVE-2021-30884
Component: WebKit
Impact: Visiting a maliciously crafted website may reveal a user's browsing history
Description: The issue was resolved with additional restrictions on CSS compositing.
Apple
CVE-2021-30884: watchOS 8
vendor_apple·2021-09-20·CVSS 4.7
CVE-2021-30884 [MEDIUM] CVE-2021-30884: watchOS 8
Apple Security Update: About the security content of watchOS 8
Product: watchOS 8
CVE: CVE-2021-30884
Component: WebKit
Impact: Visiting a maliciously crafted website may reveal a user's browsing history
Description: The issue was resolved with additional restrictions on CSS compositing.
Debian
CVE-2021-30884: webkit2gtk - The issue was resolved with additional restrictions on CSS compositing. This iss...
vendor_debian·2021·CVSS 4.7
CVE-2021-30884 [MEDIUM] CVE-2021-30884: webkit2gtk - The issue was resolved with additional restrictions on CSS compositing. This iss...
The issue was resolved with additional restrictions on CSS compositing. This issue is fixed in tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Visiting a maliciously crafted website may reveal a user's browsing history.
Scope: local
bookworm: resolved (fixed in 2.34.1-1)
bullseye: resolved (fixed in 2.34.1-1~deb11u1)
forky: resolved (fixed in 2.34.1-1)
sid: resolved (fixed in 2.34.1-1)
trixie: resolved (fixed in 2.34.1-1)
OSV
CVE-2021-30884: The issue was resolved with additional restrictions on CSS compositing
osv·2021-08-24·CVSS 4.7
CVE-2021-30884 [MEDIUM] CVE-2021-30884: The issue was resolved with additional restrictions on CSS compositing
The issue was resolved with additional restrictions on CSS compositing. This issue is fixed in tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Visiting a maliciously crafted website may reveal a user's browsing history.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.openwall.com/lists/oss-security/2021/12/20/6https://support.apple.com/en-us/HT212814https://support.apple.com/en-us/HT212815https://support.apple.com/en-us/HT212819https://support.apple.com/kb/HT212869http://www.openwall.com/lists/oss-security/2021/12/20/6https://support.apple.com/en-us/HT212814https://support.apple.com/en-us/HT212815https://support.apple.com/en-us/HT212819https://support.apple.com/kb/HT212869
2021-08-24
Published