In GNOME Shell through 45.7, a portal helper can be launched automatically (without user confirmation) based on network responses provided by an adversary (e.g., an adversary who controls the local Wi-Fi network), and subsequently loads untrusted JavaScript code, which may lead to resource consumption or other impacts depending on the JavaScript code’s behavior.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | gnome-shell | <= 43.9-0+deb12u2 | gnome-shell_43.9-0+deb12u2_all.deb |
Debian | 11 | all | gnome-shell | <= 3.38.6-1~deb11u2 | gnome-shell_3.38.6-1~deb11u2_all.deb |
Debian | 999 | all | gnome-shell | <= 46.4-1 | gnome-shell_46.4-1_all.deb |
Debian | 13 | all | gnome-shell | <= 46.4-1 | gnome-shell_46.4-1_all.deb |