CVE-2020-3867

Published: 2/27/2020 Last updated: 8/4/2024 Reserved: 12/18/2019

A logic issue was addressed with improved state management. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to universal cross site scripting.

CNA assigner: apple (286789f9-fbc2-4510-9f9a-43facdede74c) Requested by: n/a

Opam packages affected (1)

javascriptcore

Products affected (6)

Product	Vendor	Version
iOS	Apple	< 0df7f4b5cc10f5adf98be0845372e9eef7bb5b09
tvOS	Apple	< 4.20
Safari	Apple	< 5.1
iTunes for Windows	Apple	< 29a8d4e02fd4840028c38ceb1536cc8f82a257d4
iCloud for Windows	Apple	< 67995d4244694928ce701928e530b5b4adeb17b4
iCloud for Windows (Legacy)	Apple	<= 5.4.*

References (16)

https://support.apple.com/HT210947
https://support.apple.com/HT210948
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00004.html
https://security.gentoo.org/glsa/202003-22
https://support.apple.com/HT210947
https://support.apple.com/HT210948
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00004.html
https://security.gentoo.org/glsa/202003-22
https://support.apple.com/HT210947
https://support.apple.com/HT210948
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00004.html
https://security.gentoo.org/glsa/202003-22
https://support.apple.com/HT210947
https://support.apple.com/HT210948
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00004.html
https://security.gentoo.org/glsa/202003-22