In GNOME Shell through 45.7, a portal helper can be launched automatically (without user confirmation) based on network responses provided by an adversary (e.g., an adversary who controls the local Wi-Fi network), and subsequently loads untrusted JavaScript code, which may lead to resource consumption or other impacts depending on the JavaScript code’s behavior. (CVE-2024-36472)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 9 | noarch | gnome-shell | < 44.2-1.2 | gnome-shell-44.2-1.2.mga9 |