In GNOME Shell through 45.7, a portal helper can be launched automatically
(without user confirmation) based on network responses provided by an
adversary (e.g., an adversary who controls the local Wi-Fi network), and
subsequently loads untrusted JavaScript code, which may lead to resource
consumption or other impacts depending on the JavaScript code’s behavior.
Author | Note |
---|---|
mdeslaur | as of 2024-07-05, the upstream fix for this issue has not been merged |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | gnome-shell | < any | UNKNOWN |
ubuntu | 20.04 | noarch | gnome-shell | < any | UNKNOWN |
ubuntu | 22.04 | noarch | gnome-shell | < any | UNKNOWN |
ubuntu | 24.04 | noarch | gnome-shell | < any | UNKNOWN |
ubuntu | 16.04 | noarch | gnome-shell | < any | UNKNOWN |