CVE-2020-3867

Published: 2/27/2020 Last updated: 8/4/2024 Reserved: 12/18/2019

A logic issue was addressed with improved state management. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to universal cross site scripting.

CNA assigner: apple (286789f9-fbc2-4510-9f9a-43facdede74c) Requested by: n/a

Opam packages affected (1)

javascriptcore

Products affected (6)

Product	Vendor	Version
iOS	Apple	< 786
tvOS	Apple	< 069a3ec329ff43e7869a3d94c62cd03203016bce
Safari	Apple	<= 2.7.9
iTunes for Windows	Apple	< 4b7b492615cf3017190f55444f7016812b66611d
iCloud for Windows	Apple	< unspecified
iCloud for Windows (Legacy)	Apple	<= 6.1.*

References (8)

https://support.apple.com/HT210947
https://support.apple.com/HT210948
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00004.html
https://security.gentoo.org/glsa/202003-22
https://support.apple.com/HT210947
https://support.apple.com/HT210948
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00004.html
https://security.gentoo.org/glsa/202003-22